Martin Lee | Leader | EMEA | Cisco Talos | mail me |

Business travel fuels growth for many South African companies, driving expansion through new connections, sealing deals, and unlocking opportunities in diverse markets. However, data reveals a significant cost associated with these trips.

From August to October 2023, companies typically spent R15,138 per domestic trip and R34,943 per international business travel. These high costs highlight the critical need for companies to ensure their employees are safeguarded against cyber threats.

Cyberattacks targeting business travellers can lead to hefty financial losses, further impacting a company’s bottom line. However, according to our recently released Cybersecurity Readiness Index, only 5% of organisations in South Africa are classified as having a mature level of cybersecurity readiness, indicating a significant gap in protection against cyber threats.

Technology allows us to make the most of time away from the physical office like never before. Unfortunately, criminals can ruin what should be a productive time. Being aware of common attacks and how to defeat them helps us stay secure and focus on our business objectives without worrying about security.

Physical security

When travelling with a device employees must make sure that they have taken a back-up, uploaded any confidential information to secure storage and removed it from local storage. They should also have alternative access to critical functionality, such as access to 2-factor authentication requests if their phone is lost or stolen.

When travelling it is also important to keep the devices securely out of sight. Employees must be aware of their surroundings when using devices as thieves are adept at snatching devices in busy areas, and sneakily spiriting them away when attentions are elsewhere.

Public Wi-Fi versus mobile data

When travelling there is always the temptation to save on data roaming charges and allowances by joining public networks/Wi-Fi. However, it may be worth considering paying the extra tariffs to keep data safe.

Shared public networks may be shared with dubious characters, or an apparently free to use network may be a malicious decoy network set-up to dupe the unwary.

A criminal snooping a network can steal cookies or session tokens to gain access to confidential services. Network traffic from financial or private apps can be intercepted or modified. Alternatively, an attacker may create a man-in-the-middle attack to impersonate a key system while intercepting and modifying data.

Hotel and accommodation security

It’s worth applying a few extra precautions while in unfamiliar locations when it comes to security and privacy. Travellers must remember to log out of any devices such as Smart TVs, and not to store any credentials.

Otherwise, subsequent guests may be able to access their accounts. They should also be aware that room keys may have been cloned or stolen. Therefore, they mustn’t leave valuables or devices unsecured even in an otherwise locked location.  Similarly, respectable networks provided for guests may be being shared with dubious characters or may have been tampered with by previous guests to harvest credentials or session tokens.

When booking accommodation, the business or employee must double check that the booking site is the genuine article and not a cloned site that will take your money, but not provide a valid recognised booking. Never agree to pay for accommodation outside of the official booking mechanism as you won’t have any recourse to get a refund if the booking is fraudulent.

Conferences, meetings and events

Business trips often involve attending conferences and meetings. Travellers must be cautious with their devices at these events as criminals can swiftly steal devices or upload malware. They should avoid handing their device to strangers for photos.

QR codes are also common but can be replaced with malicious ones. Employees must verify the authenticity of QR codes before scanning and avoid offers that seem too good to be true, especially if they require personal details.

When business travellers are out of secure network environments, it’s crucial that they stay aware of their surroundings and practice good cybersecurity hygiene to ensure a secure and productive business trip. Their vigilance can make the difference in protecting company data and maintaining peace of mind on the road.

Related FAQs: Business travellers cybersecurity risks

Q: What are the main cybersecurity threats faced by business travellers?

A: Business travellers often encounter cybersecurity threats such as data theft, phishing attacks and insecure public wireless networks. These threats can compromise sensitive information, including personal data and passwords, especially when using public charging stations or connecting to unsecured wi-fi networks.

Q: How can business travelers protect their devices from cybersecurity risks?

A: Business travellers must implement cybersecurity tips for business, such as using a virtual private network (VPN) when accessing public wi-fi networks, ensuring their operating systems and apps are up to date, and using strong, unique passwords for their accounts.

Q: Is it safe to use public charging stations while travelling?

A: Public charging stations can pose security risks, such as data theft through malicious USB connections. Business travellers should avoid using these stations or use their own chargers to minimise exposure to potential cybersecurity threats.

Q: What precautions should be taken when connecting to hotel wi-fi networks?

A: When connecting to hotel wi-fi networks, business travellers should always use a VPN to encrypt their data, avoid accessing sensitive information and ensure their operating system’s firewall is activated to protect against unauthorised access.

Q: How can travellers ensure their laptops are secure during business travel?

A: To secure laptops during business travel, users should enable full disk encryption, use strong passwords and keep their software updated. Additionally, travellers should avoid leaving laptops unattended in hotel rooms or public areas.

Q: Are smartphones at risk during international travel?

A: Yes, smartphones are at risk during international travel due to potential cybersecurity threats, such as hacking or surveillance. Business travellers should use strong passwords, enable two-factor authentication and be cautious about connecting to unfamiliar wi-fi networks or hotspots.

Q: What should business travellers know about Bluetooth security risks?

A: Business travellers must be aware that Bluetooth connections can be vulnerable to unauthorised access. To enhance security, they should disable Bluetooth when not in use and only connect to trusted devices.

Q: How important is travel risk management for business travellers?

A: Travel risk management is crucial for business travellers as it helps identify, assess and mitigate potential security risks during travel. This includes being aware of cybersecurity threats and implementing preventive measures to protect sensitive data.

Q: What role do hotel business centres play in cybersecurity?

A: Hotel business centres can present security risks, as they often use shared computers and unsecured networks. Business travellers should avoid accessing sensitive information on these devices and opt for their own work devices whenever possible.

Q: How can business travellers protect sensitive information when using public wireless networks?

A: To protect sensitive information when using public wireless networks, business travellers should always use a VPN, refrain from accessing sensitive accounts and ensure their operating system and antivirus software are up to date to prevent data theft and other cybersecurity threats.