Traveling for work is risky business.
Road warriors must often use publicly accessible business services from airline kiosks, unsecured Wi-Fi, and hotel business centers. While there are inherent dangers in all those things, business travelers are also often targeted by cyberthieves.
Travelers have always been targets. Witness the Starwood hotels reservation system hack that exposed the personal information of nearly 400 million hotel guests. But business travelers are the centerpiece of the smorgasbord. Cyberthieves know that business travelers must utilize online communication to exchange data with home offices, servers, and possibly financial reporting systems. They know that a good hack will yield a treasure trove of useful information such as logins and passwords to protected systems, intellectual property, and proprietary business plans.
Since 2007, a huge targeted phishing campaign known as DarkHotel has ensnared senior corporate executives. The majority of targets have been in Asia, but victims have been identified on every continent, including in the United States. Hackers exploit weak hotel security on servers and Wi-Fi to trick the targets into installing malware on their computers. The malware then collects addresses, logins, and passwords to sensitive corporate assets. Although the attackers have sometimes thrown out a bigger net, the key has been identifying high-end business travelers and specifically targeting them.
It’s important to note that DarkHotel has been a known exploit for years, yet it is still successfully operating.
Whether you’re a target or just collateral damage, you need stronger security when traveling for business.
- You can get software VPNs (virtual private networks) and mobile VPN services for monthly fees. From a business standpoint, a router that supports VPN is more cost effective and secure. The VPN creates a secure tunnel from your device to your office network and the servers and services connected to it. Your current router may have VPN capability that isn’t activated. Even if you don’t travel, a VPN can keep your company better protected whether you’re in a coffee shop downtown or a cafe in Bahrain.
- When dialog boxes pop up on our screens, we reflexively hit the OK button. That’s dangerous all the time, but particularly when traveling and operating on Wi-Fi. Don’t install software updates through these popups. Instead, go to the software company’s website and test to see whether there’s really an update for your version.
- When traveling, disable Wi-Fi auto connect. Auto connect saves you the trouble of having to search out and connect to public wireless networks but may also connect you to unsecure, potentially dangerous ones.
- Disable Bluetooth, which can be an open door to hackers near you in public locations like hotels, restaurants, coffee shops, etc.
- Minimize location sharing on mobile devices. Cell phone users have an average of 80 apps on their phones. Almost all of those apps ask you to turn on location services, whether they really need it or not. Before traveling for business, check the apps you’ve authorized to track you and turn off all that aren’t essential. Knowing where you are can also tell a hacker or cybercriminal where you aren’t. Like in your hotel.