The U.S. Transportation Security Administration's ban of certain carry-on electronic devices on inbound flights from 10 Middle Eastern airports puts two concerns top of mind: national security and the risk of fire from lithium batteries in airplane holds. What’s not being discussed, however, is how this will affect corporate security. The restrictions on what is allowed for inspection and seizure under the ban have become nearly impossible to track, putting corporate security at risk for many businesses.
In order to protect enterprise assets and information, corporate travel managers should touch base with their risk management and IT counterparts and together institute five policies and technology practices for frequent international travellers:
1. Restrict transportation of anything remotely sensitive on a laptop, mobile phone or portable media device. Any information that, if public, would compromise corporate security should not be contained on travellers’ devices. This is a common policy in place already at security-savvy organizations but should be universal now for businesses with international travellers.
2. Provide travellers with vanilla devices that can connect to sensitive information only via secure tunnels and strong authentication. Organisations should have several extra laptops on hand specifically for business travellers. They should be wiped completely clean so there is nothing to be compromised if they are lost or breached. Lightweight laptops built specifically for connecting remotely are called thin clients. And be sure to require that employees wipe or reset thin clients prior to entering and exiting customs.
3. Encrypt all devices and communications paths from top to bottom. Encrypting conceals information by turning it into a code so, if compromised, it would be meaningless to anyone who gains access to it. Of course, information can be decrypted once travelers have arrived at their destination and upon returning home.
4. Use remote desktop and other virtualization technologies. These tools can provide an at-work-like experience for travellers without costing the business too much. Latency could be an issue in faraway lands, but this is still the best way to ensure that data isn’t going to be leaked when crossing a border while still making it easy for employees to stay connected.
5. Consider a separate authentication protocol and/or procedure. A clean way to control data loss is to have the end user call to set up access after entering a new country. This access can be revoked when the employees are in transit and reestablished when they have reached their destination and returned to the office.
Regardless of what happens with the device travel ban, companies would be wise to put in place the policies and technology necessary to protect their information when employees are travelling abroad. Some of these are pretty basic security procedures already in place in many organisations. But information is an organisation’s greatest asset and the laptop ban rules are uncertain, so additional precautions should be considered to protect the company.