5 Ways To Safeguard Devices And Data While Traveling Abroad10:00 AM EST Thu. May. 30, 2013
Individuals who travel to Asia and certain Eastern European countries may be at an increased risk of a malware infection or inspection of electronic devices at the demand of government agents, according to security experts. Large businesses with employees who travel to remote locations often have strict policies to safeguard data. However, government agencies often prepare to have devices snooped on when visiting certain countries, prohibiting officials from storing restricted information. Even encrypted data is at risk. A chief security officer who worked for several defense contractors told CRN that mobile devices and laptops were scanned for hidden malware and often destroyed upon return from China or business trips to Eastern European countries. Individuals who travel to high-threat countries should bring only "disposable" devices, warns Richard Bejtlich, chief information security officer at Mandiant. Here are five steps you can take to help safeguard your devices while abroad.
Common thieves often wipe a lost or stolen device to resell it, but a thief with some digital prowess may attempt to access sensitive data. While data encryption isn't going to be a foolproof method of safeguarding data in high-threat countries, it is the most practical way to thwart an attacker from accessing sensitive data. A number of standard file encryption programs are available including Microsoft's BitLocker for Windows 7 and Windows 8 PCs, FileVault for Macs, and open source alternative TrueCrypt. McAfee, Symantec and other endpoint security vendors also sell full-disk encryption or file and folder encryption.
Offline backups and parallel systems are becoming essential for business systems. Eugene Kaspersky (pictured), CEO of Kaspersky Lab, told channel partners recently that they should be urging businesses to back up sensitive data. The threat was highlighted last year by the Shamoon attack on Saudi Aramco, which used malware that wiped out the company's data. Individuals should also back up data on laptops and mobile devices. The rule of thumb from most security experts is to keep three copies of important files. In addition to being stored on the device itself, security experts advise backing up the data on a physical drive in a secure location and in a secure cloud environment you trust.
Security experts recommend avoiding open wireless networks, even in the United States, without using a VPN to tie into the corporate network. Freely available tools make it easy for an attacker to use a victim's credentials and view unencrypted browsing sessions. In 2010, a Firefox browser plug-in called Firesheep enabled users to snoop on individuals on open Wi-Fi networks. At conferences abroad, users should ensure that their devices are being connected to the proper access point, security experts say. Global VPN service providers also exist to help secure communications on open Wi-Fi networks. In addition, some mobile device management vendors extend corporate VPN capabilities to employees. Mobile Active Defense, an MDM vendor, enables IT teams to set corporate policy based on employee location.
Business travelers engaged in sensitive financial matters may need to make confidential phone calls back to the home office. In his advice for visitors to high-threat countries, Mandiant's Bejtlich recommends business travelers purchase a disposable mobile phone while in the country to help safeguard against attackers snooping local communication networks. If you must carry an iPhone, technologies to secure messages are emerging. San Francisco startup Wickr encrypts data on mobile devices, enabling users to send self-destructing text, photo, video, voice and PDF messages to other Wickr users. The company made its debut this year as a finalist in the Innovation Sandbox at the 2013 RSA security conference.
Mobile malware is still statistically tiny compared to threats that target laptop and desktop PCs. But, victims are often detected in Asia, Eastern Europe and Russia, according to security firm F-Secure, which released its mobile threat report in March. Malware embedded in apps often appear in third-party app stores and raise the risk of an infection, according to Mikko Hypponen, chief research officer at F-Secure. Security experts say it is best to avoid downloading any software when traveling abroad. Even software updates to existing applications should be treated as suspect until returning to a trusted location in the United States.