Information is the lifeblood of any organisation, and our not-for-profit organisations often deal with very sensitive personal information.
Irrespective of whether you are intending to work around the corner at your preferred coffee shop, in an airport lounge while waiting to catch a domestic flight, about to embark on overseas travel or to attend a conference, there are common requirements when information is being used outside of the regular office environment.
All business and social engagements present an opportunity for individuals, be they criminals, commercial entities, or even foreign operatives and political activists, to acquire information.
‘It won’t happen to me’ ... Can you be certain of that?
Intelligence and criminal entities understand the ‘value-chain’ of information, and that the best way to obtain sensitive information, is never in a straight line but rather a circuitous complex web of connections and social interactions with personnel at any level within the target organisation.
Obtaining information is about establishing ‘connections’. The nature of information surveillance and gathering is that information grows in value and sensitivity as more is obtained. No matter the level, position, time you’ve worked at a location, what you do for work or perception of your value as an employee, you can be certain that you are a starting point to obtain further information in the ‘value-chain’.
Before you travel with official information
(including information stored on mobile devices such as telephones, tablets and laptops or USB memory sticks etc.)
- Review the publicly accessible information that exists about you as an individual. Your presence on social media, public internet sites and membership lists or publications may describe where you work, and the nature of work you undertake, increasing the likelihood that you are a ‘person of interest’ and may be exposed to targeted surveillance to obtain any sensitive information or knowledge that you possess.
- Avoid using the social media features of travel organiser software (such as TripIt, Worldmate, Kayak, Traxo and the like) to broadcast your precise dates, locations and travel intentions on the web.
- Only take the minimum amount of information you require to conduct your affairs in public locations or while abroad.
- Disable or remove any feature or software that is not required for the trip. This reduces opportunity to exploit and gain access to the device.
- Disable Bluetooth and wireless capabilities and the ability to ‘auto-join’ a network.
While in public places or in transit
(bus, train, airports, planes, hotels etc.)
- Carry all sensitive information irrespective of the form (paper documents, computers, mobile devices, USB sticks etc.) on your person.
- Never check in, or leave any sensitive information unattended including in hotel room safes or in safety deposit boxes with reception.
While visiting external organisations, office premises and hotels/convention centres
- Do not plug your information assets into unknown devices (such as docking stations provided in hotel rooms and lobbies).
- Do not permit others to plug their devices into your information assets (e.g. ‘Can I just put my USB key in your machine to give you those files?’; ‘May I just charge my phone on your computer?’)
- Consider the possibility of covert listening and video recording devices in general areas, meeting rooms and conference areas. Treat your password, login and on-screen information as you would your personal banking PIN number.
When ‘Free’ is costly: Gifts, services and other enticements
Complimentary services and products offered to travellers may expose you to digital espionage.
- Public storage services offered by concierge, reception or within hotel rooms.
- Baggage and luggage handling services offered at airports or hotels.
Free USB keys, CD-Roms and software may contain malicious code which is designed to steal, harm or otherwise compromise your security. There have been examples of USB keys causing physical damage to computers too, destroying laptops.