Cyber ​​attack: Business travelers can protect themselves with these tips

IT problems are now one of the biggest business risks for companies in Germany. Data breaches in which criminals access personal data or company secrets are particularly feared. But one risk factor that companies tend to underestimate when it comes to their IT security is their employees. Especially during business trips, companies can hardly control how freely their employees are with business information, whether they connect to insecure networks and how carelessly they handle devices, data storage media and documents.

Capital has collected eight tips from IT experts, the Federal Office for Information Security and labor lawyers that business travelers can use to protect their data on the go:

1 Avoid confidential conversations

Do you want to check off the online team meeting shortly before departure? Not a good idea. Business travelers should avoid confidential conversations, conduct them out of earshot of third parties or at least not use their real names and keep sensitive data to themselves. Because they unconsciously reveal business internals in conversations they have on the go. Hackers, cybercriminals or competitors often just have to eavesdrop to get useful information. Anything can be of interest, for example which tender the company is participating in or who approves business transfers.

With such intercepted knowledge, attackers can gain access to the spied on company and gain trust. With a fake identity, they can pretend to be an employee and request further sensitive information and access data from the company or even initiate payments.

2 Use privacy film

But even those who remain silent about sensitive data may be writing emails or editing documents while on the move. Curious people sitting next to you can quickly find out the name of the employer and the programs used by looking sideways. Even simple data like email signatures and subject lines contain relevant business information that may not be intended for public consumption. There is a significant data protection problem here.

Business travelers should therefore protect mobile devices and their display content from unauthorized reading with a privacy film. Without technical privacy protection, when working mobile you should at least choose a place where third parties cannot spy. In addition, you should never put sticky notes with work information or passwords on your work laptop.

Keep an eye on 3 devices

Trips to the on-board restaurant and the train toilet can quickly become risky if the laptop is left at the seat. “As soon as someone has had physical access to the device, you have to assume that it could be compromised,” says Daniel Nolte from the business travel portal Lanes & Planes. Cyber ​​criminals could install malware or steal data via USB ports and similar interfaces. “These connection contacts can be used to gain extensive access to a device. Companies should therefore block mobile devices as a precaution.”

If employees rarely use the USB ports on the computer, the employer can limit or completely block their function and thus protect them from attacks. This also protects if employees connect non-company accessories such as headphones, mice or data sticks. If business travelers have received these as a gift or found them on the way, a certain degree of skepticism is warranted. They may contain malicious programs or steal, manipulate or encrypt data.

4 Use VPN connection

Anyone who connects to an open WiFi network in a café or on the train runs the risk of hackers accessing sensitive data. “As soon as I have logged into a public network, I can usually see all other devices that use the same WLAN,” explains IT expert Nolte. Hackers could theoretically try to connect to a device of interest and read communications taking place on it. “If the device is set up incorrectly or updated incompletely, access may be possible.”

To prevent this, employees from outside should only access the company network via VPN (Virtual Private Network). A VPN connection creates a virtual tap-proof tunnel through which all data traffic can flow in encrypted form. This means that employees can access central applications and data sets on the move, while potential spies remain outside.

Set up 5 passwords using a password manager

Business travelers should protect all devices and programs with different and complex passwords. In reality, the opposite often happens. “Nobody can remember 30 different passwords for different sites, which are also complex,” says IT expert Nolte. So instead of using an identical password for all sites and services, he advises using a password manager. These management programs can not only store passwords, they also generate strong ones.

At Capital’s request, the Federal Office for Information Security (BSI) also recommends setting up multi-factor authentication for logging in to the IT devices used. The second factor required to log in can be, for example, a fingerprint, a special chip card or a pin sent to another device. Without this, the device remains closed to third parties.

6 Only have important data with you

Be it due to thieves or your own inattention – between the office and an appointment away, a work device can quickly get lost, and with it important business data. “The less that is stored directly on the device, the better. Because data that is not there cannot be stolen,” says IT expert Nolte. Employees can follow the principle of data economy by taking laptops and smartphones that have been specially set up for business trips without sensitive company data. Everything else should be accessible via cloud services.

If you need to take sensitive data with you on a business trip, you should only do so in encrypted form. The BSI advises this. Hard drive encryption prevents strangers from reading sensitive data from switched off devices or removed hard drives.

7 Prepare for trips abroad

Traveling abroad in particular presents employees with particular challenges in terms of data security. Basically the same rules apply as for domestic travel. However, business travelers should also find out about permitted encryption in the destination country, as some countries do not accept encrypted data upon entry. Caution is particularly advised when traveling to countries that have a reputation for disregarding civil rights.

Before going through customs checks at the airport, travelers should turn off their devices completely if they need to hand them over. It is worth removing the SIM card from cell phones and smartphones. Ideally, devices are marked to ensure that no one exchanges them there or during the trip without being noticed. Even in a hotel safe, laptops, cell phones, etc. are not necessarily safe.

If possible, the employer’s IT department should check all devices upon return before they are connected to the company network again.

8 Attend training courses and comply with rules

To ensure that employees are not helpless when it comes to data protection, companies must sensitize and train them in the responsible handling of data and data storage media, especially regarding behavior on business trips. Such precautions are also important with regard to liability in the event of damage: In the event of data protection violations or data loss, the employer is initially liable. He is responsible for ensuring that employees handle business information properly.

When it comes to personal data, companies must ensure that confidentiality is always maintained when processing such data. If employees work outside the company, “it is therefore urgently necessary to give employees appropriate instructions,” says Christian Willert, a specialist lawyer for labor law, to Capital.

But employees are not always fine. “If, for example, an employee leaves her laptop open at her seat, she is acting negligently,” explains Willert. “If data is stolen, it would be at least partially liable in the event of damage.”