November 13, 2015 By Christopher Burgess 3 min read

You receive word that you must go to a key technology conference in a faraway land, and your mind immediately starts processing all that must be completed between now and then. But when you first received the request, did it include a recommendation or directive to think about travel security or simply about the conference and the logistics involved? If you are traveling internationally, then you’re already getting travel briefings and are reviewing all the latest warnings from the government entities on where not to go, right? Hmm, perhaps not?

Absent a formal travel security program, it is up to you to engage and prepare yourself. In creating your own briefing, you’re going to have to infuse a healthy dose of common sense into it since it’s not unlikely that whatever can go wrong will go wrong. That’s colloquially know as Murphy’s law — a law that has never been repealed.

No Need to Be Sharing Travel Details

Unless you’re a public figure or on the public-facing agenda of the conference, there is little need to advertise to the world that you’re heading to the conference locale. The temptation is high, given the plethora of social networks (e.g., Facebook, LinkedIn, Twitter, FourSquare, etc.) that encourage you to share your travel plans. Then there are the many apps that track and retain your travel patterns, many of which come in handy when it comes time to do some travel accounting but have little or no security designed to protect you or your company.

Announcing to the world where you are going is also announcing where you will not be. For some, this matters not, but for others, would such a revelation raise the threat profile on their family still at home during the period of travel? If you wish to inform friends and colleagues that you traveled to a given locale for a conference, post those updates after your return.

Who Knows You’re There?

If you’re a U.S. citizen, registering with the U.S. Department of State’s Smart Traveler Enrollment Program (STEP) should be standard. This way the local embassy or consulate knows you are in their consular district and you will be included in any personal safety notification.

Additionally, make sure your family and/or supervisor knows your itinerary; give them a copy. For a larger company, perhaps there is someone assigned to track employees in travel mode. Why should your company be kept in the loop? In times of crisis, the government may know you are affected, but it may not have the resources that your company does to assist you.

Protecting Your Company

You’re traveling — what’s to protect? After all, the company has far greater resources than you do. The company is counting on you to do the right thing. The right thing may be to not travel with your company-issued mobile devices, but to go to the security division and be issued a sterile laptop and mobile phone for use on the road. Thus you’re reducing the risk that a lost device may cause the company’s information — trade secrets, intellectual property or personnel issues — to fall into the wrong hands.

Similarly, hosting your notes and presentations from the conference in a third-party cloud environment may not be in the best interest of your company. If it’s not approved by your company’s security team, the environment might not be an appropriate locale for safeguarding sensitive data.

Annual Travel Security Awareness Program

The individual may have influence on the existence of an employee awareness program and the content within that program. It is incumbent on every company to include a section on travel and travel security in their annual security awareness briefings and implement periodic security training.

Included in these programs should be a section that demonstrates, with visual aids, how information aggregation works and how sharing itineraries, photos or meeting characterizations may allow an unscrupulous entity to document and collate travel plans, sensitive meetings (think off-site leadership functions) or customer/client engagements.

There is no need to share everything with everyone. Your travel security and awareness training or self-briefings will go a long way toward protecting yourself and your company.

More from CISO

Making smart cybersecurity spending decisions in 2025

4 min read - December is a month of numbers, from holiday countdowns to RSVPs for parties. But for business leaders, the most important numbers this month are the budget numbers for 2025. With cybersecurity a top focus for many businesses in 2025, it is likely to be a top-line item on many budgets heading into the New Year.Gartner expects that cybersecurity spending is expected to increase 15% in 2025, from $183.9 billion to $212 billion. Security services lead the way for the segment…

On holiday: Most important policies for reduced staff

4 min read - On Christmas Eve, 2023, the Ohio State Lottery had to shut down some of its systems because of a cyberattack. Around the same time, the Dark Web had a “Leaksmas” event, where cyber criminals shared stolen information for free as a holiday gift. In fact, the month of December 2023 saw more than 2 billion records breached and 1,351 disclosed security incidents, according to research from IT Governance — an increase of 332% and 187%, respectively, over the month of…

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today