Over four-fifths, (86%) of business travellers say their organisation asks them to take cyber security measures during work travel, according to a new Opinium survey of 500 business travellers commissioned by World Travel Protection, a leading global travel assistance organisation.
Cyber security is a growing problem. In the first six months of this year, there were 2.8 billion malware attacks worldwide causing devastating knock-on effects for companies. Global transport and logistics giant, Maersk, for instance, faced $300 million in losses due to a cyber-attack that crippled its supply chains worldwide in 2017.
However few business travellers take measures to reduce the threat of cyber security breaches, according to the survey. Less than a quarter (24%) have anti-virus software on their devices, only a fifth (22%) use a VPN (virtual private network) on any mobile devices and a fifth (21%) ensure two-factor authentication is set up. Less than a fifth (18%) have been asked not to post on social media that they are away and less than one in five (17%) have received training on improving cyber security, such as not using unsecured Wi-Fi hotspots or Bluetooth.
Whilst away on business travel only 17% travel with a laptop stripped of all but essential files; 16% use a different mobile phone, such as one used for a limited period and then discarded; 16% keep location sharing on so the organisation can trace them in an emergency; 16% use biometric security features such a facial recognition or fingerprints; and 16% ensure the screen lock is on and not to overextend the count down time before the device auto-locks.
Kate Fitzpatrick, Regional Security Director, UK, World Travel Protection said: “Business travellers are an easy target for cyber criminals to harvest an organisation’s data. Laptops and mobile devices used in public places represent a soft underbelly for criminals to exploit. Even simple steps like using a laptop screen protector so prying eyes can’t view sensitive data is effective.
“Then when travelling into known hostile cyber environments, where the state actor is a source of cyber threat, take a device with just the information you need. In these known threat environments, it’s usually a requirement to download a state-required app to monitor the device, functions and travellers’ location, so remember, don’t carry data you don’t need, including sensitive contact or proprietary information. Weigh up the effects if your information were stolen by a foreign actor, especially for persons or operations that would be at risk for doing business with you or for you.
“Organisations can pre-program a device for travel, and once the traveller returns, it’s wiped and reset for use on the next trip. If you do need to carry your everyday business device, then at a minimum, ensure that passwords are changed once home.
“A cyber-attack can potentially crush a business long term, particularly if a data breach is involved and customers’ details are leaked or at threat of being leaked. Prioritising cyber secure measures to focus on risk mitigation should be uppermost in all organisations’ travel policies, particularly with insurers increasing premiums for cyber coverage as well as introducing more stringent warranties and conditions,” said Kate Fitzpatrick.