Tips for how to protect sensitive data while travelling

Travellers are constantly connected to the internet and other digital platforms via Wi-Fi and Bluetooth through their variety of digital devices.

It is common to see professionals working on their laptops whilst travelling and hear them talking on their mobile phones blissfully unaware they are exposing their data, and their company’s/client’s data to risk of a security breach and a potentially harmful cyber crime.

We’ve put together a list of tips you can follow to ensure you stay ‘cyber safe’ and ensure data security when travelling.

Firstly, the best way of reducing your risk of cyber crime is to not do any work on any digital device whilst you are travelling. That’s no emails, no phone calls, no tidying up your presentation for your meeting (ensuring it’s ready the night before), simply sitting there and possibly reading a newspaper or a novel.

As this is highly unlikely given the digital age that we’re living in, here are our top tips to keep data safe while you’re travelling.

1. Discretion is key to data security

If you must work while you’re travelling, whether that is polishing off a presentation on your laptop or speaking to clients or work colleagues on your mobile phone, then you must show a high level of discretion.

Fellow travellers will look over your shoulder at the work you are doing on your laptop, out of curiosity if nothing else. They will also listen-in to any conversations you have. Talking about clients, your employer and/or colleagues in a public space can expose you to a potential data breach, especially if you mention financial details or details of a contract or project.

Working on your laptop can also expose you to a data breach in the form of a cyber crime.  Opportunists known as ‘shoulder surfers’ work the railways and other forms of transport for this specific reason, because commuters and other business travellers invariably let their guard down as they relax into their journey.

2. If you’re travelling for work, make sure you know what your company’s travel policy is

Many companies will supply their staff with an employee handbook which can include the use of personal devices and a travel risk management policy for its members of staff who travel as part of their role.

The risk management policy could include points such as what types of information can be transported via electronic devices/storage or as paper documents. The policy should also explain what the procedures are in the event that information is lost or stolen whilst on a business trip.

Many companies provide training for employees who travel so they know what’s expected of them, including how to protect data in transit.

If you are a freelancer or self-employed contractor who regularly travels for your work, then you will need to be extra vigilant, as the accidental loss of sensitive data, especially client data, can result in a negligence claim against you. Professional indemnity insurance will provide cover for you should you be unfortunate to experience this.

3. If you don’t need it, don’t bring it

A good rule of thumb is ‘if you don’t have it with you, then it can’t be stolen’.  If you know you are scheduled for a business trip, then you could remove any unnecessary data from your portable devices to your company’s cloud storage.

Doing this can help minimise the risk of a data breach, while leaving devices at home will minimise the risk losing your data plus your device.

4. Be aware of the exposure of Bring Your Own Device (BYOD)

In recent years, many companies have permitted employees to use their own devices in their workplace. While many employees have been using their own mobile phones and laptops for business communications whilst working from home.

As companies look to move into post-pandemic hybrid working and even full-time working from home, BOYD enables companies to save benefit by not purchasing hardware that will depreciate in value, and through employees working outside of typical working hours, thus potentially increasing productivity.

However, BYOD can mean cross-contamination of devices and networks which can lead to malware and viruses passing from one system to another as users plug devices and USB’s into different computers and networks. This can also lead to potential data breaches, such as a disgruntled employee removing data and potentially releasing it at a later date, which can result in hefty penalties and reputational damage.

5. Never leave your data unattended

On the train and need to go to the loo? Then take your technologies with you!

If you are travelling with colleagues, you could be excused for leaving your laptop with them, but it would still be pertinent to shut down to prevent a potential cyber breach.

If you’re travelling on your own, then it would be advisable to take your data carriers e.g.: laptop, phone, paper files with you as even a 5-minute rest stop can provide an opportunity for someone with light fingers. Likewise, if you are staying in a hotel for your business trip. Never leave your laptop unattended. If you go out, lock any devices in the safe.

6. Avoid open Wi-Fi hotspots

In the Wi-Fi age we can stay connected no matter where we are (within reason).

As a result, it has become a natural habit for mobile users to jump from one Wi-Fi hotspot to another and they move between cafes, restaurants, retail outlets, and workspaces.

But using the free Wi-Fi offered by many outlets leaves you exposed to being picked up by an uninvited party as you transmit data across the open airwaves.

If you are an employee and your company provides a VPN, then use it as it will be more secure.

You can also set up Two Factor Authentication (2FA) or encrypted logins that must be approved before you are allowed to connect to a new network. Either way it is best to avoid open Wi-Fi and look for a more secure option.

7. Beware of social engineering calls

When you’re travelling you can lose a bit of focus because you are concentrating on aspects of your journey.

Due to the rise in social engineering calls it’s important to remember not to give out any personal information such as your credit card (or company credit card) details over the phone.

Even if the call purports to come from the reception desk of the hotel you are staying in, typically they will already hold that information on file as part of your booking.

8. Pay by credit card whenever possible

If you are a victim of a financial cyber crime such as identity theft, while you’re away on business, then in most cases you will be reimbursed for your loss.

You will likely be asked for receipts and even expenses reports, so the safest route to ensure you minimise your losses is top pay via credit card as you are protected against fraudulent charges.

Credit cards also carry a limit, whereas if you were to pay using your debit card you could potentially be opening up your bank account to the fraudster who committed the crime. Resolving fraudulent payment issues with banks can take a lot longer to resolve than with the credit card providers.

9. Avoid public computers for accessing sensitive data

Public computers, such as those in hotels or libraries, can be useful for tourist information but they can also be highly vulnerable to spyware.

Accessing your bank account or sensitive client data on one of these devices could expose you or your company to a data breach.

10. Make the most of remote wipe

Remote wipe is a function of many smartphones and tablets that will allow you to send a commend to erase everything from your device if it is lost or stolen, which can protect your, and your company’s valuable assets and data.

Remote wipe does have certain flaws that prevent the lost device being wiped: a) any device is easy to turn off, b) the device can be shielded, and c) the SIM card can be removed. All of which will prevent the remote wipe function from working.

Therefore, it is important to let your IT department know as soon as the device is missing, so they can act straight away before any data is compromised.

These are just a few of the ways you can protect sensitive data whilst travelling for work or for pleasure.

For further valuable information about how to protect your business in the digital age, you can visit the Markel Law Hub at www.markellaw.co.uk/lawhub

The Markel Law Hub is an online resource containing a range of documents and articles to help you manage the various laws you can encounter when running a business.

The Law Hub currently helps over 50,000 users and contains:

• 800+ legal resources including contracts, policies, forms, and letter templates from Markel’s expert solicitors¹
• Legal updates, templates, guidance documents, checklists, and useful links to help you to successfully manage your business.
• 460+ straight-forward guides¹
• 350+ links to key resources¹
• Up-to-date information on new legislation and case-law.
• Live Chat available Monday to Friday 09:00 – 17:00
• Legal helpline.

There are two ways you can access the Markel Law Hub.

1. Simply purchase a Legal Expenses Insurance policy from us, it only takes a few minutes via our online and buy system.
2. If you do not require Legal Expenses Insurance but feel that you would benefit from access to the Law Hub, you can purchase an annual subscription.

Click to the Markel Law Hub here for details.

Related Articles:

Reducing your cyber risks on the railways 

Sources:

• www.caunceohara.co.uk/reducing-your-cyber-risk-on-the-railways/
• https://insights.samsung.com/2021/04/19/3-things-you-should-know-about-remote-wipe-3/
• www.markeluk.com/articles/how-to-keep-clients-data-safe-and-secure
• www.markeluk.com/articles/bring-your-own-device-the-risks-and-how-to-protect-against-them
• 1) www.markellaw.co.uk/lawhub/

Author Phil Ainley, Marketing Manager