Light Dark
November 13, 2015 By Christopher Burgess 3 min read
CISO
Data Protection

You receive word that you must go to a key technology conference in a faraway land, and your mind immediately starts processing all that must be completed between now and then. But when you first received the request, did it include a recommendation or directive to think about travel security or simply about the conference and the logistics involved? If you are traveling internationally, then you’re already getting travel briefings and are reviewing all the latest warnings from the government entities on where not to go, right? Hmm, perhaps not?

Absent a formal travel security program, it is up to you to engage and prepare yourself. In creating your own briefing, you’re going to have to infuse a healthy dose of common sense into it since it’s not unlikely that whatever can go wrong will go wrong. That’s colloquially know as Murphy’s law — a law that has never been repealed.

No Need to Be Sharing Travel Details

Unless you’re a public figure or on the public-facing agenda of the conference, there is little need to advertise to the world that you’re heading to the conference locale. The temptation is high, given the plethora of social networks (e.g., Facebook, LinkedIn, Twitter, FourSquare, etc.) that encourage you to share your travel plans. Then there are the many apps that track and retain your travel patterns, many of which come in handy when it comes time to do some travel accounting but have little or no security designed to protect you or your company.

Announcing to the world where you are going is also announcing where you will not be. For some, this matters not, but for others, would such a revelation raise the threat profile on their family still at home during the period of travel? If you wish to inform friends and colleagues that you traveled to a given locale for a conference, post those updates after your return.

Who Knows You’re There?

If you’re a U.S. citizen, registering with the U.S. Department of State’s Smart Traveler Enrollment Program (STEP) should be standard. This way the local embassy or consulate knows you are in their consular district and you will be included in any personal safety notification.

Additionally, make sure your family and/or supervisor knows your itinerary; give them a copy. For a larger company, perhaps there is someone assigned to track employees in travel mode. Why should your company be kept in the loop? In times of crisis, the government may know you are affected, but it may not have the resources that your company does to assist you.

Protecting Your Company

You’re traveling — what’s to protect? After all, the company has far greater resources than you do. The company is counting on you to do the right thing. The right thing may be to not travel with your company-issued mobile devices, but to go to the security division and be issued a sterile laptop and mobile phone for use on the road. Thus you’re reducing the risk that a lost device may cause the company’s information — trade secrets, intellectual property or personnel issues — to fall into the wrong hands.

Similarly, hosting your notes and presentations from the conference in a third-party cloud environment may not be in the best interest of your company. If it’s not approved by your company’s security team, the environment might not be an appropriate locale for safeguarding sensitive data.

Annual Travel Security Awareness Program

The individual may have influence on the existence of an employee awareness program and the content within that program. It is incumbent on every company to include a section on travel and travel security in their annual security awareness briefings and implement periodic security training.

Included in these programs should be a section that demonstrates, with visual aids, how information aggregation works and how sharing itineraries, photos or meeting characterizations may allow an unscrupulous entity to document and collate travel plans, sensitive meetings (think off-site leadership functions) or customer/client engagements.

There is no need to share everything with everyone. Your travel security and awareness training or self-briefings will go a long way toward protecting yourself and your company.

 |  |  | 
Christopher Burgess
CEO at Prevendra

More from CISO
October 27, 2023

The evolution of 20 years of cybersecurity awareness

3 min read - Since 2004, the White House and Congress have designated October National Cybersecurity Awareness Month. This year marks the 20th anniversary of this effort to raise awareness about the importance of cybersecurity and online safety. How have cybersecurity and malware evolved over the last two decades? What types of threat management tools surfaced and when? The Cybersecurity Awareness Month themes over the years give us a clue. 2004 - 2009: Inaugural year and beyond This early period emphasized general cybersecurity hygiene,…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature