Awareness: cyber security while travelling

The vulnerability of business travellers to cyber-attack was among topics discussed at Norwegian Hull Club’s 11th Loss Prevention Committee (LPC) meeting recently (February 5 and 6, 2019).

At the gathering held in London, the committee heard from specialists at NYA - a leading security risk management and mitigation provider, as well as a strategic partner of Norwegian Hull Club. Ghonche Alavi, Information Security Consultant with NYA, drew the LPC members’ attention to the ease with which hackers can breach systems thanks to the easy availability of dedicated cyber-attack tools.

Whether the aim is extortion, to cause chaos or merely notoriety within the hacking community, the “dark web” offers a variety of easy-to-use penetration tools that require little technical skill on the part of the hacker.

Compared to being based in a company’s physical office space – with firewalls, breach-detection capability and a response plan in place – the committee heard that travelling employees are much more vulnerable to cyber-attack.  

RISK
Additionally, the physical theft of devices such as smartphones, tablets or laptops presents a real risk, particularly when travelling. Busy airports, conference centres, hotels, buses, trains and planes – all of these locations present thieves with opportunities, especially if their potential victim is tired and distracted after a long journey.

Another potential threat comes in the form of USB sticks – a common corporate gift often distributed at conferences and seminars. USB devices can, of course, carry malware. Last year, the BBC widely reported that journalists covering the summit between US President Donald Trump and North Korean leader Kim Jong-Un in Singapore were given USB-powered fans. One cyber-security expert was quoted as saying: “There’s an adage in cyber-security: if you give someone physical access to your computer, it's no longer your computer. Use an unknown USB stick and you are doing just that.”

GREATEST THREAT
NYA has said that perhaps the greatest cyber threat while travelling comes from the use of unsecured public networks. It is possible for a hacker to position themselves between you and the connection point. This means that all your information, such as log-ins and passwords, that you believe is going straight to the wi-fi connection point is actually being intercepted. The risk of infection via malware shared over such a network is also a present threat.

PRACTICAL MEASURES
So, what can be done to protect yourself when travelling? Here is a list, specially compiled for this article by NYA, of practical measures you can take to reduce your vulnerability to cyber-attack when you next travel:

Prior to travel 

  • Back up all files before your trip
  • Remove all but required files on your device before you travel
  • Remove all sensitive data on your device
  • Install strong passwords – typically no less than 8 random alphanumeric characters (mixed upper and lowercase with special characters)
  • Ensure antivirus software updates are installed

While travelling

  • Do not leave your devices unattended at any time
  • Do not connect to open / public Wi-Fi on any of your devices
  • To ensure that Wi-Fi networks are secure, first attempt to log in with the wrong credentials. If you are still able to connect to the network, you can be sure that the network is not secure -  avoid connecting your devices
  • Use a privacy-screen protector when using your device in public to avoid “shoulder surfing”
  • Do not share sensitive information over the phone, public computers, fax machines, printers or photocopiers

Upon return

  • Update security software upon return to ensure that no malicious software has been installed on your devices
  • Change all passwords

 

Norwegian Hull Club's Loss Prevention Committee convenes twice a year to share experience in loss prevention work and discuss issues of safety. It brings together senior technical and marine managers from The Club’s members who possess the necessary experience and knowledge to grapple with complex industry issues. 


4. Mar. 2019