Information from the University of Lethbridge International Travel Safety & Security Provider: International SOS
for additional information, contact firstname.lastname@example.org
Cyber Security Through the Eyes of a Traveller
The ubiquity of the cloud, WiFi networks and cheaper roaming charges enable travellers to be connected throughout their journey – but also present opportunities for cyber threat actors to target new technologies, which are often built with limited or no security. The internet of things (IoT), artificial intelligence and voice recognition software have multiple benefits for users but, to provide personalised services, these technologies use intrusive collection methods to obtain large volumes of personal and sensitive data – making them attractive targets for cybercriminals and espionage groups.
Travellers present unsuspecting targets for cybercriminals, state-backed espionage groups
Cybercriminals threaten business travellers and the organisations they represent with reputational damage and financial losses. Our research and experience shows that travellers to a wide range of countries face a growing threat from cybercriminal activity, both from sophisticated as well as less capable groups. Cybercriminals use techniques such as drive-by downloads and phishing attacks to facilitate financial fraud and steal credentials (for online banking, for example). They typically also use remote access Trojans (RATs) to install malware, allowing them to monitor victims’ behaviour on their devices.
Hotels are a particularly attractive target for credit card fraud, because their WiFi networks are public and do not offer protection for communications. Cybercriminals can set up WiFi networks claiming to belong to hotels or trusted organisations to monitor online behaviour and obtain passwords, or can scan legitimate but vulnerable WiFi networks to steal sensitive information from devices connected to these networks.
Multiple cyber espionage groups have also been known to high-value individuals through hotel WiFi networks. Hotel networks typically have weaker encryption than corporate networks, making communication on connected devices vulnerable to interception by cyber threat actors.
Travellers also face a heightened risk of data breaches from their devices as governments increase security measures at sensitive border crossings. This can include confiscating devices for inspection, then installing malicious software such as spyware to gather information. There is a high probability that travellers, especially those in strategic roles, will be targeted in more covert forms, such as through social engineering and by intercepting electronic communications.
Securing information when travelling
Travellers should take precautionary measures before, during and after travel, especially to high-risk locations. Corporate and personal devices will process and store information that is of high value to cyber threat actors. Before travelling, organisations should ensure travellers only take devices necessary for their trip, and secure these devices and the data they hold. Protective measures include updating software on devices, enabling multi-factor authentication for online accounts, encrypting data stored on a device, and using virtual private networks to protect communications.
While travelling, travellers should be vigilant about where and how they use their devices. Especially when in public places such as airports, hotels and restaurants, travellers should closely guard their devices and avoid accessing sensitive information including online banking, commercially sensitive data and personal information. Travellers can use privacy screens to limit their devices’ visibility to people nearby, and combination locks to secure laptop bags. When they return, travellers should run antivirus scans on all devices to remove potential malware, and should change passwords on devices and for online services used on their trip. Travellers should also remove any WiFi networks they have connected to on their trip, using the ‘forget network’ setting.
Dahlia Al Sharif
Senior Consultant, Cyber Threat Intelligence
Senior Consultant, Cyber Consulting