Be Safe: Practical Guide for Business Trips

Introduction

The protection of intangible capital has become an increasingly important concern for businesses:

commercial or strategic data
search results
expertise…

All these assets will normally be managed by the security policy implemented in the company. But what happens when such data moves beyond the walls of the company? Business trips involve particular danger for the information security of these types of data. Specific precautions need to be taken.

Once on the road, it is important to be aware of the risks and threats associated, for example, with the use of laptops and mobile phones.

This guide provides clear and simple guidance to reduce the risks associated with the loss, seizure or theft of business data.

The Ministry of the Economy and Foreign Trade also offers training sessions to encourage business travellers to adopt best practices in information security.

When going on a business trip, take precautions:

Before the Trip

Before going on a business trip, we advise you to familiarise yourself with the local social, economic, and cultural situation.

Travellers may also be exposed to significant physical risks abroad. It is necessary to take precautions. Visit the website of the Ministry of Foreign Affairs ‘Travel Advice’ section (safety tips for travellers).

It can also be useful to familiarise yourself with local legislation and with the entry and exit regulations. This information may be important for staying safe during your trip.

Documents

To limit the damage of loss or theft of documents or data, take only the information essential for the trip.

Whenever possible, always keep credit cards, traveller’s cheques, passports and other forms of identification in different pockets when travelling.

It is preferable to keep your passport with you at all times. It is also recommended to make two copies of the main page of your passport:

one copy to be taken on your trip, kept separate from your passport;
the second copy to be left in the country, with a trusted person.

Data

A ‘travel’ laptop is recommended, with a minimal configuration, only holding the data and software required for the trip.

Before leaving, it is important to back up your data and delete your internet browsing history, including cookies, photos and videos. You should also use strong passwords with a minimum of 10 characters.

Data protection:

Sensitive information on electronic media must be encrypted.

USB flash drives:

It is highly recommended that you save all confidential documents on a USB flash drive to be kept with you at all times.
A second USB flash drive can be used for presentations or to share documents, thus avoiding theft or loss of critical documents.

Warning: Some local laws prohibit the use of encryption software or even the importing of encrypted data. Check before you leave.

You are advised not to announce a business trip on social networks like Facebook, Twitter or LinkedIn. It is also very ill-advised to post information such as the reason for the trip, your destination, hotel, schedule, any contacts and accompanying persons on these networks.

During your Trip

During your trip, you should apply the following rules:

Always secure data by avoiding leaving laptops and mobile phones unguarded. Anti-theft cables are recommended for laptops, especially when attending trade shows.
Documents that are no longer needed should be destroyed, rather than merely thrown away. This prevents them from being recovered by unauthorised people.
Business relationships: remain alert when sharing information with potential partners and ensure that your contacts can be trusted.
Mobile phones: care is needed when sending sensitive information (SMS, emails, photos, documents) by mobile phone, as it can be intercepted. The only way to protect them is to use an encryption system like ‘pgp’ for emails or ‘securetext’ for SMS.

You should also ensure the following:

Do not talk about sensitive matters by mobile phone.
Use a VoIP client via VPN in case you must have a confidential conversation.
Do not leave your mobile phone unattended.
If you must leave your mobile phone unattended, remove the SIM card, memory card, battery, and keep them with you.

Detect manipulations

During your trip, you should learn how to detect manipulations. Thieves often simply replace one device with a similar one so that the theft is not immediately apparent. It is advisable to place a distinctive mark on all equipment. This way any theft will be noticed immediately.

Protect confidentiality

Hotels and taxis offer no guarantees: confidential conversations should be avoided in these places. Equipment or documents containing sensitive data should not be left in hotel safes. Likewise, be aware that communication networks in public places, hotels or business centres are likely to be monitored.

How to deal with theft

If you have to deal with such a situation, immediately list what has been stolen and file a complaint with the local police authorities.

Also, inform your employer and your IT department if computer equipment and/or media containing confidential information have been stolen.

Contact your insurance company and declare the theft against you, and immediately instruct your bank to cancel your bank cards.

Inform the embassy or consulate of your country if your passport has been stolen.

After the Trip

Did you adhere to all the security instructions before and during the trip? Well done. On your return, a final check-up is required, along with some precautionary measures:

start with an inventory of all your data and removable media;
report any security-related matters during your trip involving you or one of your colleagues to your management;
before logging into your electronic equipment (computer, USB flash drive, external hard drive, CD/DVD) on your company’s internal network, have it checked for any malware by your IT department.
Completely wipe your trip computer in preparation for your next trip.
Change any passwords used during the trip.