Laptop ban is a cyber hygiene wake-up call
With new restrictions on travelers’ devices, it’s time to clean up security vulnerabilities
By Kevin Hyde, Special to ThirdCertainty
Earlier this year, the U.S. Department of Homeland Security (DHS) instituted an electronics ban on certain flights in and out of the United States.
As per DHS’s Fact Sheet “Electronic devices larger than a cell phone/smart phone will not be allowed to be carried onboard the aircraft in carry-on luggage or other accessible property. Electronic devices that exceed this size limit must be secured in checked luggage.”
Between this, the Galaxy Note 7 restriction (fire on a plane is bad) and other inbound safety measures, this ban is just one of many complications added to an already tricky traveling environment. What does this mean for businesses? There is much at stake, and a new normal.
Jet-setting executives and employees need to adopt protective travel habits while remaining compliant with travel measures. They are carrying personally identifiable information, trade secrets and intellectual property, which can cause exploitation or theft of assets, as well as reputational damage to the organization.
The human is the weak link, as always, and with the electronics ban in full swing, the added complications mean companies, and their travelers, must remain extra vigilant. Having to stow laptops and tablets introduces opportunities for those devices to be tampered with in an unwitting or malicious manner.
Transport companies in foreign countries collude with criminal groups, and they’re aware of the complicated travel bans. Also, hotels are notoriously unsafe, but we assimilate to them as “home” so we think they’re safer than they are. What now? Be vigilant! This effort is called cyber hygiene.
Cyber hygiene is key to ensuring the human doesn’t cause the problem. We define it as an organizational or personal practice to defend from malicious activity when using electronic devices such as a laptop or phone, whether at home, work or traveling.
These are pragmatic, basic blocking and tackling steps that people and their companies can do to minimize their risk of compromising their data or unwittingly giving access to it.
Consider these cyber hygiene tips:
Device sanitation is a best practice. No, this doesn’t mean wipe your devices with sanitizer. Sanitizing your device means to remove any unnecessary sensitive data from it before you depart. If you’re traveling, do you absolutely need to have all of those files on your device? If that device was lost or stolen, what would be the repercussions?
Have a data classification system in place. Classifying data by sensitivity is something that all organizations should be doing to manage their assets. Having a classification in place allows for businesses to implement the principle of least privilege—limiting data and information access to only those who absolutely need it. Doing so reduces a business’s footprint of its sensitive assets.
Ask vendor/service personnel for ID. Just because that luggage technician at the front desk outside the airport is wearing an airport uniform doesn’t necessarily mean that he or she works there. It’s not difficult to trick passengers into thinking that someone is an official airport employee. Ask to see their official identification before you hand them your luggage. Humans have an innate mechanism to want to trust other humans … and social engineering experts exploit that to their benefit.
The key takeaway? The old saying, “an ounce of prevention is worth a pound of cure” is alive and well when it comes to rebounding from an information security breach. Companies should have a cyber risk program and train their people to be cyber aware while on the road, keep them informed of new information security threats, and remain vigilant.
More stories related to data privacy:
Laptop ban creates skepticism about U.S. credibility—and that’s a dangerous threat
With no global standard for data privacy, laws outside U.S. differ in scope
Fair or foul? New forensics tools raise privacy concerns