Corporate Policies for Business Travel

​Every year American enterprises make a significant investment of resources in business travel. U.S. companies shelled out $317.2 billion in direct business travel expenses in 2017, and workers made 463.9 million business trips last year. Business drives the need to attend conferences, visit clients or work in remote company facilities.

​Besides the obvious time and expense, travel presents particular risks. While vital to accomplishing work remotely, data is most vulnerable to loss when we’re on the road. Whether your worker forgets a cell phone in a rental car, or a hacker intercepts their data through malware on a hotel computer, or if they even encounter corrupt officials, they need to know how to minimize risks while traveling.

​In light of wide-ranging travel hazards and especially if employees visit foreign countries, you may wish to establish company-wide travel policies. Each employee must know how to handle data before, during and after each trip. Actions will vary depending on how risky the destination and how sensitive the data. These recommendations for data security during business travel are intended to help you develop or refine your corporate guidelines.

Travel Light

​Just as with luggage, when it comes to carrying company information, less is better. By carrying devices with only the data that is necessary for a trip, the risk of loss is naturally reduced. Internet-based data can be secured during travel by deleting local copies of data from the laptop and turning off the sync feature, thereby clearing the device until re-syncing back home.

​Minimalism in travel applies to devices as well as data. Princeton’s Information Security Office makes loaner iPads available for faculty and staff business trips, and upon return these are scrubbed and restored to original software condition to eradicate any malware “souvenirs.” They also lend mobile phones with international plans for travel to high-risk regions, primarily to guard access to Princeton systems. Employees avoid logging in to the main company network while traveling to avoid giving hackers access to sensitive company information.

Onsite Precautions

​Experienced travelers know when they must be on the alert. Big events and conferences are often the targets of data thieves. Overt signs of wealth may draw unwanted attention. Avoiding behavior and apparel that will attract attention on the road could help employees escape the notice of local criminals.

​It is easy to connect to public networks, and if you’ve traveled here before, your device may automatically reconnect you to a cafe’s Wi-Fi before you yourself realize it. Homeland Security experts advise to avoid using public Wi-Fi for business tasks and with company devices. Remember to turn off Bluetooth and Wi-Fi phone features if you’re not using them. If a secure Wi-Fi network is unavailable, tethering with a mobile device will provide safest Internet access.

​Public workstations can be targets for hackers and may contain spyware. Also be cautious when using a public charging station.

​Employees must notice their surroundings whenever they access the Internet, as some have stolen passwords by merely watching users in public settings.

​All electronic devices should be continuously monitored. A world traveler shares this account: “On one trip to an Asia-Pacific country, while I was taking a shower in my hotel room, I saw someone insert a USB key into my unlocked laptop. I yelled and jumped out of the shower, and the intruder ran out of the room, leaving his USB key behind. On it was a remote backdoor Trojan. That someone believed I was significant enough to spy on made me feel pretty important. It also taught me to be much more careful with my laptop.” Devices should be locked when not used.

​In addition, it’s easy to be careless with a company credit card, and hotel or restaurant security for card numbers may be uneven. Be sure to sign on for mobile bank alerts and also check receipts for exact charges. In some countries, cash is preferred, so sufficient local currency should be acquired from legitimate exchange officials upon arrival.

Know the Rules of the Road

​Knowing local laws is a necessary component in protecting data overseas.

​The FBI gives a clear example that overseas the rules may be different: “During the Beijing Olympics, hotels were required to install software so law enforcement could monitor the Internet activity of hotel guests.” This extreme instance reminds us that when we leave the United States we no longer have the same protections that we are used to.

​Encryption is generally a great way to keep data private, but be aware that encryption software on laptops may not be permitted entry in every country, including the United States. Check the latest regulations if traveling with an encrypted device.

​The US Department of State keeps travelers informed about specific countries and their current regulations on their website. Their webpage also includes helpful related links for travelers, including information on driving abroad, health issues overseas, customs and imports.

​Hopefully, with these tips and good preparation, the biggest challenge on the next business trip will be finding a good cup of coffee.

Thomas F. Kelly is president and CEO of ID Experts, a Portland, Oregon-based provider of data breach and identity protection services, such as MyIDCare. He is a Silicon Valley serial entrepreneur and an expert in cyber security technologies.