Employee Travel Puts Corporate Data at Risk

Corporate data is constantly at risk on mobile devices; devices are routinely lost or stolen, employees use public WiFi, click on phishing links, bypass encryption, download unapproved apps or share the same password across corporate and personal services. There is a lot of “mobile mischief” going on that puts corporate data at risk, so organizations need to look at how to manage the use of devices, and educate staff, to avoid a costly data breach.

Business Travel Puts Data at Risk

The FTC released an alert earlier this year warning travelers of the risks associated with hotel Wi-Fi, and a new report from Cylance suggests that 8 out of the top 10 hotel chains have vulnerable routers. Hackers are using security vulnerabilities in hotel WiFi to steal people’s passwords and other sensitive information, all of which could be used toward a subsequent attack against a corporate network. Earlier this year, we discussed the rise of a more targeted attack on business travellers through WiFi, targeting the laptops, phones and BYOD devices of executives as a prelude to corporate cyberattack.

What can IT do to protect devices in these situations?

• Implement Formal Employee Policies – education and training can prevent some breaches or help organizations address potential breach situations more quickly. IT infrastructure can ensure employees stay on the straight and narrow. BYOD, MDM, and general use policies will provide staff with clear expectations and steps to follow when it comes to using devices that access the corporate network or what to do if a device is at risk, including freezing a device or wiping it clean. The use of a a Device Freeze Policy in Absolute Data & Device Security (DDS) can help IT monitor for suspicious activity and help avoid potential breach situations.
• Encrypt Data - this is your “front line” of defense, but you must be able to prove encryption was in place and working in order to satisfy compliance auditors. Encryption is not infallible, so this next point is important:
• Take a Layered Approach to Data Security - on networks, endpoints and corporate data. The more layers of defense you have, the better.

With the proper training and IT support, backed with Persistence technology, organizations can make strides to offset the kinds of employee behaviour that put corporate data at risk.

Arieanna Schweber

Arieanna Schweber has been a part of the Absolute writing team since 2007. Arieanna was Canada's first female professional blogger and has been professionally blogging since 2006 and has spoken at leading blogging conferences including BlogHer and Northern Voice. Arieanna has a joint degree in Business and Communications from Simon Fraser University and continues to build communities for Vancouver-based clients.

All Posts By This Author