A survey conducted by cybersecurity firm Kaspersky Lab has shown that travellers are more likely to be robbed of their private and corporate data than their currency while travelling abroad, and that pressures to work while abroad add to the likelihood of corporate and private data exposure.
The survey found that 15% of South African travellers have been the target of cybercrime while abroad, rising to 20% in the case of senior managers. This is significantly higher than travellers who reported being robbed of their money while travelling abroad on business.
Further, 54% of travellers and 62% of senior executives make no change to their communications behaviour while travelling, despite being outside the security perimeter of their corporate network environments.
This indiscriminate behaviour while online, particularly among senior executives, is playing into the hands of cybercriminals. A total of 47% of South African senior executives and managers say they try to log on as quickly as possible upon arrival abroad because there is an expectation at work that they will remain connected. By the time business travellers reach the arrivals terminal, one in six globally is using his or her work device to get online, says Kaspersky Lab Endpoint Product Management head Konstantin Voronkov.
About 42% of local senior managers and about 38% of midlevel managers use unsecured public-access WiFi networks to connect their work devices when abroad, with 54% and 47% respectively using WiFi to transmit work emails with sensitive or confidential attachments.
“One reason why business travellers are doing so, the report finds, is that there is a widely held assumption their work devices are inherently more secure than their private communications tools, regardless of their connectivity. Locally, 47% of these travellers expect their employers to have set strong security measures, which is most pronounced among business leaders (51%) and midlevel executives (45%),” he notes.
Further, 49% think that, if employers send staff overseas, they must accept any subsequent security risks. Consequently, a large proportion of business travellers, and particularly business leaders, are not helping to secure communications by continuing with their indiscriminate online behaviour when abroad.
“The report shows that cybercrime is a real hazard while travelling, and employees are exposing confidential business information. Business travel behaviour presents a significant corporate data protection challenge and corporate-information security specialists must respond with appropriate security solutions.”
Kaspersky Lab recommends explaining the threat to employees, as awareness is the first step to protection and implementing additional countermeasures for unsafe networks, such as using virtual private networks to access corporate networks and using email encryption.
Additionally, multilayered endpoint protection should be implemented, including antimalware, exploit prevention, host-based intrusion protection and firewalls, and Uniform Resource Locator filtering technologies, as well as keeping software and system patches up to date, advises Voronkov.
“When you are out of your corporate network perimeter, the most efficient, and often the only, protection applicable is that your laptop or mobile device has good endpoint protection,” he concludes.