Travelling for business usually means dragging along one or more of your devices into some or other unknown or high risk jurisdiction. The longer the trip is, the more likely some compromise will occur.
So, how about taking a few sensible precautions before travelling. Here’s a fictional account of some best practice in action, starring our two-person team, Ima Risk & Bee Wary:
Ima & Bee both heard about the trip on the same day, they would be travelling together to Moscow for a trade fair. The brief was to come back with some news of the market, current competition & any big changes in designs.
After the trip announcement, over a mug of coffee, Ima asks what sort of presents he ought to bring back for the kids. Bee says he should better worry about what he does and does not take with him, and not to worry about what to come back with, just make sure it’s not a virus.
By the time they meet at the airport on the outward journey, Bee has fully checked out the risks of being in the Russian Federation on business, in particular he noted that all forms of monitoring and retention are legal there; so he planned ahead and took the necessary precautions right up front. The company had a pool of temporary-use laptops and phones, with two weeks notice he easily got one of each. The laptop had been scrubbed and had a virgin installation on it, he did find a company cd in the drive, so left that in the office before travelling.
Ima was there with only his personal cell phone and his regular laptop, the one with a distinctive company-logo sticker covering up the Apple logo. Bee asked if he had backed up the machine to the network before leaving work last night. “Nah, common’ Bee, the machine’s less than a year old” was Ima’s only response.
Bee guessed that Ima hadn’t even connected to the network for patches & updates recently.
That’s when Bee launched into his security rant… (we summarise Bee’s points here)
1) Think it through before you go anywhere..get a little paranoid
A) get informed
B) get prepared
C) watch a few spy films to get yourself in the right mindset
D) download and install everything you think you will need BEFORE the trip
2) Don’t just worry about company stuff, worry about your own ID, credit cards, thumb drives, DVDs, phones etc., e.g. if you aren’t going to be driving, don’t bring your driving license.
3) Switch off any blue tooth services that normally auto connect to stuff and hand out your address book for free. Best still, disable blue tooth entirely.
4) Many banks have a pre-fill site to warn them that you are travelling to an unusual location, this may prevent the bank automatically blocking your card as a security measure on behalf.
5) Most hotel wifi is safe enough if you use a vpn too, but be aware that using vpn technology is itself illegal in some places.
6) If you haven’t brought a thumb drive with you, then you can’t lend it out and get something nasty back.
7) Keep your laptop with you all day and lock it in the hotel safe before going out in the evening (hide the battery else where in your room).
8) In meetings where secrecy is required, remove batteries from phones (or place the phone in a metal shielding sleeve)
9) When you contact your loved ones and colleagues at home, do not discuss work stuff in any detail.
10) Use an encrypted email service over vpn (eg. protonmail.ch)
11) If staying for a long trip, get a local pay as you go phone, you can receive at no cost & have some anonymity later.
12) Some links for you:
Scheiner on trip to China:
Another extreme way — make sure, you can’t use the laptop yourself, until you get a trusted key again.
On disk encryption: