Small businesses aren’t just local: in a worldwide marketplace, small businesses can as easily have customers in Rome, Italy as in Rome, New York. Information security while on international travel is trickier than when you’re closer to home: different services, different customs, different laws and different risks.
Here are some tips for small businesses who have global travel on the calendar — now, or in the near future.
Know Your Risk Profile
Travelers are easy targets, no matter what the country. But some countries represent even greater risks for data interception and device theft. Keep abreast of threats using tools such as the US Department of State STEP program and their travel advisories. The most common problem is simple theft, which can reach into normally “safe” places such as your hotel or restaurant in some countries.
However, data theft can be a very real risk, especially if you or your staff are involved in sensitive legal or commercial negotiations. Spaces such as hotel rooms should not be considered safe parking spots for electronic devices. Be sure that travelers have short lock screen timeouts, biometric authentication enabled with strong backup PINs, and up-to-date software. Encryption is on with all smartphone platforms by default, but better devices (such as Samsung smartphones with Knox) have hardware storage of encryption keys that can defeat common hacking tools, even with physical access to the device.
Avoid Carrying Devices You Don’t Need
If you can go “smartphone only” and leave the laptop behind by using a platform such as Samsung DeX, that’s a great approach. With cloud-based applications, most smartphones don’t have a lot of local storage for anything other than photos and music. But check your common business applications to find out what information is actually stored on the smartphone, and try to minimize that. Email is a big culprit here — email clients like to cache to speed searches and review. Applications that auto-login should have that feature disabled, and common tools such as text message and group communications systems (such as WhatsApp, Slack, WeChat, Viber, Skype, Google Handouts and Signal) should be logged out.
Virtual desktop clients such as Citrix XenDesktop or VMware Horizon keep all sensitive data off of the local device while leveraging the internet to deliver applications. This won’t work in places where the internet isn’t super-fast. But depending on where you travel and how often, it’s a good way to keep data off your smartphone.
Assume You’re Being Watched — Everywhere
Any mobile data service you access abroad, whether cellular or Wi-Fi, may susceptible to tapping in some countries and should not be assumed to be completely secure. All applications should have encryption enabled and mandatory — even your corporate website. End users should be warned not to ignore a certificate warning or pop-up when in an unusual location. In high-risk areas, VPNs help avoid any type of man-in-the-middle attack when on public Wi-Fi.
Assume there’s a camera trained on your keyboard anytime you type your password; this makes multi-factor authentication a very smart idea. SMS messages, a common approach in the U.S., may not work for international travelers, so look into hard or soft token systems to be sure they can get their password while on the road.
For those that are truly worried or have a lot of concerns about data security, a second mobile phone that is wiped after each international trip may even be a good idea. Some organizations also choose to forward email to a temporary account when their staff are on the road, which limits the exposure to messages that go back-and-forth during the trip. These precautions may seem extreme, but depending on the risk factors, may help mitigate the threat.
Remember That the Rules Are Different
U.S. social norms and customs don’t carry to every country, and things on your Instagram or Facebook feed, or in your Slack or WhatsApp history, might land you in jail or cause extended delays in some places. This goes along with “know your risk profile,” but for some countries, it may be a good idea to delete these applications before crossing the border.
Travelers should also be given briefings, not just on information technology, but on other risks and mitigations associated with international travel. Back up these briefings with policies for handling events such as device theft or loss when someone is thousands of miles from home — and with associated IT processes for restoring access and productivity as quickly as possible.
Although things may be different in a foreign country, the huge penetration of smartphones has made services such as temporary data plans simpler and cheaper in most other countries than it is in the U.S. If true voice services aren’t important — and with the rise of data-based calling such as Skype or WhatsApp, this is increasingly likely to be the case — then purchasing a local, disposable SIM at the airport is sometimes less expensive than roaming from a U.S. carrier abroad. Even carriers that have “free international roaming” often deliver lower-speed data to their roaming customers as a way to keep their costs down, which can be a significant impediment to international business travelers who need fast data when they’re on the road.
Most international business travel is enjoyable, safe and fulfilling. But a few precautions can help reduce the risk of a business trip turning into a personal nightmare or a corporate data breach.
See how Samsung’s small business solutions can be tailored to protect data and boost productivity at your business.