For many industries, work travel is a fact of life, and thus questions of data security and mobile device management arise often. When employees travel, an organization’s attack surface expands, and the risk of a data breach with it. When a company does not have clear policies for what data security on the road looks like, or struggles to enforce those policies, the risk of disastrous and costly mistakes increases.
Data Security on the Road
So, how should employees on the road think about data security? How can companies mitigate risk to themselves and their customers when it is necessary for sensitive information to travel? While each situation is different, there are some general concepts that can be adjusted to match industry standards:
Encrypting Disks
Data encryption is an integral part of any company’s defensive posture, especially when machines will be outside the normal boundaries of an office or hybrid worker’s home. When devices are encrypted, a key is needed to decrypt and access the information on that drive. Machines that travel should have encryption options like BitLocker enabled so the hard drives remain protected even if a nefarious actor attempts to access them with a different machine.
Related – Why BitLocker Encryption is Essential
Update All Software
While it is all too easy to select ‘Not Now’ on updates, such actions may leave security vulnerabilities unaddressed. When designers put out software updates, they are often using new information to combat the latest attack patterns and methods. Spending the time to update devices and software to the latest version ensures that the company’s data is as safe as possible in the face of developing cyber threats.
Back Up Devices
When cell phones and laptops travel, risks abound, whether you spill your takeout in an airport terminal or your bag is snatched while you are hailing a taxi. Backing up data is the best policy before hitting the road. In the event that devices are lost or stolen and need to be wiped remotely, a backup offers peace of mind and guarantees that projects do not need to start back on square one if the worst should happen.
Only Take Essential Data
When there are fewer devices, there are fewer endpoints to compromise. Streamline what devices are needed whenever possible, and limit the ability of a stranger to walk off with anything important. Keeping an eye on one laptop and a mobile phone is a much easier task than juggling a computer, two phones, a tablet, and three external hard drives.
Don’t merely limit the amount of devices! When less data is present on a device, less data can fall victim to damage or theft, so only take essential data when on the road. Consider utilizing a cloud storage system that is password-protected for information that is helpful but does not need to be accessed daily; that way, auxiliary data can be accessed remotely as needed for work tasks, but is safely locked away.
Multi-Factor Authentication
Require employees to utilize Multi-Factor Authentication (MFA). This adds another layer of security to devices and accounts, protecting proprietary information. With MFA enabled, individuals must use both the initial password and an additional form of identification, such as a time-sensitive code that is sent to another device.
Password Hygiene
Strong passwords are a standard way to protect data, but too often employees travel with a list of passwords on a sheet of paper wedged in a briefcase or typed out on their phone. Each account should have its own, unique password that is memorized. Consider incentivizing the use of a password manager or organizer that is encrypted, to streamline this process.
Endpoint Management Software
As employees travel, the ability to remotely manage network endpoints like cellphones and laptops is an integral part of data security. An endpoint management solution such as DriveStrike allows companies to track the location of devices scattered across the globe – if any machine goes missing, administrators can instantly see where the device is. If the device is deemed stolen or in the hands of an unauthorized user, an endpoint security software will offer options such as remotely locking the device or remotely wiping the machine. When it comes to work traveling, err on the side of caution – if there is any concern about your data’s security, remotely wipe it in seconds!
Research & Prepare
Traveling with a bit of background information prepared is invaluable to secure company data. Proactively locate risk areas, such as restaurant meetings or bus transfers. Create an outline to know where the devices will be, so any strange behavior or travel patterns can be noted and addressed.
Consider questions like:
- Will the employees need to be in and out of conference centers, or will they be meeting in restaurants and public spaces with clients?
- Will they be working in field offices, libraries, Airbnbs, or on the train?
- Are there safes or storage lockers in the hotel that can store devices?
- What are the crime rates in the towns and cities they will be travelling through?
Provide Physical Protection
Just because the data is digital, this does not remove the need for physical protection. Safeguarding machines is a key component of maintaining data security. Provide privacy screens for work devices; these screens mitigate the risk of members of the public catching glimpses of classified information if an employee is working in a public place. Train employees to lock and close their computers whenever they are not actively working on them, even if they are sitting at the table with the device.
Many laptops are stolen while in the controlled chaos of transit, and mobile phones are easy to leave on a deli counter or airport bench. Encourage employees to keep their devices within reach in any place where the devices cannot be secured from unauthorized users: the bathroom, the cafe register, the co-working kitchen, etc.
Incentivize the purchase of a reliable and protective means of carrying computers and phones for travel. While a lockable bag may be the right choice (make sure locks are TSA-approved if there will be flying involved), depending on the area it may be worth shunning a traditional laptop case for a nondescript tote or travel backpack (it may not be safe to announce ‘I am carrying a computer!’)
When employees are traveling for work, company data travels with them. With this in mind, updated policy and equipment does not guarantee perfect mobile device management. Offer training and provide the data security tools to inspire success, and be clear to travelers about the data security risks and responsibilities they take on by hopping in their car with their briefcase in hand!
About DriveStrike
DriveStrike is an all-in-one endpoint security solution that integrates Remote Locate, Lock, and Wipe services with Encryption management in one secure online console. Begin defending your data today with mass deployment options for phones, tablets, and computers on any operating system. Start your 30 Day Free Trial and begin protecting data today with DriveStrike!