The U.S. Transportation Security Administration's ban of
certain carry-on electronic devices on inbound flights from 10 Middle Eastern
airports puts two concerns top of mind: national security and the risk of fire from
lithium batteries in airplane holds. What’s not being discussed, however, is
how this will affect corporate security. The restrictions on what is allowed
for inspection and seizure under the ban have become nearly impossible to
track, putting corporate security at risk for many businesses.
In order to protect enterprise assets and information,
corporate travel managers should touch base with their risk management and IT
counterparts and together institute five policies and technology practices for
frequent international travelers:
- Restrict
transportation of anything remotely sensitive on a laptop, mobile phone or
portable media device. Any information that, if public, would compromise
corporate security should not be contained on travelers’ devices. This is a
common policy in place already at security-savvy organizations but should be
universal now for businesses with international travelers.
- Provide
travelers with vanilla devices that can connect to sensitive information only via
secure tunnels and strong authentication. Organizations should have several
extra laptops on hand specifically for business travelers. They should be wiped
completely clean so there is nothing to be compromised if they are lost or
breached. Lightweight laptops built specifically for connecting remotely are
called thin clients. And be sure to require that employees wipe or reset thin
clients prior to entering and exiting customs.
- Encrypt all
devices and communications paths from top to bottom. Encrypting conceals
information by turning it into a code so, if compromised, it would be
meaningless to anyone who gains access to it. Of course, information can be
decrypted once travelers have arrived at their destination and upon returning
home.
- Use remote
desktop and other virtualization technologies. These tools can provide an
at-work-like experience for travelers without costing the business too much.
Latency could be an issue in faraway lands, but this is still the best way to
ensure that data isn’t going to be leaked when crossing a border while still
making it easy for employees to stay connected.
- Consider a
separate authentication protocol and/or procedure. A clean way to control
data loss is to have the end user call to set up access after entering a new
country. This access can be revoked when the employees are in transit and
reestablished when they have reached their destination and returned to the
office.
Regardless of what happens with the device
travel ban, companies would be wise to put in place the policies and technology
necessary to protect their information when employees are traveling abroad.
Some of these are pretty basic security procedures already in place in many
organizations. But information is an organization’s greatest asset and the
laptop ban rules are uncertain, so additional precautions should be considered
to protect the company.