Securing Your Organization’s Sensitive Information During Travel
March 28, 2017
I just read an interesting article about safeguarding your private data when traveling abroad. Of course, we all know it makes sense to safeguard our personal confidential data, such as social security and financial account numbers. Stories of fraud and identity theft abound and are enough to chill the blood.
However, the risks only multiply when traveling abroad, as they include vulnerability not just to private scammers, muggers, and thieves, but also to foreign government border-crossing agents and other officials who screen and monitor visitors to their countries. And, for various reasons, foreign (and domestic) governments may also have an interest in other personal data, such as email and social media usernames and passwords.
It’s not just our confidential personal information that is at risk, however.
Your organization’s confidential information and data is also at risk whenever organizational personnel travel with the various electronic devices routinely carried everywhere—such as smartphones, tablets, and laptop computers. To make matters worse, the value of your organization’s data and the damage that can result from its unauthorized disclosure extends well beyond the value and damage to a single person, and can affect the entire organization, and its customers, clients, vendors, contractors, and business partners. Further, if persons are tempted to be lax when it comes to protecting their own personal confidential data, what is the risk they will also be lax (or ignorant) about risks to the security of data that is not directly tied to their own personal interests?
This all points to the need for organizations with confidential information (including their own and that of their clients, customers, or business partners) whose personnel ever travel (whether for business or personal reasons) to have well-thought-out policies and procedures to protect that information during travel abroad.
Such policies and procedures can range from requiring that all devices with organizational data stored on them or used to access organizational systems be encrypted to mandating that all such devices either be wiped of all organizational data before travel or left at home in favor of cheap “burner” devices that have never been used to access organizational data.
Such policies also might include requirements that fingerprint readers be disabled, that passwords be changed and stored only in password manager apps accessed securely in the cloud, and that personnel use multi-factor authentication to access devices or cloud-based systems or stored information.
Every organization’s circumstances differ, and their policies and procedures should differ accordingly. Furthermore, depending on the countries involved, either or both the United States and the other countries might restrict or make it illegal to travel with an encrypted device.
So, what are your organization’s policies and procedures for the protection of confidential information while traveling, and how thoroughly have your personnel been trained in them?
Eleven Prince Yeates Attorneys Elected to Utah’s Legal Elite List for 2018More
Title III of the Americans with Disabilities Act (“ADA”)More
International Rescue Committee Service ProjectMore
Telephone: (801) 524-1000
Fax: (801) 524-1098
Prince, Yeates & Geldzahler
15 West South Temple, Suite 1700
Salt Lake City, Utah 84101