Foiling Cyber-Spies on Business Trips

Foiling Cyber-Spies on Business Trips


Multiple microphones in a conference center, for instance, can be recording constantly, and those recordings can be fed into natural language processing software trained to flag certain words and report those conversations. “It’s not just a guy with headphones listening in the next room anymore,” Ms. Ravich said.

Communicating over the internet while overseas can be especially fraught, said Nicole Miller, an independent consultant in San Francisco who helps companies communicate with employees and customers on cybersecurity issues. “Assume any data, any information you transmit can be taken by a hacker, nation-state or another business,” she said. “These are not pedestrian tools they are using. They are extremely sophisticated.”

Physical security of phones, tablets and laptops is as important as cyber protection, Ms. Miller said. “Don’t leave your laptop or papers in your hotel room when you go out,” she said. A hotel room safe should not even be considered secure.

Ms. Miller said she advised travelers to create complex passwords for their devices and all of their online accounts, to use two-factor authentications whenever possible and to avoid plugging other people’s USB drives or other external hardware into their computers.

Laptops should also be wiped clean of any data and software at the end of the trip, she said. “Your device could have been altered, your data could have been altered,” without your realizing it, Ms. Miller said.

Sometimes circumstances beyond travelers’ control expose their information, as when customs officers in another country seize a person’s device and copy its contents, she said. “That’s why any information not absolutely required for a trip should remain at the office,” Ms. Miller said.

“And don’t tell your colleague about your great meeting while you are in the back of a taxi or in a restaurant,” she said, because you never know who is listening. Some businesspeople at a foreign conference go so far as to wear buttons telling people not to speak out loud about their intellectual property.

Stanford University and Microsoft are among educational institutions and companies that supply comprehensive precaution and instruction lists to their employees who travel abroad.

Maureen Sharma travels regularly to Asia as part of her work for Mullally International, a small product development company in Seattle. Some unsettling incidents, she said, have made her more cautious when she travels abroad.

“I often get more spam and strange emails that look like they are from me with attachments,” when returning from her business trips. Once, Ms. Sharma said, she received an email that looked as if it were from a Chinese factory she was working with, asking her to send the next payment to a new bank account. “Luckily, I called to confirm, because the factory had not sent that email,” she said.

Ms. Sharma said she makes sure never to bring sensitive information on her laptop and changes all her passwords every time she returns home from any trip abroad.

The same risks may apply to businesspeople staying in hotels in the United States. When the Chinese company Anbang purchased the Waldorf Astoria in New York, President Barack Obama stopped having meetings there over cybersecurity concerns. Business, military and government information is being targeted for industrial espionage, said Evan Anderson, chief executive of Invnt/IP, a group dedicated to combating nation-sponsored intellectual property theft, who writes about intellectual property security for the Strategic News Service website. “So shouldn’t we take the same precautions at home as we would abroad?”

Mr. Anderson said he created a map of Chinese-owned hotels around the world in 2016 and was surprised by how many they were, including some in Silicon Valley where technology companies hold meetings. “Most people don’t realize that an individual Four Seasons hotel, Ritz-Carlton, or many other brands can be owned by a Chinese company with close ties to the Chinese government,” he said.

Of course, listening, spying and hacking can happen no matter who owns a hotel or where a meeting is. “The internet has no borders,” Ms. Miller said. “You could be hacked in another country or the U.S., and you have no idea where that person is.”

Ms. Ravich agreed. “There is a glaring disconnect between how critical this is, and how seriously people take it,” she said. One reason is that the theft of information, data or plans may go unnoticed, unlike the theft of a physical laptop. It is also hard to connect a cyberattack on a company to a specific trip taken by a specific employee.

Companies need to place better controls on the hardware they issue, like laptops and cellphones, Ms. Ravich said, so the devices automatically send only encrypted data, require strong passwords and use cellular connections rather than the local Wi-Fi. To really improve or “harden” cybersecurity for business travelers, she said, companies need to take human behavior out of the equation.

Source link

About The Author

Related posts

Leave a Reply

%d bloggers like this: