Logo
Viajes de negocios

Data Security Essentials for Business Travel Admins

Jul 17, 2024
Person with laptop and coffee
Copiado al portapapeles
Compartir

TABLE OF CONTENTS:

Data security on business trips is critical, with risks such as unsecured Wi-Fi, phishing attacks and device theft. Overcoming these challenges requires expertise, and Ejona Preçi is the ideal guide.

With over a decade of experience, Ejona is a leading cybersecurity expert. The world recognises her as the Principal Manager for Cybersecurity Risk at FREENOW and President of WiCyS Germany. Ejona is a mentor, author, podcaster and keynote speaker featured in online magazines and social networks.

In 2024, she was the winner of Cybersecurity Woman of the Year which is a global award. She has also received recognition as one of the global top 40 cybersecurity professionals under 40. Ejona’s extensive knowledge makes her the perfect authority to ensure data security during business travel.

We asked Ejona for insight on cybersecurity while employees are travelling for work. Her insight will help you keep your company safe. Here’s what she said. 

What's the difference between data security and data protection?

Data security and data protection are both about keeping data safe, but they focus on different aspects:

Data security protects data from malicious threats by ensuring its confidentiality, integrity, and availability. Think of it as putting a lock on your door. This involves using passwords, encryption and firewalls to keep hackers and unauthorised users out.

Data protection encompasses more than data security. Data protection is about safeguarding personal data and ensuring compliance with privacy laws and regulations. Its main focus is on sensitive data’s privacy, availability, and integrity. 


Just as locking your door secures your home, living in a safe neighbourhood is equally important.

Following the law and respecting visitors’ privacy are crucial aspects of data protection. It ensures that personal information is handled appropriately, ethically, and in accordance with regulations

To put it simply:

Data security is about protecting data from unauthorised access or loss, while data privacy is about ensuring that data is used responsibly and legally.

What are some of the main data security risks companies face when their employees travel?

When employees travel for business, they are exposed to many security threats:

  • Unsecured Wi-Fi Networks: Travelling situations naturally come along with public Wi-Fi networks in airports, hotels, and even taxis. While open networks are convenient for business travellers, they can also be insecure and vulnerable to cyber attacks. Through open networks, the attacker can take control of a user's session and gain unauthorised access to accounts and sensitive information, intercept and alter communications, and distribute malware.

  • Malware and Phishing Attacks: When travelling, as lots of research has to be done on the go, there is an increased risk of encountering malicious websites and rogue apps. Phishing attacks can trick employees into revealing sensitive information or downloading malicious software. This risk is especially high when connecting to unsecured Wi-Fi networks or not securing other services like AirDrop and Bluetooth.

  • Device Theft or Loss: Laptops, smartphones, and all other corporate devices can be lost or stolen on a business trip. Which can result in unintentional exposure of business information as thieves gain access to company networks and applications. There is no need to steal the device, also when left unattended, there is a risk of unauthorised access to corporate devices in public spaces.

  • Shoulder Surfing: Unauthorised individuals can view sensitive information when employees use their devices in public spaces. This can occur in crowded areas such as airports, cafes, and public transportation, where onlookers can easily see screen contents.

  • Remote Work Security Practices: Remote access to corporate resources can introduce additional risks if secure channels and authentication methods are not used. Employees may use personal devices that are less secure than corporate-issued devices, increasing the likelihood of data breaches. Additionally, when on the go, employees may not follow standard security protocols as diligently as they would in the office. This includes using weak passwords, failing to use VPNs, and neglecting to regularly update and patch their devices and software. It is crucial for organisations to educate their employees about these risks and implement robust security measures to mitigate them.

What are some best practices for ensuring sensitive data remains secure when employees are on the move?

When employees travel for business, they face numerous security threats. To protect against these risks, companies can implement several key measures:

Use Secure Connections: Always use Virtual Private Networks (VPNs) to encrypt internet connections when accessing company information remotely. This ensures that data transmitted is less vulnerable to interception.

Keep Software Updated: Ensure that all devices are updated before travelling. Regular updates patch security vulnerabilities, making devices more resistant to attacks.

Avoid Public Charging Stations: Public USB charging stations can be used to install malware. Employees should use their own chargers or power banks instead to avoid this risk.

Use Privacy Screens: Provide privacy screens for laptops and mobile devices to prevent shoulder surfing. This helps keep sensitive information hidden from unauthorised individuals in public spaces.

Disable Unnecessary Services: Turn off Bluetooth, NFC, and other non-essential services when not in use. Disabling these services reduces the risk of unauthorised access to devices.

Secure Physical Devices: Never leave devices unattended. Ensure that devices are protected by encryption and switch them off when not in use. Physical security is essential to prevent theft and unauthorised access to business information.

By implementing these measures, businesses can significantly reduce the security risks associated with employees travelling for business.

Real-World Examples of Cybersecurity Threats During Business Travel and Their Management

A common cybersecurity threat encountered during business travel is using unsecured public Wi-Fi, which can lead to the interception of sensitive information by hackers. To counter such threats, FREENOW employs end-to-end encryption for all app communications, ensuring data remains secure even on compromised networks.

We also educate business travellers on best practices, such as using VPNs, and maintain robust monitoring systems to quickly detect and respond to any suspicious activity. FREENOW is dedicated to protecting data both internally and for our valued customers.

We prioritise secure communication to ensure our drivers’ and customers’ privacy and safety. Our app-to-app communication system is designed to avoid disclosing personal phone numbers. Instead, all communication is routed through our secure servers using encrypted channels. This means that when a driver and a customer need to communicate, it happens within the app, safeguarding their personal information from potential eavesdroppers or unauthorised access.

Educating employees about travel-related data security risks is crucial. What is your key advice for effectively educating travellers on this topic? 

Educating employees about the risks associated with business travel is crucial for maintaining cybersecurity. Here are some best practices to ensure your team is well-prepared:

  1. Regular Training Sessions: Conduct mandatory cybersecurity training covering prominent threats and best practices. Make these sessions interactive and scenario-based to help employees apply their knowledge in real-world situations.

  2. Awareness Campaigns: Launch ongoing awareness campaigns using emails, newsletters, and internal articles to highlight common threats. Regular reminders keep cybersecurity top of mind.

  3. Phishing Simulations: Conduct periodic phishing simulations to help employees recognise and respond to phishing attempts. This reinforces training and highlights areas needing additional education.

  4. Travel Security Guidelines: Provide comprehensive travel security guidelines, including advice on using VPNs, avoiding public Wi-Fi, and keeping devices updated with the latest security patches.

  5. Mobile Security Policies: Enforce strict mobile security policies, such as using company-approved security apps and mandatory device encryption, to protect mobile devices used during travel.

  6. Travel Assistance: Employees travelling to foreign countries may encounter situations where they are unsure how to respond. A travel assistance program should be offered to mitigate associated risks by directly supporting the traveller.

  7. Incident Reporting Mechanisms: Establish clear procedures for reporting suspicious activities or security incidents, ensuring employees know how to quickly escalate concerns while travelling.

By integrating these strategies, organisations can ensure their employees are well-equipped to handle cybersecurity risks during business travel, thereby protecting both personal and corporate data.

Summary: Ensuring data security when travelling - insights from expert Ejona Preçi

Business travel exposes employees to numerous cybersecurity threats, including unsecured Wi-Fi networks, phishing attacks and device theft. It's a constant trade-off between commodity and compliance, therefore the biggest risk is the employee and their perception and knowledge about risks. 

Ensuring data security on the road is critical to protecting sensitive information.

At FREENOW, we aim to make business travel mobility safe, reliable and seamless. Our robust security measures, including end-to-end encryption and secure communication channels, protect both drivers and customers. 

Join us as we explore best practices for maintaining data security during business travel and learn how FREENOW's innovative solutions contribute to a secure and efficient travel experience.




Copiado al portapapeles