Kaspersky Lab’s latest report shows business travellers are more likely to be mugged of valuable private and corporate data than of their travel money, and yet their indiscriminate behaviour while online, particularly among senior executives, is playing into the hands of cybercriminals.
One in five people have been a target of cybercrime while abroad, rising to almost a third (31 per cent) of senior business managers. At the same time, half of people travelling for work (54 per cent), and up to 62 per cent of senior executives, make no distinction between their behaviours when abroad, despite the fact they are a long way from the security of their work communications networks, and they are handling employers’ confidential data at work.
The study from Kaspersky Lab polled 11,850 people from across Europe, Russia, Latin America, Asia Pacific and the US. It found the pressure from work to get online is clouding the judgement of business travellers when connecting to the Internet.
Three in five (59 per cent) of people in senior roles say they try to log on as quickly as possible upon arrival abroad because there is an expectation at work that they will stay connected. By the time business travellers reach the arrivals terminal, one in six is using their work device to get online.
Almost half (48 per cent) of senior managers and more than two in five (43 per cent) of mid-level managers use unsecured public access Wi-Fi networks to connect their work devices when abroad. At least two in five (44 per cent and 40 per cent, respectively) use Wi-Fi to transmit work emails with sensitive or confidential attachments.
One reason business travellers are doing so, the report finds, is a widely held assumption their work devices are inherently more secure than private communications tools, regardless of their connectivity. Two in five (41 per cent) expect their employers to have set strong security measures. This is most pronounced among business leaders (53 per cent) and mid-level executives (46 per cent).
Twice as many (47 per cent) think that, if employers are to send staff overseas, they must accept any security risks that go with it. But a large proportion of business travellers, and particularly business leaders, are not helping with their indiscriminate behaviour when abroad.
One in five (20 per cent) senior executives admit to using work devices to access websites of a sensitive nature via Wi-Fi – compared to an average 12 per cent. One in four (27 per cent) have done the same for online banking – compared to an average 16 per cent.
“This report shows us that cybercrime is a real hazard while travelling and employees are putting confidential business information at risk. The insight provided by the report should be a red flag for corporate information security specialists, as the business travel behaviour we have unearthed here presents a significant corporate data protection challenge. It’s now up to businesses to respond with appropriate security solutions, if they wish to protect themselves.”
“At first, we recommend explaining the threat to employees, as awareness is the first step to protection. Another important countermeasure is security over unsafe networks, such as using VPN to access the corporate network, and email encryption. In addition, multilayered endpoint protection should be implemented, including anti-malware, exploit prevention, host-based intrusion protection and firewall, URL filtering technologies and installation of the most up to date software and system patches. When you are out of your corporate network perimeter, the most efficient, and often the only protection applicable, is that on your laptop or mobile device”, said Konstantin Voronkov, Head of Endpoint Product Management at Kaspersky Lab.