How Travel Buyers and IT Managers Collaborate to Secure Sensitive Company Data

Privacy filters can take away some of the pain related to sitting in the middle seat.

Global business travel spending reached $1.33 trillion in 2017 and is forecast to advance another 7.1 percent in 2018. As this investment continues to rise, it’s increasingly important to help business travelers protect sensitive company information while they are in transit. The cost of neglecting this risk is high, as a single data breach costs an average of $3.62 million.

Data Privacy

Travel buyers within large companies do more than negotiate supplier agreements. They set travel policies that can help reduce an organization’s risk. As such, both IT managers and travel buyers have an important role to play in data security. By coordinating efforts, they can ensure that business travelers are trained, equipped and updated on best practices to help keep personal and company information safe while traveling.

While most companies invest in IT security, a serious oversight in some companies is spending millions to protect their digital data while ignoring the threat of lower-tech hacking techniques. This risk is heightened for employees working while traveling, but it can be mitigated by educating travelers and providing resources to help protect data displayed on their screens.

The following are some measures designed to reduce the visual, verbal, digital and physical exposure of data, protecting key information and thwarting opportunistic hackers. These behaviors and tools can be incorporated into official practices and procedures by IT managers – and travel buyers can reinforce in communications.

Developing better situational awareness: Business travelers are their own first line of defense when it comes to data privacy and security. Whenever possible, they should try to position themselves in a way that limits what other people – or devices – can see, hear or record. They should consider multiple vantage points, including people above them (e.g., on balconies and upper levels) or within “zooming” distance, as well as the locations of security cameras.

Securing screens with privacy filters: Privacy filters help protect what’s on laptop or mobile device screens by blocking unauthorized side views – a particularly useful tool for travelers that spend a significant time in crowded waiting areas or in transit on planes, trains and ferries.

Locking devices when not in use: All computers and mobile devices should be password-protected as a basic security measure, but employees should be required to do so anywhere they access company information. This measure is only effective if they also make sure to lock the device whenever it is not in use – even for short periods of time.

Implementing physical locks and alarms: Physically locking briefcases and carry-ons provides an extra layer of security against opportunistic snatch-and-grab incidents. In addition, laptop alarms are available that combine software with a physical alarm attached to the device. If the device is lost or stolen, the alarm goes off loudly.

Traveling with juice-jack protectors and personal charging devices: Juice-jack protectors can be attached to the end of a USB cord to help protect against skimmers when travelers are charging their devices in public places. If possible, providing personal charging devices to frequent travelers will limit their need to use public chargers at all.

Using portable Wi-Fi hotspots and/or a company VPN: Open or publicly-available Wi-Fi leaves travelers vulnerable to numerous methods of hacking. Ideally, frequent travelers should have their own personal hotspot device to access their own Wi-Fi, but a company VPN can also provide greater protection on an open network.

Carrying a travel-only laptop: This may not be possible for all travelers or companies, but providing laptops dedicated solely to travel, with the minimum amount of data needed for each trip, offers an advantageous way to limit access to sensitive information.

By working together and using all tools at their disposal, travel buyers and IT managers can help business travelers understand and prioritize their safety and security.

Rebecca Herold, IEEE Member and CEO and Founder of The Privacy Professor® consultancy and Co-Founder of Privacy Security Brainiacs, is a leading information security, privacy and compliance expert. With over 25 years of systems engineering, information security, privacy and compliance experience, Herold focuses on helping organizations identify data risks and requirements to ensure data accuracy, safeguards, and privacy protections. Herold has also been supporting NIST information security and privacy research and standards creation since 2009. Herold has authored 19 books on a variety of topics pertaining to information security, privacy, compliance and other related topics.

Michael W. McCormick is the executive director and chief operating offering for the Global Business Travel Association (GBTA). He has more than 30 years of travel industry experience, having most recently served as managing partner of Hudson Crossing, LLC, a successful travel industry advisory business. The GBTA is the world’s largest professional association representing the $1.4 trillion business travel industry. Its global membership includes 9,000-plus business travel professionals who directly control more than $345 billion of global business travel and meetings expenditures annually.

ON DEMAND: In this webinar, Regina Lester, Vice President of Security & Safety Operations at Toledo Zoo, will share her insights on implementing security technologies in the entertainment sector and the challenges all organizations face — large and small — when it comes to balancing budget and security.