How to Safeguard Your Data as You Travel

With Wi-Fi access at airports, hotels, and aboard airplanes, business travelers don't have to look very hard for a wireless Internet connection.

But with these public wireless hotspots becoming more prevalent, in addition to more travelers using smart phones for Web access, are business travelers putting themselves at a security risk?

The short answer, some technology security experts say, is yes. But they add that the use of Wi-Fi at these spots is no riskier than at a coffee shop.

"It's a shared medium, and if you can connect to it, someone else can connect to it and monitor your traffic," said Marty Linder, a senior member of the technical staff at the Carnegie Mellon Software Engineering Institute CERT/Coordination Center. "That has nothing to do with the security of the network. It's just the nature of the beast."

For Fran Hanna, the convenience isn't worth the risk. The sales representative from Chapin, South Carolina, would frequently bring her computer on business trips and access Wi-Fi through her hotels. Hackers tapped into her computer, resulting in inappropriate material being sent through her account.

She had to get her computer restored twice, which cost her $900. And while she still isn't sure where she was when she picked up the malware, she said the only wireless device she will bring with her as she travels is a cell phone for voice calls.

On the other hand, picking up public wireless isn't a major concern to Brian Fitzpatrick, the chief procurement officer of a technology firm in Alpharetta, Georgia, and a frequent business traveler.

He generally avoids transmitting sensitive personal or company data using these hotspots. But as he sees it, having his information stolen "is more likely to happen in some face-to-face transaction than it is even online."

In addition to open networks, experts say the physical loss of devices poses a threat for business travelers.

The combination of replacement cost, detection, forensics, data breach, lost intellectual property costs, lost productivity, and legal, consulting and regulatory expenses sets a company back an average of $49,246 per lost laptop, according to a study released in April by the Ponemon Institute and sponsored by the Intel Corporation.

However, lost laptops with encryption saved companies nearly $20,000, compared with those that did not have encryption, according to the Ponemon study. Encrypted disks safeguard data by scrambling information on them. They unlock that information only when the user enters the proper passcode.

"I don't know how many times we've heard about laptops being stolen and they have no encryption on them. And it pretty much means that the bad guys can get to your data. Immediately. They don't have to know your password or anything, they can just get to it," said Patrik Runald, chief security adviser for F-Secure, an Internet security company.

And many businesses do not yet require their employees to use passwords on their smart phones, leaving lost devices "woefully unprotected," said Pat Clawson, CEO and chairman of Lumension Security.

Tips for staying secure

Despite the potential for security breaches, there are simple steps you can take to keep yourself armed as you connect wirelessly on your travels:

• Use an encrypted disk to safeguard the information on your laptop or smart phone, Linder said, and make sure you log off of your computer when you're not using it.

In most cases, when you hibernate your computer, its memory is recorded unencrypted. "You cannot for convenience close your lid, let your computer go to sleep and believe that if someone steals your computer, your data is protected, because it's not," Linder said.

Runald recommended free software called TrueCrypt that you can use to encrypt the content on your local drive and on USB flash drives.

• Turn off your wireless and Bluetooth connections if you're not using them, said Clawson. "Those are electronic doorways into your devices. On my BlackBerry, I can sit there and scan for open Wi-Fi peer-to-peer connections. I [can] then gain access to what's in your files you may have stored in there, your contacts."

• Use an anti-glare shield on your computer to prevent others from spying, Linder suggested. With such shields, you must be face-to-face with the screen to be able to read it.

• Regularly back up the data on your laptop or smart phone, Runald said. Several companies offer backup services, but you can also save information on other computers and disks.

Even if your data is encrypted -- eliminating your fear of sensitive information getting stolen -- backing up the data will make it easy to transfer to a new phone or laptop, Runald said.

• If you lose your smart phone and don't want others to access your information, call your provider and request that the device be wiped of information, Runald said. He also suggested considering software that allows you to send a text message to your phone that will remotely wipe it and block others from accessing its content.

• To ensure that you're visiting an authentic Web site and not getting duped by a phishing scheme, some experts suggest logging onto those sites through your company's VPN connection.

But technology company CPO Fitzpatrick says he hesitates to use VPN from a public Wi-Fi hotspot: "Even though all the traffic is encrypted," he said, "if your machine got compromised in some way, it is sort of a gateway into your network."