Cybersecurity In-Depth: Getting answers to questions about IT security threats and best practices from trusted cybersecurity professionals and industry experts.

Should I Have a Security Travel Policy to Protect Devices and Sensitive Data?

Mobile devices are lost or hacked while in transit far too frequently. Here are some steps to protect your business.

Kurtis Minder, Co-Founder & CEO, GroupSense

December 20, 2019

1 Min Read
Dark Reading logo in a gray background | Dark Reading

Question: Should I have a security travel policy to protect devices and sensitive data, particularly when our staff are crossing international borders?

Kurtis Minder, CEO of GroupSense: Absolutely, unless you don't mind constantly losing those devices. According to a Ponemon Institute and Dell study, 12,000 laptops are lost each year in airports alone. Laptops, mobile phones, and other devices are also frequently left in cabs, bars, ballparks — you name it. And the passwords people use on their laptops are easily cracked because most people use the same passwords across multiple accounts, so some simple credential stuffing will give bad people access to your system. We saw this happen when Disney+ launched, and the same approach can be used to gain access to your laptop and all of the systems and accounts on it.

What should a travel policy include? First of all, rigid requirements around disk encryption, VPN use, and secure communications (encrypted messaging, calling, etc.) should be standard for international travel. Further, for some countries, policy may dictate that corporate devices or devices containing corporate or client information cannot be taken. In this case, the company may offer "burner" devices specially configured for the team member and the trip mission.

Related Content:

 

About the Author

Kurtis Minder

Co-Founder & CEO, GroupSense

Kurtis Minder is the Co-Founder and CEO of GroupSense where he leads a team of world-class analysts and technologists providing custom cybersecurity intelligence to some of the globe’s top brands. He has more than 20 years of experience in roles spanning operations, design, and business development at companies like Mirage Networks (acquired by Trustwave), Caymas Systems (acquired by Citrix), and Fortinet (IPO). Minder is also a world-renowned ransomware negotiator and was recently profiled in The New Yorker for his work. He has been featured in the media across four continents and has recently been on CNN, The BBC, and CBS, and featured in publications such as Reuters, The Wall Street Journal, The New York Times, Fortune, and The Washington Post about ransomware.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights