Laptop ban is a cyber hygiene wake-up call

With new restrictions on travelers’ devices, it’s time to clean up security vulnerabilities

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Ear­li­er this year, the U.S. Depart­ment of Home­land Secu­ri­ty (DHS) insti­tut­ed an elec­tron­ics ban on cer­tain flights in and out of the Unit­ed States.

As per DHS’s Fact Sheet “Elec­tron­ic devices larg­er than a cell phone/smart phone will not be allowed to be car­ried onboard the air­craft in car­ry-on lug­gage or oth­er acces­si­ble prop­er­ty. Elec­tron­ic devices that exceed this size lim­it must be secured in checked luggage.”

Between this, the Galaxy Note 7 restric­tion (fire on a plane is bad) and oth­er inbound safe­ty mea­sures, this ban is just one of many com­pli­ca­tions added to an already tricky trav­el­ing envi­ron­ment. What does this mean for busi­ness­es? There is much at stake, and a new normal.

Relat­ed sto­ry: Trav­el­ing for work? Expect more search­es of elec­tron­ic devices

Jet-set­ting exec­u­tives and employ­ees need to adopt pro­tec­tive trav­el habits while remain­ing com­pli­ant with trav­el mea­sures. They are car­ry­ing per­son­al­ly iden­ti­fi­able infor­ma­tion, trade secrets and intel­lec­tu­al prop­er­ty, which can cause exploita­tion or theft of assets, as well as rep­u­ta­tion­al dam­age to the organization.

The human is the weak link, as always, and with the elec­tron­ics ban in full swing, the added com­pli­ca­tions mean com­pa­nies, and their trav­el­ers, must remain extra vig­i­lant. Hav­ing to stow lap­tops and tablets intro­duces oppor­tu­ni­ties for those devices to be tam­pered with in an unwit­ting or mali­cious manner.

Trans­port com­pa­nies in for­eign coun­tries col­lude with crim­i­nal groups, and they’re aware of the com­pli­cat­ed trav­el bans. Also, hotels are noto­ri­ous­ly unsafe, but we assim­i­late to them as “home” so we think they’re safer than they are. What now? Be vig­i­lant! This effort is called cyber hygiene.

Cyber hygiene is key to ensur­ing the human doesn’t cause the prob­lem. We define it as an orga­ni­za­tion­al or per­son­al prac­tice to defend from mali­cious activ­i­ty when using elec­tron­ic devices such as a lap­top or phone, whether at home, work or traveling.

These are prag­mat­ic, basic block­ing and tack­ling steps that peo­ple and their com­pa­nies can do to min­i­mize their risk of com­pro­mis­ing their data or unwit­ting­ly giv­ing access to it.

Con­sid­er these cyber hygiene tips:

Device san­i­ta­tion is a best prac­tice. No, this doesn’t mean wipe your devices with san­i­tiz­er. San­i­tiz­ing your device means to remove any unnec­es­sary sen­si­tive data from it before you depart. If you’re trav­el­ing, do you absolute­ly need to have all of those files on your device? If that device was lost or stolen, what would be the repercussions?

Have a data clas­si­fi­ca­tion sys­tem in place. Clas­si­fy­ing data by sen­si­tiv­i­ty is some­thing that all orga­ni­za­tions should be doing to man­age their assets. Hav­ing a clas­si­fi­ca­tion in place allows for busi­ness­es to imple­ment the prin­ci­ple of least privilege—limiting data and infor­ma­tion access to only those who absolute­ly need it. Doing so reduces a business’s foot­print of its sen­si­tive assets.

Ask vendor/service per­son­nel for ID. Just because that lug­gage tech­ni­cian at the front desk out­side the air­port is wear­ing an air­port uni­form doesn’t nec­es­sar­i­ly mean that he or she works there. It’s not dif­fi­cult to trick pas­sen­gers into think­ing that some­one is an offi­cial air­port employ­ee. Ask to see their offi­cial iden­ti­fi­ca­tion before you hand them your lug­gage. Humans have an innate mech­a­nism to want to trust oth­er humans … and social engi­neer­ing experts exploit that to their benefit.

The key take­away? The old say­ing, “an ounce of pre­ven­tion is worth a pound of cure” is alive and well when it comes to rebound­ing from an infor­ma­tion secu­ri­ty breach. Com­pa­nies should have a cyber risk pro­gram and train their peo­ple to be cyber aware while on the road, keep them informed of new infor­ma­tion secu­ri­ty threats, and remain vigilant.

More sto­ries relat­ed to data privacy:
Lap­top ban cre­ates skep­ti­cism about U.S. credibility—and that’s a dan­ger­ous threat
With no glob­al stan­dard for data pri­va­cy, laws out­side U.S. dif­fer in scope
Fair or foul? New foren­sics tools raise pri­va­cy concerns