Business travellers putting organisations' cyber-security at risk
Stressed and on the move
Business travellers are more likely to be targeted for their access to private and corporate data than be mugged, according to a new report.
A survey by Kaspersky Lab of 11,850 people from across Europe, Russia, Latin America, Asia Pacific and the US found that the pressure from work to get online is clouding the judgment of business travellers when connecting to the internet.
It said that three in five (59 percent) of people in senior roles say they try to log on as quickly as possible upon arrival abroad because there is an expectation at work that they will stay connected. The research also found that 47 percent think that employers, if they send staff overseas, must accept any security risks that go with it.
Almost half (48 percent) of senior managers and more than two in five (43 percent) of mid-level managers use unsecure public access Wi-Fi networks to connect their work devices when abroad. At least two in five (44 percent and 40 percent, respectively) use Wi-Fi to transmit work emails with sensitive or confidential attachments.
One of the main reasons for business travellers acting the way they do on business is down to a widely held assumption that their work devices are inherently more secure than private communications tools, regardless of their connectivity. Two in five (41 percent) expect their employers to have set strong security measures. This is most pronounced among business leaders (53 percent) and mid-level executives (46 percent).
One in five (20 percent) senior executives admit to using work devices to access websites of a sensitive nature via Wi-Fi – compared to an average 12 percent. One in four (27 percent) have done the same for online banking – compared to an average 16 percent.
Konstantin Voronkov, head of endpoint product management at Kaspersky Lab, said that the report showed that cyber-crime is a real hazard while traveling and employees are putting confidential business information at risk.
“The insight provided by the report should be a red flag for corporate information security specialists, as the business travel behaviour we have unearthed here presents a significant corporate data protection challenge. It's now up to businesses to respond with appropriate security solutions, if they wish to protect themselves,” he said.
Carl Herberger, vice president of security solutions at Radware, told SCMagazineUK.com that many public Wi-Fi and internet connections can also be leveraged to ‘sniff' out passwords and user IDs.
“Anyone using these connections must consider them a ‘man in the middle' of a conversation. All of your user IDs and passwords should be cycled if you want to maintain a low data breach,” he said.
“Not using a VPN or better technology while browsing makes your entire session visible to the providers you are transmitting your web connection through.”
Mato Petrusic, vice president of sales at EMEA and APAC at iPass, told SC that it's important to use a password manager.
“These tools generate a new, completely random access credential each time you log in, so that even if your passwords are compromised, they won't work again for the hacker. Corporate network administrators would also do well to mitigate risk by rolling out strict authentication and authorisation policies to manage who gets on the internal network,” he said.