Risky Business

Ways to mitigate security challenges on the road

By Laura Haight
Originally published as the Digital Maven in Upstate Business Journal

Traveling for work is risky business.

Road warriors must often use publicly accessible business services from airline kiosks and unsecured wifi, to hotel business centers. While there are inherent dangers in all those things, business travelers are also often targeted by cyber thieves.

Travelers have always been targets. Witness the Starwood Hotels Reservation System hack that exposed the personal information of nearly 400 million hotel guests.

But business travelers are the centerpiece of the smorgasbord. Cyber thieves know that business travelers must utilize online communication to exchange data with home offices, servers, and potentially financial reporting systems. They know that a good hack will yield a treasure trove of useful information from logins and passwords to protected systems, to possible intellectual property, and proprietary business plans.

Since 2007, senior corporate executives snared in a huge targeted phishing campaign known as DarkHotel. The majority of targets have been in Asia, but victims have been identified on every continent including in the US. Hackers exploit weak hotel security on servers and Wi-Fi that tricks the target into installing malware on their computers via hotel Wi-Fi. That then collects addresses, logins and passwords to sensitive corporate assets. Although the attackers have sometimes thrown out a bigger net, the key has been in identifying high end business travelers and specifically targeting them.

It’s important to note that DarkHotel has been a known exploit for years, and yet it is still successfully operating.

Whether you’re a target or just collateral damage, you need stronger security when traveling for business.

  1. Take unsecure Wi-Fi connections out of the equation by installing a business-quality or higher-end consumer router with built in VPN to protect your business. You can get software VPNs and mobile VPN services for monthly fees. From a business standpoint a router that supports VPN is more cost effective and secure. The VPN creates a secure tunnel from your device to your office network and the servers, services connected to it. Your current router may have VPN capability that isn’t activated. Even if you don’t travel, a VPN can keep your company better protected whether you’re in a coffee shop downtown or a cafe in Bahrain.

  2. When dialog boxes pop up on our screens, we reflexively hit the OK button. That’s dangerous all the time, but particularly when traveling and operating on Wi-Fi. Don’t install software updates through these popups. Instead go to the software company’s website and test to see if there’s really an update for your version.

  3. When traveling, disable Wi-Fi auto connect. This saves you the trouble of having to search out and connect to public wireless, but also may connect you to unsecure, potentially dangerous ones.

  4. Disable Bluetooth, which can be a potentially open door to hackers near you in public locations like hotels, restaurants, coffee shops, etc.

  5. Minimize location sharing on mobile devices. The average user has 80 apps on their phone. Almost all of those apps ask you to turn on location services, whether they really need it or not. Before traveling for business, check the apps you’ve authorized to track you and turn off all that aren’t essential. Knowing where you are can also tell a hacker or cybercriminal who is tracking you where you aren’t. Like in your hotel.