November 13, 2015 By Christopher Burgess 3 min read

You receive word that you must go to a key technology conference in a faraway land, and your mind immediately starts processing all that must be completed between now and then. But when you first received the request, did it include a recommendation or directive to think about travel security or simply about the conference and the logistics involved? If you are traveling internationally, then you’re already getting travel briefings and are reviewing all the latest warnings from the government entities on where not to go, right? Hmm, perhaps not?

Absent a formal travel security program, it is up to you to engage and prepare yourself. In creating your own briefing, you’re going to have to infuse a healthy dose of common sense into it since it’s not unlikely that whatever can go wrong will go wrong. That’s colloquially know as Murphy’s law — a law that has never been repealed.

No Need to Be Sharing Travel Details

Unless you’re a public figure or on the public-facing agenda of the conference, there is little need to advertise to the world that you’re heading to the conference locale. The temptation is high, given the plethora of social networks (e.g., Facebook, LinkedIn, Twitter, FourSquare, etc.) that encourage you to share your travel plans. Then there are the many apps that track and retain your travel patterns, many of which come in handy when it comes time to do some travel accounting but have little or no security designed to protect you or your company.

Announcing to the world where you are going is also announcing where you will not be. For some, this matters not, but for others, would such a revelation raise the threat profile on their family still at home during the period of travel? If you wish to inform friends and colleagues that you traveled to a given locale for a conference, post those updates after your return.

Who Knows You’re There?

If you’re a U.S. citizen, registering with the U.S. Department of State’s Smart Traveler Enrollment Program (STEP) should be standard. This way the local embassy or consulate knows you are in their consular district and you will be included in any personal safety notification.

Additionally, make sure your family and/or supervisor knows your itinerary; give them a copy. For a larger company, perhaps there is someone assigned to track employees in travel mode. Why should your company be kept in the loop? In times of crisis, the government may know you are affected, but it may not have the resources that your company does to assist you.

Protecting Your Company

You’re traveling — what’s to protect? After all, the company has far greater resources than you do. The company is counting on you to do the right thing. The right thing may be to not travel with your company-issued mobile devices, but to go to the security division and be issued a sterile laptop and mobile phone for use on the road. Thus you’re reducing the risk that a lost device may cause the company’s information — trade secrets, intellectual property or personnel issues — to fall into the wrong hands.

Similarly, hosting your notes and presentations from the conference in a third-party cloud environment may not be in the best interest of your company. If it’s not approved by your company’s security team, the environment might not be an appropriate locale for safeguarding sensitive data.

Annual Travel Security Awareness Program

The individual may have influence on the existence of an employee awareness program and the content within that program. It is incumbent on every company to include a section on travel and travel security in their annual security awareness briefings and implement periodic security training.

Included in these programs should be a section that demonstrates, with visual aids, how information aggregation works and how sharing itineraries, photos or meeting characterizations may allow an unscrupulous entity to document and collate travel plans, sensitive meetings (think off-site leadership functions) or customer/client engagements.

There is no need to share everything with everyone. Your travel security and awareness training or self-briefings will go a long way toward protecting yourself and your company.

More from CISO

Overheard at RSA Conference 2024: Top trends cybersecurity experts are talking about

4 min read - At a brunch roundtable, one of the many informal events held during the RSA Conference 2024 (RSAC), the conversation turned to the most popular trends and themes at this year’s events. There was no disagreement in what people presenting sessions or companies on the Expo show floor were talking about: RSAC 2024 is all about artificial intelligence (or as one CISO said, “It’s not RSAC; it’s RSAI”). The chatter around AI shouldn’t have been a surprise to anyone who attended…

Why security orchestration, automation and response (SOAR) is fundamental to a security platform

3 min read - Security teams today are facing increased challenges due to the remote and hybrid workforce expansion in the wake of COVID-19. Teams that were already struggling with too many tools and too much data are finding it even more difficult to collaborate and communicate as employees have moved to a virtual security operations center (SOC) model while addressing an increasing number of threats.  Disconnected teams accelerate the need for an open and connected platform approach to security . Adopting this type of…

The evolution of a CISO: How the role has changed

3 min read - In many organizations, the Chief Information Security Officer (CISO) focuses mainly — and sometimes exclusively — on cybersecurity. However, with today’s sophisticated threats and evolving threat landscape, businesses are shifting many roles’ responsibilities, and expanding the CISO’s role is at the forefront of those changes. According to Gartner, regulatory pressure and attack surface expansion will result in 45% of CISOs’ remits expanding beyond cybersecurity by 2027.With the scope of a CISO’s responsibilities changing so quickly, how will the role adapt…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today