People strongly believe that travel is an essential ingredient of long-lasting happiness. They want to open their lives to new paths of excitement and adventure, visit new places, experience new cultures, grow into better and happier individuals. Travel builds self-confidence, brings people closer, provides with new experiences and memories, breaks routine, and allows to meet people from all over the world. Travellers expect friendship, love, adventure, surprises.
Unfortunately, managers and employees of firms and organizations of the public and the private sector travelling abroad are main targets of foreign intelligence services (including but not limited to the intelligence service of the destination country), state-sponsored groups, the organized crime, even foreign businesses that exploit all opportunities to acquire sensitive or classified information.
The majority of safety and security related challenges during travel can be managed through security awareness and training, good planning, and sound security practices. Situational awareness is an important step. It gives a good understanding of the potential threats in the area within which people are travelling, the laws, customs, culture, events, and the impact all these have on personal safety and information security.
People travelling abroad are vulnerable due to the limited control they exercise over their immediate surroundings. Adversaries, including foreign governments and their agents, act on their own soil. Travellers are subject to the laws and regulations of the country they are visiting, and must understand that their citizenship will offer them little immunity.
A new cybersecurity culture for the business traveller is necessary. It refers to the knowledge, beliefs, perceptions, attitudes, assumptions, norms, values, and expectations regarding travel security. Managers and employees must be involved in the prevention, detection, and response to deliberate malicious acts that target systems, persons, and data.
During the past decades, firms and organizations of the public and the private sector have made substantial investments in physical and information security measures in their offices. Unfortunately, they have not improved much the security measures, including policies, procedures and training, for the professionals that travel for business. Travel security awareness for all managers and employees that have access to sensitive or confidential information is necessary, in order to make information security considerations an integral part of every business trip.
For many professionals, personal travel is not different from business travel. If they have access to sensitive or confidential information during their trip, they must follow the same information security rules.
We do not have a one-size-fits-all approach to travel security training. We always tailor our training programs and develop new ones to meet specific requirements. You may contact us to discuss your needs.
The program is beneficial to managers and employees working in firms and organizations of the public and the private sector, having access to sensitive and confidential information, and travelling abroad.
One hour to one day, depending on the needs, the content of the program and the case studies. We always tailor the program to the needs of each client.
Our instructors are working professionals that have the necessary knowledge and experience in the fields in which they teach. They can lead full-time, part-time, and short-form programs that are tailored to your needs. You will always know up front who the instructor of the training program will be.
Modules of our tailor-made training
- Important developments for business travellers.
- Understanding the challenges.
- Countries, competitors, criminal organizations, small groups, individuals, employees, insiders, service providers.
- Understanding hacktivists.
- Understanding the modus operandi of professional criminals and information warriors.
- Understanding espionage and business intelligence, counterintelligence principles, and risks from terrorism, social unrest, demonstrations, theft and robbery during a business trip.
Before the trip.
- Planning and Preparation.
- There are high risk countries, but there are no low risk countries.
- Who knows your travel plan? From family and business to the local embassy or consulate at the destination. Keep a document with every detail for every stage of your itinerary.
- Information about your destination.
- Familiarize yourself with local laws and customs in the areas you plan to travel. You are expected to obey their laws, dress standards, restrictions.
- Obtain specific pre-travel country risk assessments for the country you plan to visit.
- Plan your ground transportation and hotel arrangements in advance.
- Packing your bags.
- Prepare for a low-profile trip. Clothing, language, behavior, money and valuables, travel documents. Prefer culturally appropriate clothes.
- Mark your luggage labels only with the hotel address during your trip and your travel mobile telephone number.
- Take electronic devices and confidential documents in your hand luggage only. Never transport them in your checked baggage.
- Take any necessary medications with you in their original containers and keep them in your carry-on luggage (not checked baggage) during the flight.
- Take with you a doorstop. When you lock yourself into your hotel room, slip the doorstop under the door to keep intruders from being able to force the door open.
- The bring-your-own-device (BYOD) risk.
- No, you can not take your business laptop and devices with you. You need "travel laptop" and "travel devices".
- Harden the travel laptop and travel devices. Authorized hardware, software, applications. Updates, security patches and service packs.
- Add to the travel devices important contacts and phone numbers (banks, cards, embassies, diplomatic missions, home emergency numbers, destination emergency numbers).
- Understand encryption.
- Cloud security, remote access.
- Will you share in Facebook, LinkedIn, Twitter etc. your travel plans? We strongly believe you must not, especially before or during the trip.
- Travel safety and security tips.
During the trip.
-Have no expectation of privacy in hotels, airplanes, offices, or public spaces. All your words and all information you send electronically can be intercepted.
- Keep a low profile. Do not draw attention.
- Taxi, transport service, private car, rental car.
- Travelling by plane, by train, by bus, by boat.
- Special risks for women on business trips.
- Alcohol und Drugs.
- No, the hotel Wi-Fi is not secure. Wi-Fi networks are often controlled by intelligence and security services, and in all cases they are insecure.
- No, the hotel room is not secure.
- No, you must not leave your laptop or device in the room unattended.
- No, if you lock your laptop down to an immovable object with a cable lock, you do not protect your data.
- No, laptops and devices left in your room can not be considered secure anymore.
- Be familiar with the hotel lay-out.
- Dealing with Business Partners.
- Dealing with the authorities and the police.
- Do not take your passport out of your hotel. Take a copy instead.
- Your conversations in the hotel room may not be private or secure.
- Foreign intelligence services screen incoming visitors and identify persons of intelligence interest. They have agents in hotels that can monitor everything you say and do. Electronic eavesdropping is easy in airlines, in hotel rooms, taxis, and meeting rooms.
- Do not use non-company computers to log into your company’s network. Always consider any information conveyed through a non-company computer to be compromised, even if it is encrypted.
- Do not allow foreign electronic storage devices to be connected to your computer or phone. They may contain malware or automatically copy your stored electronic data. Do not use thumb drives given to you – they may be compromised.
- Deal with reputable currency exchange officials to avoid the risk of receiving and then paying with counterfeit currency.
- Do not leave drinks unattended. Someone could slip a drug into it.
- Avoid offers of sexual companionship; it often leads to a room raid, photography, and blackmail.
- Do not accept rides from strangers or new acquaintances.
- Be suspicious of an encounter with an unknown local national who strikes up a conversation and wants to practice English or other language, talks about your country of origin or your employment, buys you a drink, talks to you about politics, or uses other excuses to begin a "friendly" relationship.
- Do not bring in or purchase illegal drugs or pornography.
- Do not assist persons that are introduced as political or religious dissidents, and persons that need protection for any reason.
- Do not accept packages or letters for delivery to another location.
- What we must do, what we must avoid.
After the trip.
- Change all your passwords.
- Check electronic devices for malware.
- Report any unusual circumstances or noteworthy incidents to your business security officers.
- Your laptop and devices must be examined, to ensure they are not compromised.
Methods used by foreign intelligence services to obtain information.
- 1. Elicitation: An effort in which a seemingly normal conversation is contrived to extract information about individuals, their work, and their colleagues.
- 2. Eavesdropping: Gathering information by listening in on private conversations.
- 3. Bag Operations: Efforts to steal, photograph, or photocopy documents, devices, laptops. This could occur in your hotel room, in an airport, in a conference room, or in any other situation where the opportunity presents itself and your materials are vulnerable.
- 4. Electronic Interception: Use of devices to electronically monitor an individual’s use of modern telecommunications.
- 5. Technical Eavesdropping: Use of audio and visual devices, usually concealed in hotel rooms, restaurants, offices, cars, airplanes.
- 6. Sexspionage: Agents that use the art of seduction as a first step for a blackmail or bribery operation.
Case studies (suitable for the client).
- What has happened?
- Why has it happened?
- Which were the consequences?
- How could it be avoided?
Closing remarks and questions.
Cyber Risk GmbH
Tel: +41 79 505 89 60
We process and store data in compliance with both, the Swiss Federal Act on Data Protection (FADP) and the EU General Data Protection Regulation (GDPR). The service provider is Hostpoint. The servers are located in the Interxion data center in Zürich, the data is saved exclusively in Switzerland, and the support, development and administration activities are also based entirely in Switzerland.