Should I Have a Security Travel Policy to Protect Devices and Sensitive Data?
Question: Should I have a security travel policy to protect devices and sensitive data, particularly when our staff are crossing international borders?
Kurtis Minder, CEO of GroupSense: Absolutely, unless you don’t mind constantly losing those devices. According to a Ponemon Institute and Dell study, 12,000 laptops are lost each year in airports alone. Laptops, mobile phones, and other devices are also frequently left in cabs, bars, ballparks — you name it. And the passwords people use on their laptops are easily cracked because most people use the same passwords across multiple accounts, so some simple credential stuffing will give bad people access to your system. We saw this happen when Disney+ launched, and the same approach can be used to gain access to your laptop and all of the systems and accounts on it.
What should a travel policy include? First of all, rigid requirements around disk encryption, VPN use, and secure communications (encrypted messaging, calling, etc.) should be standard for international travel. Further, for some countries, policy may dictate that corporate devices or devices containing corporate or client information cannot be taken. In this case, the company may offer “burner” devices specially configured for the team member and the trip mission.
Related Content:
- 5 Things to Know About Cyber Insurance
- VPNs’ Future: Less Reliant on Users, More Transparent, And Smarter
- Mega Breaches Are Forcing Us to a Passwordless World. Are We Finally Ready?
- 6 Ways Airlines and Hotels Can Keep Their Networks Secure
The Edge is Dark Reading’s home for features, threat data and in-depth perspectives on cybersecurity. View Full Bio