Are Your Travelers
Keeping Your Data Safe?
TAKING RISKS WHILE ON THE ROAD
COMPILED BY LISA KAHAN, WRITER
S
pyware, malware, ransomware, data breaches and
identity theft — cyberattacks are on the rise and
they’re only becoming more sophisticated. From the
loss of consumer trust and revenue to the theft of trade
secrets, the consequences of such an attack can be dire for
large and small businesses alike. One only has to read the
headlines from the recent hacks on Marriott and British
Airways to begin to understand the significance. And yet,
according to the Hiscox Cyber Readiness Report, which
surveyed over 4,100 international organizations last year, 7
out of 10 businesses lack adequate defenses to ward off such
an event. People are more likely to take cybersecurity risks
when traveling for business than for pleasure, finds the 2019
Travel Cybersecurity Study commissioned by IBM Security.
More than an IT issue, these days cybersecurity is
everyone’s responsibility. Every email, every public Wi-
Fi network, every free charging station is a potentially
catastrophic encounter, and business travelers are
particularly vulnerable. They are also surprisingly lax when it
comes to even the most basic of precautions. A recent survey
commissioned by IBM Security found that while traveling,
“more than 70% of Americans have connected to public wi-
fi, charged a device using a public USB station or enabled
auto-connect on their devices.” This might not be surprising,
but what is startling is that the survey found people were
more likely to engage in this type of risky behavior when
traveling for work.
With such potentially devastating consequences, how
do you get your travelers to take cybersecurity seriously?
Education is essential, says Travel Leaders’ Chief
Information Security Officer Max Goldfarb. During his
time at Travel Leaders, he has worked closely with the
compliance team to implement a robust information security
and compliance training program for employees. “While
many companies treat this type of training as a once-a-
year event, usually with some boring slideshow, we push
out three to five mandatory interactive training modules to
everyone every quarter,” says Goldfarb. “We then follow up
our communications and training with phishing campaigns
to measure the effectiveness of our training.” In addition,
every week or two Goldfarb and his team send out security
alert emails with examples of the latest phishing and other
cyber threats they are seeing.
Teaching your employees about cybersecurity is essential,
whether they’re in the office or on the road. But how do you
keep the information from going in one ear and out the
other? In some ways, it’s very similar to getting them on
board with your travel policies. It all comes down to good
communication. Employees need to understand why the
policies have been put in place and how they benefit.
Employees who understand the consequences of a data
breach are more likely to take security seriously, the same
way as travelers who understand how booking out of
network affects departmental revenue (and by extension,
their bonuses) are more likely to comply with their company’s
travel policies. No one wants to be the person who cost
their company millions of dollars because they downloaded
malware or entered their credentials into a malicious
website. No company wants to make headlines for leaking
customers’ personal data. If you haven’t already, now’s the
time to institute regular cybersecurity awareness training
for your employees. Some things are too important to wait.