Risk to Business Travelers’ Data Grows

Business travel is a fertile hunting ground for hackers. Sensitive company data is seldom more at risk than when employees are on the road.

The travel sector is notoriously susceptible to large scale data breaches. Moreover, new threat vectors are emerging to add to traditional ones.

Studies, meanwhile, show many employees are unaware of the risks and generally have less regard for data security while traveling.

Companies clearly need to do more to help employees understand the data protection rules of the road. It should cover everything from public Wi-Fi risks to flaws in some leading car-sharing applications.

Businesses should also ensure their employees’ mobile devices are equipped to encrypt data whenever they use digital communications while on the road. Many opt for virtual private networking (VPN) software.

A VPN establishes an encrypted tunnel to ensure remote users’ data stays secure and private while connecting with their employers’ digital resources.

Lucrative hunting ground

Few business travelers are aware of the hidden risks that lie in wait when booking flights and hotels online.

Travel companies handle a wealth of personally identifiable information (PII) from passport and credit card details to home and email addesses. This acts as a magnet for cybercriminals and fraudsters.

Even the biggest names in the industry are not immune. In 2018, hackers succeeded in accessing the payment details of 380,000 British Airways customers. 

Separately, the Marriott-owned Starwood hotel chain discovered in late 2018 that attackers had stolen data relating to around 500 million guests – including 5.25 million unencrypted passport numbers.

Other big names to report data breach incidents include United Airlines, Delta, Thomas Cook, Enterprise and Hertz.

Ride-sharing risks

Tired of queuing at a rental desk and having to return with a full tank, more and more business travelers are opting for the convenience and cost savings available from ride-hailing services like Uber or Lyft or ride-sharing apps like Zipcar or Turo.

Such alternatives to the traditional car rental companies have security risks of their own. For example, in 2018 Uber was heavily penalized for a data breach affecting millions of passengers while Lyft has been accused of letting its employees improperly access customer data.

Meanwhile, studies have exposed serious security flaws in car sharing applications. In 2018, Kaspersky Labs tested 13 popular car-sharing apps.

They found vulnerabilities that could allow cybercriminals to manipulate the software and gain access to drivers’ personal data. Such information might be then used for everything from taking a free ride, selling user accounts on the Dark Web, or even using address/geolocation information to stalk drivers.

Flawed thinking

With so many attack vectors for cybercriminals, it’s hardly surprising that the transportation industry has been victim to some of the most serious data breaches on record. Only the financial services sector has experienced worse. Yet, awareness among employees remains relatively low. 

A 2019 IBM report found only 40% of business travelers thought they would be targeted by cybercriminals while on the road.

Shockingly, 70% of Americans in the study admittted to habitually connecting to public Wi-Fi, charging devices at public USB stations and activating auto-correct on their mobile phones. All of these things can put their personal information at risk.

Safe travels

There are plenty of precautions business travelers can take to reduce their vulnerability while on the move. A good start is to avoid free USB charging points. Cybercriminals have been known to tamper with these to download data or install malware. A smartphone case with built-in charger would be a safer alternative.

Another good idea is to make sure frequent flyer/loyalty accounts are protected with strong passwords and multi-factor authentication. Turning off any connectivity settings that might be superfluous while traveling - such as Wi-Fi or Bluetooth - is also advisable.

Above all, be wary of sending sensitive information while connected to public Wi-Fi networks such as those commonly found in airports and coffee shops.  They are soft targets for attackers trying to intercept personal data.

Many enterprises provide their employees with a professional-standard VPN for this purpose.

The VPN authenticates the device for communications with corporate network services and creates a private tunnel for all digital content passing over the public Internet, effectively rendering it unintelligible to any cybercriminals or casual onlookers.

Enterprise VPNs are also designed so that IT support engineers can manage them remotely from a central control point. This capability allows them to determine what back-end services employees are connecting to with company-issue mobile devices.

In summary, data risks for business travelers continue to grow.

From breaches of travel company databases or malware lurking in public Wi-Fi to new threats following the rise of ride-sharing apps business travelers need to be constantly on their guard.

However, low-levels awareness and sloppy practices mean companies should not leave precautions up to employees alone. Businesses themselves must also take steps to keep confidential data private.

An enterprise VPN is a tried and tested method for keeping the data of traveling employees secure, allowing them to work safely while on the road without having to be consciously thinking about security all the time.