19/08/2015
Data security should have top priority in high-risk countries / Tips for companies
Business travel presents particular challenges when it comes to data security, such as the loss of end devices and thus business-critical information. msg provides helpful tips on how companies can safeguard themselves - from data economy to employee training.
Business people who spend much of their time traveling are exposed to numerous data security threats when on-the-go, especially since not all countries enjoy the same high standards of data protection as Germany. A few are even known for their attempts to spy on foreign countries. As a result, special security measures are necessary when working in such countries.
What Companies Can Do
Companies themselves hold primary responsibility for the security of their data. The use of suitable technologies, the establishment of adequate processes and - more importantly - promoting awareness among involved employees can reduce the most common risks of information security.
- Use Encryption. Any data stored on end devices that are used when traveling should be encrypted where possible and where allowed in the destination country.
- Minimize the Amount of Data Used. Even those who travel frequently should not carry all of their data on their end devices. Instead, they should limit their data to the data they actually need for their current trip. This makes it much easier to limit losses should there be a data leak. Furthermore, any data taken on the trip should not be stored exclusively on the end devices, but should be backed up on the company’s central servers.
- Use Privacy Screen Protectors for Laptops. Unwanted viewing of screen content by nosy neighbors can have far-reaching consequences. To prevent it, companies should equip all laptops with a screen protector before issuing them to employees.
- Train Employees. Hackers often attempt to access in-demand data through a company’s employees. They weasel their way into their victim’s trust using allegedly secure personal or electronic contact or they take advantage of the victim’s unsuspecting nature. In the end, the only tool against that type of social engineering is to make sure employees are properly trained. They have to be made aware of suspicious e-mails or overly-friendly conversations with or in the presence of supposedly casual bystanders, such as taxi drivers. In addition, not every colleague in the destination country should automatically be considered trustworthy.
- Standardize Travel Security. Companies must standardize the topic of “Security On-the-Go” in order to integrate and take advantage of past experiences throughout the entire company and in order to take adequate measures. By implementing established processes, companies will have already taken a key step toward better security on business trips. This includes, for example, only permitting access to the company network through a VPN or only allowing encrypted services on devices. Another important process is the regular inspection of the devices upon return to check for manipulations, spyware and similar threats.
- Separate Devices for Sojourns in Foreign Countries. Ideally, pool cell phones and laptops that only contain essential data should be used when traveling and should be returned to the pool once back and following inspection. This allows the damage from loss or espionage to be minimized.
“The tricks employed by data thieves are very elaborate in some cases, but it is often the simple tricks that do the most damage,” explains Mark-W. Schmidt, Head of msg Information Security. “Of course, the individual’s conduct also plays a big role, which is why training is so important,” Schmidt continues. Having a slightly paranoid attitude when handling business-critical data when on-the-go, but also in general, is thus a good rule of thumb. Unfortunately, some companies have not felt the same about security and have had to face some serious losses.