Cybersecurity Support for an International Traveler

Traveling internationally can pose significant risks to the organization’s data accessed through or stored on employee devices. A main risks is the potential loss or theft of the device. Other risk is with agents who monitor networks and capture traffic for competitive or malicious purposes.

International travelers should limit the amount of sensitive information stored on or accessible to any mobile device during the trip and avoid contact with the organization’s network in general, specifically when traveling to high-risk countries.

The risk analysis process you take is important when evaluating the recommendations below. Individuals traveling to high-risk countries vs. low-risk countries will require different implementations of each recommendation.

As an IT Leader, what steps should you take when you are notified an employee will be traveling internationally?

IT Precautions to take Before Travel

Limit access to IT systems

If the employee is traveling for personal reasons, advise them not to take any association assets on their trip and to disconnect personal devices from company assets before leaving the country.  Leave the work laptop at home. Have them disconnect their association calendar and email from their mobile device before the trip and reconnect upon their return.  This has the dual benefit of avoiding risk and letting them enjoy vacation without the constant reminder of work.  

There are additional measures we recommended when an employee is traveling for business and needs to be connected to company assets while traveling. In this case, schedule a helpdesk an appointment with the traveler to help them prepare their assets.  Use this opportunity to review what the employee can do to stay cyber-safe while traveling.

Issue a company phone and laptop that can be wiped clean when they return or buy an inexpensive burner phone to use for the trip. A good practice is to have a spare laptop available for this purpose. Another option is to rent a laptop for employee use while traveling.  This laptop should not be connected to the domain and should only contain the essential applications that must be accessed while on travel. 

Limit direct access to the organization’s systems and information to eliminate the risk of compromising credentials. This precaution will also reduce the amount of data that is retrievable if the employee’s devices are lost, stolen, or compromised. 

Enable multifactor authentication (MFA) wherever it is available, especially on applications that contain sensitive data. MFA is a security method in which a user is granted access after successfully presenting two or more pieces of evidence to authenticate or login to a system or application. MFA is a very effective method for protecting accounts from malicious agents by making it impossible for them to use your accounts even if the password is stolen.  Before they leave, confirm that your MFA method will work at their destination. Text message MFA may not be reliable in places with spotty cell service.

At their vacation prep appointment, the Helpdesk can also prep the devices for travel:

• Ensure devices are backed up completely to multiple safe locations.
• Encrypt all data on traveling devices.
• Update antivirus and firewall software on devices to prevent cyberattacks.
• Ensure the operating system is patched and up to date.

Securing Your Data While Traveling

Alert the employee to avoid using unknown USB drives, CDs, DVDs, or other media storage with their devices. These can harbor malicious software.

Have the employee use strong, temporary passwords during their trip and change them when they return. Use different passwords for each of their accounts.

Consider instructing employees to travel without sensitive data. Border agents in some countries have been known to seize devices and duplicate the data on them.

Power off devices while going through customs or other inspection points.

Recommend travelers access the data they need while on travel from a trusted company issued external storage service (e.g., SharePoint, OneDrive) or an external network drive.

Assume you are being monitored 

No device can be protected against all possible forms of system and information compromise, especially when traveling to high-risk countries. Assume that any device taken to a high-risk country will be monitored and compromised in potentially undetectable ways. The only truly secure option is to refrain from using digital devices when traveling. 

Remind travelers that malicious agents are interested in not only business data but personal informal and credentials they can use to access the organization’s systems and information resources. 

Use only secure connections

Advise the traveler to avoid using remote desktop or equivalent software to access organizational devices remotely from a high-risk country because these transmissions may also expose valuable information.

Instruct the traveler to avoid using publicly available wi-fi connections. Advise never to transmit sensitive data using unsecured networks unless take other steps to prevent digital snooping, and to always be skeptical of the security of an unfamiliar network or device. When using free computers or networks, they should assume any information they enter could be seen by someone else. If they are using shared or public computers, they must not use the “remember me” feature when logging into any account. And remind them to always log out of accounts when done. 

The employee should access data securely from their destination. This may be difficult to do if they are somewhere without reliable internet of if their location blocks VPNs. If there is no VPN available, avoid sending confidential data. They may want to set up a disposable email account to use during their trip. 

Lastly, it is important to disable Wi-Fi connections when any device is not being used to connect to the internet. 

Watch the device 

Protecting the physical security of devices is just as important as protecting it through digital measures. Electronic devices are popular targets for thieves, who can transfer data from your unattended devices to a secondary storage device and upload malicious software to be accessed later.

The traveler should pay close attention to devices and always keep them nearby. As well, instruct them to turn off autoconnect for Bluetooth and Wi-Fi connections.

Use a charging block rather than a USB port at device charging kiosks. Malicious agents can use charging cables to transfer data, leaving the traveler’s data vulnerable.

Devices should be powered off while going through customs or other inspection points, and electronic equipment should be kept in carry-on baggage to avoid potential in-flight loss or damage.

Using Bluetooth

Bluetooth is a technology that enables a short-range radio frequency connection between two devices and allows hands-free phone calls while driving. With Bluetooth, users have to allow another device to connect to their device before an exchange of data can take place. Once this connection is made, data can flow freely between the two devices with little or no user confirmation.  It’s best to not pair devices with rental cars, but if a traveler does, have them make sure they delete any stored data and remove their device from the rental car’s paired device list. 

Bluetooth networking should be disabled while traveling to prevent unwanted connection attempts. 

Cybersecurity Actions for After Travel

When a device is compromised during travel, attackers may install software on the device that could compromise other systems and data on the organization’s network when the traveler reconnects to the network upon return. IT must take measures to restore the device to its pristine state before reconnecting it to the organization’s network.  Book a Helpdesk appointment for the day of the traveler’s return. The agent can walk them through the following activities:

• Change any passwords they may have used during their travels from a trusted device. The likelihood that their account ID and password was captured during travel, especially in high-risk countries, will be high. Quickly changing a compromised password helps prevent future attacks on that account.
• Before reconnecting to the organization’s network, erase and wipe the hard drive and other components that store data and software for any device they used during their travels and reimage them with trusted software versions.
• Restore their devices with standard configuration with the pre-travel settings.
• Assist the traveler to help them reconnect personal devices to calendar, mail and other apps to their mobile device.

Ensuring that the traveler takes these precautions will help protect the association’s digital assets, data and devices.  However, the best protection remains---wherever possible, encourage the traveler to refrain from using their standard issue company provided digital devices when traveling.