6 Critical Things to Know about Mobile Device Security when Traveling Abroad
The hazards of international travel have been well documented over the years. The World Health Organization estimated in 2012 that more than 900 million international journeys were taken. With such a colossal number of international travelers crossing borders, the risks to health and safety are equally massive. To this end, the U.S. Department of State maintains a website dedicated strictly to international travel to prepare citizens for safe journeys abroad.
Travel.State.Gov informs citizens of “conditions abroad that may affect their safety and security.” The department they oversee, the Office of American Citizens Services and Crisis Management or ACS, lists all the global emergencies and crises to be aware of, and travelers can search known issues by country or area. Travel.State.Gov even has a “worldwide caution” ticker that lists current travel alerts. Today, for instance, there are travel warnings for the Philippines, Kenya and Egypt.
Through the ACS, international travelers can register for the Smart Traveler Enrollment Program (STEP), which sends up-to-date alerts to them, and most importantly informs the U.S. Government of citizens’ whereabouts in the event of a civil crisis or natural disaster. During the aftermath of the devastating earthquake in Haiti, ACS and STEP was responsible for evacuating nearly 17,000 U.S. citizens from the ravaged island.
In ACS’s Tips for Traveling Abroad you can find helpful information on “how to have a safe trip,” and it is here that the agency asks travelers to register for STEP for information, and to plan accordingly for a safe journey. Also, found here are items like customs and import restrictions, traveling with pets, where to receive mail, health tips, passport requirements, consular assistance and even “death abroad.”
The State Department and ACS provide a wonderful service for us citizens, truly a wealth of information for the international traveler. But what is most glaring to me as an information security (infosec for those of us in the industry) professional, is the lack of information on how to protect your data while traveling overseas. Depending on who you are and the organizations in your data network (social media, email, corporate network connectivity), data protection might very well be a matter of national security. And if yours is not a national security role, certainly even the most entry-level employee has access through their mobile devices to networks that host some of the most valuable intellectual property on the planet.
The Economics of Stealing your Data
Data protection awareness, you might ask, is most surely handled at the organizational level from the infosec professionals employed by these international companies whose people are traveling abroad, right? The answer to this question might surprise you. Few “security aware” organizations understand the threats of mobile device intrusion, and the consequences to their respective organizations. These security aware organizations understand the value of the contact data and intellectual property on smartphones and tablets that malicious organizations abroad want to steal so badly.
Next time you are in a coffee shop overseas for a delicious espresso and croissant and login to their WIFI, understand this: That coffee shop owner can make more money from selling your data than from selling you that awesome cup of joe. And don’t think that tethering the worldwide web off your “secure” corporate mobile device with is any safer. The malicious international carrier your device just accessed wants your data too.
It is critical to understand the economics of losing your data to a malicious operator, a hacker who may even be working with the government of the country you are traveling to. Your data is undoubtedly at risk the moment you power on your device and associate it with nearly any international carrier. What is most at risk here is your organization’s intellectual property and the loss numbers are staggering:
* $1 billion theft in R&D IP at a Fortune 500 company which we assisted in a digital breach cleanup effort that wishes to remain anonymous
* Lockheed Martin: I estimate that they lost at least $3 billion in IP during their 2011 digital breaches
The US and UK not blameless in fanning the flames of large-scale mobile device compromise
Revelations on covert smartphone surveillance by the NSA and FBI have American citizens and politicians alike screaming for more privacy rights protection. And at this writing a debate wages in Congress on the legality of PRISM or if the surveillance program should be reined in. On the heels of the PRISM revelation, the Guardian newspaper announced that at the 2009 London G20 summit, a forum for the world’s 20 largest national economies, the U.K. intercepted phone and laptop communications from allies Turkey and South Africa. Many of the devices that were hacked had accessed WIFI networks at phony internet cafés that had been set up by British Intelligence.
6 Critical Things to Know about Infosec when Traveling Abroad
1. Because social media is linked to political dissent (i.e. Egypt and Facebook 2011), everyone who uses social media is a target when they travel abroad, which means…
2. Governments abroad are working alongside malicious operators to steal your data.
3. Beware the local coffee shop owner in the international country you are visiting; they can make more money from your data than they do from your retail purchase.
4. The cell tower you connect to overseas could be a malicious carrier opening your device to root-level compromises.
5. You may never know your mobile device has been compromised, until…
6. The malicious operator will attack your organization after he/she hacks your phone.
Best Infosec Practices for Mobile Devices when Traveling Abroad?
Smartphone and mobile device intrusion is a major threat to intellectual property at the organization you work for. If you travel overseas, the threat is magnified significantly. For more information and a list of steps you can take to help protect your organization from this type of network intrusion, download the IntegriCell whitepaper PRISM, the Breadcrumbs of your Political Dissent, and the Economics of International Travel with Mobile Devices.