With the pandemic easing considerably in the United States and receding in other countries, business travel is starting to return to pre-pandemic levels. But normal travel can also bring with it a host of cybersecurity dangers. Forbes Magazine illustrated the return to normal:
In a recent survey of business travelers commissioned by insurance company Chubb, 54 percent from North America indicated they were OK with domestic flying and 52 percent of survey respondents were comfortable staying in a hotel.
Before the pandemic, there was much awareness surrounding these dangers. Yet, with more than a year of lockdowns, security experts fear that some people may be “out of the habit” of being vigilant, which can create more significant repercussions for businesses.
“Traveling can be a minefield when it comes to cybersecurity. There are just so many vectors of vulnerability,” says Carson King, travel industry and security consultant based in Orlando.
A recent pre-pandemic article by Security Boulevard revealed some pretty sloppy travel cybersecurity practices.
- 84 percent of business travelers versus 76 percent of personal travelers connect to public Wi-Fi networks.
- 64 percent of business travelers versus 47 percent of personal travelers log in to an account on a publicly accessible computer such as a hotel business center.
- Sixty percent of business travelers versus 46 percent of personal travelers discard their travel itineraries or paper documents, such as boarding passes and hotel receipts, without shredding them.
“If anything, I suspect these numbers are worse today as the economy opens up. People aren’t used to being vigilant,” King asserts, adding that travel often brings out the relaxed “Disney World” mentality in people, which causes them to let their cybersecurity guard down.
“People aren’t as alert to cybersecurity danger when they are traveling, staying at a hotel, and all of those things that can have vacation trappings even when it is work,” King advises.
Variety of vulnerabilities to watch for
The vulnerabilities range from unsecured public Wi-Fi networks, inadvertently leaving a laptop on the train, falling victim to a fake charging station, or using unprotected equipment. The last example often doesn’t get much attention, but many travelers have had it happen at least once.
“Anytime you use shared equipment like the hotel printer or the computer in the lobby, you might as well just leave your company secrets on a flashing billboard in Times Square,” King says.
Michael Soule, the owner of Soule Solutions, a computer repair specialist in Middletown, Ohio, described his recent travel experience when he and his wife were on vacation.
“I went to use the printer at the hotel business computer that they have reserved for guests. At first glance, I saw that Windows was not activated, which is really no big deal, I guess… But I should have known that was a red flag,” Soule explained. Being an IT expert, curiosity got the best of him.
“I wanted to see what I was working with, it was not bad, i5 4th gen, but with a regular HHD, slower than molasses in January. Then I saw it had windows 10 home, OK. So that means no group policy,” he added. Then, he opened Chrome.
“I was shocked at the amount of user information that was stored: names, emails, passwords and even, yes, credit card information,” Soule said. Then he checked out the other browsers.
“Did the same thing with Edge and even more personal information,” he exclaimed. And it went downhill from there.
“I went to the downloads folder to see what kind of stuff was there, literally hundreds of files with users’ personal information,” Soule stated, calling the level of security on these public machines appalling.
Cybersecurity experts recommend not using shared equipment
There are steps that companies can take to prevent the use of shared equipment when employees are traveling.
Recently, in the case of one of his manufacturing clients, King says, “I had to strongly persuade the client to invest in some travel printers for his staff. He didn’t think it was worth the investment.”
But the manufacturer had sensitive patents and proprietary designs, and the CEO eventually became convinced. The printers are connected via Bluetooth to tablets. However, if you must use the hotel printer, use more secure cloud-based printing.
“Take it upon yourself to check the printer when you are done and make sure there’s no data of yours on it that can be used to compromise and, if so, delete it,” King advises. Even that simple step may not altogether remove your vulnerability, but at least it helps.
Another step to avoid using a printer while traveling is to use shared online document services with digital signatures. MSPs tasked with a client’s cybersecurity, King points out, need to devote resources for making travel secure, assuming the client has a traveling component to their employees’ jobs. This includes using VPNs, cloud-based services, and company-purchased travel hardware and software.
“If an employee is traveling and using equipment that you are in charge of, you have some level of control,” King says. Still, at the end of the day, King adds, much of the onus lay on a individual using sound judgment.
“You can purchase equipment, install VPNs, and so on, but if the person makes a poor choice to use the hotel lobby computer, then all of that investment could be for naught, so yes, there is a frustrating human element that makes some of this impossible to fully get on top of,” King states.
The takeaway: Don’t use the public computer and printer in the hotel lobby.
Photo: ImYanis / Shutterstock