Categories
Compliance|Research>The Hitlist

The Hitlist: International Travel

International travel is common in today’s business world.  Many times businesses assume that their standard policies can apply to any international destination.  We recently had a client contact us about traveling to their international office in a country that is typically known for lacking respect for other’s privacy.  They asked us, considering this client would be discussing corporate trade secrets and other senstive info, what precautions they should take.

We gave them a list of recommendations and explained that many of these would not make travel simple from a technological standpoint, but would provide them the most security benefit.  These recommendations are not for travel to any country, but to countries where government’s can have a pervasive nature with regard to network communications.

Some recommendations for consideration:

  • Assume that all communication will be monitored
  • Understand that some of these countries put higher priority on Intellectual Property and Trade Secrets than they do personal or financial information
  • Take a clean machine with no data – some countries may even confiscate or copy data at the border
    • Lock the machine down to the minimum amount of use possible
    • Make sure personal firewalls are set to be very restrictive
    • Whitelist applications if possible
    • Take data only on encrypted removable media – many countries such as China, Israel, and Russia have limitations on encryption tools
    • Encrypt hard drives
  • Communications
    • Do not use Bluetooth or WiFi
    • Avoid connecting to the internet at all
    • Any time you connect to the internet, make a secure connection to the US as quickly as possible using technologies that provide virtual desktops or VPN connectivity and preferably with multi-factor authentication if allowed.  If VPN connections are not allowed in a particular country, plan on limited to no use of the internet.
  • Make sure mobile devices are encrypted and managed with MDM – again if country restrictions allow
    • Communication should be limited, even email.  Again, assume all communication will be monitored
    • Beware if you get a certificate error while downloading anything.  This may mean that someone has brokered the connection
  • Upon return, format all electronic media that made the travel, and under no circumstance should anything be plugged back into a network

Again, these are just a few things to consider when traveling to certain countries that may have a governmental interest in data and communications.