Aditya Luthra

Cyber security should be seen as one among many travel security threats that face organisations, particularly those with a large travelling workforce. 

Organisations can better develop defensive strategies to mitigate this risk, whether that is in the office or when their people are travelling. 

WATCH A SHORT VIDEO AND LEARN HOW YOUR PEOPLE CAN PROTECT THEMSELVES AGAINST CYBER RISKS WHILE TRAVELLING. 

Can business travellers play a part in the fight against cyber threats?

The current approach to addressing cyber threats, implemented by corporations in Singapore, is not being communicated effectively enough to its employees. A study commissioned by global travel management company CWT, found that only 27% of business travelers from Singapore said they feel very confident about not compromising their employer’s data safety when traveling. This is a significant difference when compared with an average of 35% of business travelers globally.

This presents a worry as corporate travel continues on its upward trend. Companies are adopting global business models and their travelling workforces are expanding, with corporate travel spending expected to hit US$1.7t by 2022. The continued rise in corporate travel increasingly exposes organisations to cyber threats, particularly if companies and employees do not adopt a robust approach to mitigating cyber threats specifically associated with an increasingly mobile workforce.

The latest global study by Ipsos MORI on Business Resilience Trends, revealed an alarming finding that only 33% of surveyed organisations had adequately factored cybersecurity considerations in their corporate travel policies.

Research and experience shows that business travellers face a growing threat from cybercriminal activity, from well-organised networks as well as uncoordinated attacks. As a result, business travellers face increased cyber-targeting and exposure during business travels as global digitalisation continues to advance, and reliance on technology becomes almost unavoidable.

Furthermore, even the most innocuous actions can expose business travellers to cyber security risks. For example, travellers using their laptops or phones in public spaces such as planes, airports, hotels and restaurants run the risk of unnecessary data visibility to people nearby. Risks of data breaches can also arise from the use of unsecured WIFI networks, improper disposal of documents or storing of confidential information and devices, and the usage of the same password on all devices.

There are gaps that organisations must address to protect the cyber safety of their travelling employees. Organisations with the most effective travel risk mitigation programmes adopt the widest definition of “Duty of Care”, not only ensuring that their business travellers are equipped to deal with threats to their health, safety and personal security, but also to deal with threats to their– and as a consequence, the organisations’– data security.

Given the popularity of “bleisure travel”, or travel which combines work and leisure, across all generations, this may also give rise to business travellers’ tendencies to overshare information on social media platforms and compromise their own security.

Business travellers must also take charge of their own cyber safety before, during and after their trip. There are simple measures from ensuring that software on devices are up to date and enabling multi-factor authentication for online accounts, prior to travelling. One of the common pitfalls that come with the advent of social media is the oversharing of personal information such as whereabouts of residence.

It is key for business travellers to run anti-virus scans to remove any trace of potential malware.

A congruent approach involving the management and employees, is key in thwarting any potential data compromise. Whilst a company’s technical defences and systems remain critical, the company should work with their employees on the appropriate training and preparedness programmes, to ensure that they are fully equipped to mitigate any threat in the digital domain.