Business travel? Follow these cybersecurity tips

Business travel fuels growth for many South African companies, driving expansion through new connections, sealing deals, and unlocking opportunities in diverse markets. However, data reveals a significant cost associated with these trips. From August to October 2023, companies typically spent R15,138 per domestic trip and R34,943 per international business travel. These high costs highlight the critical need for companies to ensure their employees are safeguarded against cyber threats. Cyberattacks targeting business travellers can lead to hefty financial losses, further impacting a company’s bottom line.

However, according to Cisco’s recently released Cybersecurity Readiness Index, only 5% of organisations in South Africa are classified as having a mature level of cybersecurity readiness, indicating a significant gap in protection against cyber threats. With these risks in mind, here are key reminders from the experts at Cisco Talos to ensure cyber-safe business travel.

“Technology allows us to make the most of time away from the physical office like never before. Unfortunately, criminals can ruin what should be a productive time,” says Martin Lee, EMEA lead for Cisco Talos. “Being aware of common attacks and how to defeat them helps us stay secure and focus on our business objectives without worrying about security.”

To safeguard company data and employee safety, he provides these top tips for employees to stay vigilant while traveling on business:

1. Physical Security: When travelling with a device employees must make sure that they have taken a back-up, uploaded any confidential information to secure storage and removed it from local storage. They should also have alternative access to critical functionality, such as access to 2-factor authentication requests if their phone is lost or stolen.

When travelling it is also important to keep the devices securely out of sight. Employees must be aware of their surroundings when using devices as thieves are adept at snatching devices in busy areas, and sneakily spiriting them away when attentions are elsewhere.

2. Public Wi-Fi vs. Mobile Data: When travelling there is always the temptation to save on data roaming charges and allowances by joining public networks/Wi-Fi. However, it may be worth considering paying the extra tariffs to keep data safe. Shared public networks may be shared with dubious characters, or an apparently free to use network may be a malicious decoy network set-up to dupe the unwary.

A criminal snooping a network can steal cookies or session tokens to gain access to confidential services. Network traffic from financial or private apps can be intercepted or modified. Alternatively, an attacker may create a man-in-the-middle attack to impersonate a key system while intercepting and modifying data. 

3. Hotel & Accommodation Security: It’s worth applying a few extra precautions while in unfamiliar locations when it comes to security and privacy. Travellers must remember to log out of any devices such as Smart TVs, and not to store any credentials. Otherwise, subsequent guests may be able to access their accounts.

They should also be aware that room keys may have been cloned or stolen. Therefore, they mustn’t leave valuables or devices unsecured even in an otherwise locked location. 

Similarly, respectable networks provided for guests may be being shared with dubious characters or may have been tampered with by previous guests to harvest credentials or session tokens.

When booking accommodation, the business or employee must double check that the booking site is the genuine article and not a cloned site that will take your money, but not provide a valid recognised booking. Never agree to pay for accommodation outside of the official booking mechanism as you won’t have any recourse to get a refund if the booking is fraudulent.

4. Conferences, Meetings, and Events: Business trips often involve attending conferences and meetings. Travellers must be cautious with their devices at these events as criminals can swiftly steal devices or upload malware. They should avoid handing their device to strangers for photos. QR codes are also common but can be replaced with malicious ones. Employees must verify the authenticity of QR codes before scanning and avoid offers that seem too good to be true, especially if they require personal details. 

“When business travellers are out of secure network environments,” says Lee, “it’s crucial that they stay aware of their surroundings and practice good cybersecurity hygiene to ensure a secure and productive business trip. Their vigilance can make the difference in protecting company data and maintaining peace of mind on the road.”