Skip to main content
ITIJ

Main navigation

  • Latest
  • Magazine
  • Service Directory
  • Awards
  • Advertise
  • Subscribe

Secondary

  • Travel Insurance
  • Company News
  • Assistance & Repatriation
  • Air Ambulance
  • Travel
  • Health
  • Hospitals & Healthcare
  • Insurtech
  • General Insurance
  • Latest
  • Magazine
  • Service Directory
  • Awards
  • Advertise
  • Subscribe
  • Travel Insurance
  • Company News
  • Assistance & Repatriation
  • Air Ambulance
  • Travel
  • Health
  • Hospitals & Healthcare
  • Insurtech
  • General Insurance

Breadcrumb

  1. Home
  2. Latest
  3. Latest Long Read
  4. Cybersecurity for business travellers

Cybersecurity for business travellers

Publishing Details

Travel Insurance

3 Oct 2022
Greg McAleer
Featured in ITIJ 261 | October 2022

Share

Circuit board

Greg McAleer from Global Guardian explains why, as business travellers hit the road again, minimising cyber risk is critical

It matters what you do, where you are, and how you are postured from a security standpoint. Cyberattacks are becoming increasingly common and destructive. The Covid-19 pandemic exacerbated this trend as much of the global workforce moved to remote or hybrid work, often on unsecure networks and devices. Today, as the world continues to reopen and business travel increases, individuals need to be hypervigilant about cybersecurity. Business travellers venturing outside the secure bubble of their offices are particularly vulnerable to cybercriminals or nation-state actors looking to steal intellectual property for financial gain, achieve a competitive advantage, or further national security interests. Ignoring the risk can have serious financial, operational, legal, reputational, and compliance implications for a company.

Business travellers venturing outside the secure bubble of their offices are particularly vulnerable to cybercriminals

Keep on reading

HMA 2022

HMA 2022 opens in Bangkok

The hospital management conference returns for its first post-pandemic live event today at the Centara Grand hotel in Bangkok, Thailand

Read More

7 Sep 2022

Editorial Team

An everywhere problem
Every company should take into consideration whether their operations – including their output, the products and services they provide, and their industry – could be exploited by an outside actor, criminal group, or nation state. I would advise companies to carefully consider where they have their crown jewels and how to keep them safe.
Companies and corporate leaders must be cautious about doing business in a country that does not respect privacy or human rights. Additionally, if the host government compels or requires companies to provide access to their systems as a condition for doing business, that raises a red flag. For example, multinational companies should be very concerned about travelling to China and doing business with Chinese companies, because it is often difficult to separate private entities from state-owned enterprises in China. 
It would give me pause to conduct business in, and travel to, any country with a totalitarian government. Additionally, while sanctions prevent business relationships with companies in Russia, Iran, and North Korea, these countries are cyber agitators that pose a significant threat. But this is not just limited to these countries. It is an everywhere problem.

The nature of the threat
Many cyberattacks are financially motivated, such as in cases of ransomware. The perpetrators of these attacks are either criminal groups, entities or individuals operating with the material or tacit support of a nation-state, or a nation-state itself. The lines between these actors are often blurred, making it difficult to accurately pin the blame for an attack.
The cyber ecosystem is expansive, and the opportunities to conduct malign cyber activity against individuals, companies, or countries are considerable. It is unrealistic and unwise for a company to operate under the assumption that it is 100-per-cent secure. That’s primarily because human error is the main driver of many cyber threats facing companies.
Intellectual property theft is also prolific among cybercriminals and adversarial nation states because it is profitable from a national security and business standpoint. Every sector can be a target, and no one is immune. Take, for example, minerals and mining. Rare earth metals are critical components in the production of chip technologies. In countries and regions with plentiful sources of rare earth metals and minerals, malicious actors who can get their hands on crucial information regarding those natural resources can shape the economic sectors that depend on it. That creates a competitive advantage for them. 
From a nation state’s perspective, it is often easier to steal defense or military technologies than to invest in the research and development needed for next-generation technologies or capabilities. There is a much greater return on investment if the technology can be stolen from a company that has already invested in its development. 

Keep on reading

Don’t ignore risk
A company that has or is seeking an operational presence in a country where the expectation of privacy does not exist or is fluid should be concerned about travelling, doing business, and conducting negotiations during visits. The last thing a company needs is a permissive cybersecurity posture or one that ignores risk. Imagine the harm an adversary could unleash on a company if they were to gain access to material non-public information.
In particular, companies well positioned in a market or producing cutting-edge or emerging technologies should adopt the proper cybersecurity posture. They should assume that other entities are trying to penetrate their electronic and human networks to obtain information that would help them gain a strategic or competitive advantage. In totalitarian regimes, there is a higher likelihood that you are a target of such attacks.
Ultimately, malicious cyber actors can strike targets anywhere in the world from anywhere in the world. And remaining vigilant and prepared should be a top priority for any company. 

Cybercriminals target the soft spots in a company’s network

How to minimize the risk
It is unwise for companies to downplay cyber threats by claiming they are not important enough to become a target. However, in my experience, no company or individual is ever too small or insignificant; every company needs to recognise that it can be a target. 
One of the most common points of failure is the fact that companies do not protect their systems at the end user. There is often inadequate investment in security and employee training on how to identify and protect against cyber threats. All it takes is a couple of missteps, bad clicks, or logging into the wrong place to heighten the risk of being breached or infected by malware or ransomware.
Cybercriminals target the soft spots in a company’s network. They will identify the most vulnerable employee or look for the easiest way to breach a company’s network. In fact, most data breaches originate a few rungs down the corporate ladder. 

  • Everyone who has access to the company’s network is a potential target. Therefore, companies must take cyber threats seriously and employ appropriate measures to secure their systems and safeguard all their employees, especially those travelling or using unsecure networks and devices. I advise clients to take the following steps in order to bolster their cybersecurity and protect against cyber threats:
  • Understand the threat: read the risk assessments of the country you are travelling to and explore enhanced security measures. Monitor the news and request briefings from security providers. Be aware of how a country treats its citizens’ human rights and privacy. A government’s disregard for these rights can adversely affect foreign companies operating in that country. 
  • Secure yourself: avoid unsecure public wi-fi networks and assume that you are being electronically and physically surveilled in certain countries. Electronic devices, particularly cell phones, laptops, and tablets, are portable and can store massive amounts of business intelligence and strategic data; that includes sensitive documents and plans, emails about mergers and acquisitions, and financial data. Use the strongest, most powerful VPN and other technologies to mask who you are, where you are, and what you are doing. Use clean phones and one-use computers. At the end of your trip, examine those devices for malicious infiltration attempts and then wipe them clean.
  • Secure everyone: while a senior executive who is travelling may require some level of physical protection, whether that is armed guards or armored cars, every employee should be protected when it comes to their cyber presence. A recent PwC Pulse survey found that 40 per cent of top US executives consider cyberattacks the largest risk companies face.
  • Don’t rely solely on insurance policies: cyber insurance policies are becoming more exclusive and expensive as the spike in cybercrime has created a surge in demand. If your plan is to rely solely on cyber insurance, I would strongly suggest you rethink that plan.
  • Think like the adversary: if your company were to target itself, what would you attack first, and how would you do it? What are your weak spots? Companies should be actively conducting tabletop exercises to enhance their security.

The gap between the velocity of technology and the velocity of business is closing. Money can be wired in seconds, global events are witnessed in real time, and malign cyber activities and criminal actions can occur just as fast. Now that business travel is resuming, the associated cyber threats are more prevalent than ever. At the end of the day, it matters what you do, where you are, and how you are postured from a cybersecurity standpoint.

ITIJ 261

This article originally appeared in

ITIJ 261 | October 2022

Read Full Issue
Publishing Details

Travel Insurance

3 Oct 2022

Share

Greg McAleer

Greg McAleer is the senior vice president of business operations and risk management at Global Guardian.

Keep on reading

Financing

Hospitals and assistance - working together

Tatum Anderson details how assistance companies and hospitals are working together in different ways in a post-Covid world

Read More

3 Oct 2022

Tatum Anderson

ITIJ Speaks with Chris Price

Innovation is the word of the day

Chris Price, Global Head of Travel for SiriusPoint, spoke to Mandy Langfield about the future of the industry, from investment in technology, to climate change concerns and the importance of…

Read More

3 Oct 2022

Mandy Langfield

EURAMI header

EURAMI accreditation update

The board of the European Aero-Medical Institute shares its latest news with ITIJ, detailing which air medical providers are demonstrating their committment to quality care in the air through undertaking…

Read More

Sponsored by EURAMI

3 Oct 2022

Editorial Team

ITIJ

Footer menu

  • About Us
  • Contact
  • Privacy Policy
  • Terms

Social

  • LinkedIn
  • Twitter
International Travel & Health Insurance Conferences

© Voyageur Publishing & Events 2023