Employees are your company’s primary protection against cybersecurity incidents.
A culture of awareness and good cyber hygiene can protect against surging rates of phishing, social engineering, and malware. According to the World Economic Forum, seven in ten (72%) of businesses see cyber risks increasing.
On top of this, nearly one in three (29%) leaders flag inadequate employee training as a top vulnerability for their business, according to SAP Concur data.
Knowledge is vital for mobile workforces. Without safeguards, business travel creates new entry points for attackers. Devices travelling with employees can house sensitive data, transaction information, and unbridled access to corporate networks.
Contending with the risks of fraud, identity theft, and compliance breaches, organisations can’t afford to overlook cybersecurity in business travel.
Employee education helps equip employees with the skills and knowledge to mitigate cyber threats. Here are three ways to educate colleagues and keep them “cyber safe” on the road.
1. Follow the “Zero Trust” principles
Business travel means company data is regularly accessed from anywhere around the globe, exponentially expanding the attack surface.
Zero Trust security principles protect data and systems by requiring every access request to be verified. Under this model, corporate networks never automatically trust any user or device without verification.
On top of the encryption of data, emails, and workloads, Zero Trust uses a number of security protocols, including:
- Multi-factor authentication (MFA): Providing an added layer of verification to user logins, reducing the impact of stolen credentials.
- Single-Sign On (SSO): Letting users access platforms through a robust central identity provider, limiting the number of different credentials available for attackers to exploit.
- Role-based access controls: By assigning different levels of data access permissions to employees, in accordance with their role, organisations can minimise the attack surface and reduce the risk of insider threats.
Zero Trust is more than just technology – it requires cultural transformation. Educating employees on the role of Zero Trust in securing data and systems in a decentralised environment will help them understand their shared responsibility.
For instance, when out on the road, continuous verification of user identities can make it safer to use travel and expense (T&E) platforms to submit expenses in public spaces such as airports or hotels.
Meanwhile, back at head office, IT and finance teams can understand how data will be shared, who will access it, and the level of access a user will have.
2. Beware of “juice jacking” on public USB charging points
We all encounter countless public charging stations when travelling. But are they welcome conveniences or dangerous entry points for attackers?
Travellers who access company data and systems on their mobile devices are vulnerable to “juice jacking”. Attackers can install malware or steal sensitive data from a device connected to a compromised USB charging port.
Without endpoint protection, smartphones, tablets, and laptops become gateways not just to the individual’s personal data, but the organisation’s corporate network.
Employees must be aware of the potential risks before plugging their devices into handy charging points. Consider education on best practices, such as:
- Carrying a portable charger: Security bodies advise directly against using public USB ports in locations you’re not sure you can trust. Travelling with a portable charger is a safer alternative.
- Using power outlets instead of USB ports: If available, plugging a charger into a standard electrical outlet is a safer way to charge your device. This allows power to transfer but not data.
- Investing in a USB data blocker: If you’re in a situation where you have to recharge using a USB port, using a USB data blocker can prevent a potential transfer.
Even with this knowledge, there’s still the risk that travellers will occasionally need to charge their devices by USB port to load tickets, company systems, or simply message home.
Additional security measures, such as ongoing vulnerability assessments and threat detection tools, can monitor for unusual activity and block at-risk devices from accessing corporate systems.
3. Remember what to do in the event of a breach
Employees must know exactly what to do if a work device is lost, stolen, or otherwise compromised. A proactive approach can prevent data from being exploited.
Employees should be educated in the details of the organisation’s incident response plan according to their responsibilities. These include:
- Regular testing: Quarterly testing of backup recovery systems to ensure data can be restored efficiently after an attack.
- Defined roles: Clear designation of roles for data forensics and regulatory reporting.
- Secure communication channels: A dedicated and secure method to notify affected teams and stakeholders as quickly as possible.
Every employee should also understand their role in the incident response process. They should know who to contact for detection, investigation, and mitigation, as well as when and how to escalate incidents to the appropriate teams.
For instance, if luggage containing a work laptop goes missing in transit, employees should know the appropriate channels to notify the IT department. It means the right people can take timely action – such as remotely wiping the device.
A team effort
When employees are away on travel, there’s no on-premises IT team to provide round-the-clock cybersecurity counsel. On an individual level, everyone needs the knowledge and tools to protect their business’ data and property. In an age where data breaches and cybercrime are rising, all members of staff have a responsibility to be safe: it is a team effort.
By empowering business travellers and staff back home with knowledge and best practices, you can build an effective defence to protect your organisation’s data – from anywhere in the world.