Global business travel spending is expected to recover to its pre-pandemic levels, according to a study conducted by the Global Business Travel Industry.
However, with the convenience of travel comes heightened cybersecurity risks.
As business travel takes us away from our familiar work and living environments, it exposes us to additional threats stemming from an external environment over which we have no influence or control.
An iconic example of such risks is USB-powered devices.
Business travelers are systematically exposed to a range of USB-powered devices, including charging stations at airports and hotels, as well as USB giveaways such as thumb drives, electric fans, and computer mice distributed at conferences. All these seemingly innocuous devices have the potential to pose significant threats to organizations.
These devices all pose inherent threats to an organization, as USB devices have the capacity to automatically transmit malware to a computer upon connection, without any user intervention. Moreover, these devices can serve as tools for stealing proprietary information and customer data, including sensitive personally identifiable information (PII). Additionally, the loss or theft of USB devices, such as thumb drives, during a business trip might put them in the hands of unauthorized people, possibly resulting in data breaches and violations of privacy laws, such as the GDPR.
So, how can we effectively mitigate these risks while maintaining the flexibility to use USB storage devices when necessary? 👇
Consider implementing the following best practices to safeguard your sensitive data while on the move:
📄 Develop a comprehensive business travel security policy that provides clear guidelines for safeguarding the confidentiality, integrity, and availability of proprietary data in a travel setting.
⛔ Restrict access to USB storage devices, allowing only corporate-managed USB thumb drives available upon request with valid justifications. Additionally, strongly advocate for the use of secure, cloud-based storage solutions as a preferable alternative for data transfer, reducing the dependence on USB drives and mitigating associated risks.
🔐 Protect data on USB storage devices by encrypting it. This ensures that even if the drive is lost or stolen, unauthorized users cannot access sensitive information without the encryption key.
👨💼 Educate your employees about the risks associated with USB storage devices and USB-powered devices. Emphasize the importance of never plugging in untrusted USB drives and reporting any suspicious findings.
💻 Supply employees with relevant materials such as whitelisted and encrypted thumb drives, as well as charging equipment, prior to traveling. This reduces the need for employees to purchase and use non-corporate, untrusted equipment.
🛡 Implement robust endpoint security solutions such as Microsoft Defender for Endpoint. These solutions enable you to whitelist specific USB storage devices and effectively detect and prevent malware execution when a USB drive is inserted into a computer. Given that USB drives can transmit malware without the user intentionally launching an executable file, it is crucial to disable autorun and autoplay features in your operating system.
🚨 Establish clear protocols for reporting lost or stolen USB drives. Ensure that employees understand how to promptly report incidents and the steps to take in mitigating potential data breaches.
By taking these precautions, you can help protect your organization’s sensitive data and maintain a secure business environment even while on the go.
Safe travel !