The current approach to addressing cyber threats, implemented by corporations in Singapore, is not being communicated effectively enough to its employees. A study commissioned by global travel management company CWT, found that only 27% of business travelers from Singapore said they feel very confident about not compromising their employer’s data safety when traveling. This is a significant difference when compared with an average of 35% of business travelers globally.
This presents a worry as corporate travel continues on its upward trend. Companies are adopting global business models and their travelling workforces are expanding, with corporate travel spending expected to hit US$1.7t by 2022. The continued rise in corporate travel increasingly exposes organisations to cyber threats, particularly if companies and employees do not adopt a robust approach to mitigating cyber threats specifically associated with an increasingly mobile workforce.
The latest global study by Ipsos MORI on Business Resilience Trends, revealed an alarming finding that only 33% of surveyed organisations had adequately factored cybersecurity considerations in their corporate travel policies.
Research and experience shows that business travellers face a growing threat from cybercriminal activity, from well-organised networks as well as uncoordinated attacks. As a result, business travellers face increased cyber-targeting and exposure during business travels as global digitalisation continues to advance, and reliance on technology becomes almost unavoidable.
Furthermore, even the most innocuous actions can expose business travellers to cyber security risks. For example, travellers using their laptops or phones in public spaces such as planes, airports, hotels and restaurants run the risk of unnecessary data visibility to people nearby. Risks of data breaches can also arise from the use of unsecured WIFI networks, improper disposal of documents or storing of confidential information and devices, and the usage of the same password on all devices.
There are gaps that organisations must address to protect the cyber safety of their travelling employees. Organisations with the most effective travel risk mitigation programmes adopt the widest definition of “Duty of Care”, not only ensuring that their business travellers are equipped to deal with threats to their health, safety and personal security, but also to deal with threats to their– and as a consequence, the organisations’– data security.
Given the popularity of “bleisure travel”, or travel which combines work and leisure, across all generations, this may also give rise to business travellers’ tendencies to overshare information on social media platforms and compromise their own security.
Business travellers must also take charge of their own cyber safety before, during and after their trip. There are simple measures from ensuring that software on devices are up to date and enabling multi-factor authentication for online accounts, prior to travelling. One of the common pitfalls that come with the advent of social media is the oversharing of personal information such as whereabouts of residence.
It is key for business travellers to run anti-virus scans to remove any trace of potential malware.
A congruent approach involving the management and employees, is key in thwarting any potential data compromise. Whilst a company’s technical defences and systems remain critical, the company should work with their employees on the appropriate training and preparedness programmes, to ensure that they are fully equipped to mitigate any threat in the digital domain.
The views expressed in this column are the author's own and do not necessarily reflect this publication's view, and this article is not edited by Singapore Business Review. The author was not remunerated for this article.
Do you know more about this story? Contact us anonymously through this link.
Aditya is the Security Director– Security Solutions for the Asia Pacific Region at International SOS and Control Risks. Based currently in Singapore, Aditya leads client engagements around Asia and Australasia, developing bespoke solutions in support of organisations and managing their travel risk mitigation strategies, policies and procedures.
Aditya has overseen the team’s development of actionable intelligence to incident management teams and clients on the ground during crises and emergencies, notably during the elections and ensuing violence in Papua New Guinea (2017), the Resorts World Manila attack (2017), the Islamic State-inspired attacks in Dhaka and Jakarta (2016), in the aftermath of the earthquake in Nepal (2015) and Super Typhoon Haiyan in the Philippines (2013) and during the political turmoil in Bangladesh and Thailand (2013-14).
Aditya has a Juris Doctorate from The George Washington University Law School, where his research focused on militancy in Pakistan’s tribal belt. He also holds a Bachelor of Arts in International Studies from the University of California, Irvine.