It’s that time of year when people are packing those flip flops and shorts to enjoy their summer holidays or simply take time out of the office.
If you’re going abroad – depending on where you go – there are data protection laws that you have to comply with when collecting or processing (i.e. accessing) personal data that is used in a commercial capacity (i.e. customer, employee or business partner emails for example). You don’t know who is monitoring the internet access in the location that you are in. If you’re taking paper documents with you then how do you know who has access to your hotel room? What controls are in place to prevent access to personal information that is on a portable device that you’ve left in your hotel room whilst you were out on the beach?
If you’re checking emails and need to respond to one that cannot wait until you return or is labelled “urgent”, and you’re using free wifi access, then this poses a significant risk as these networks can be particularly vulnerable.
Even if you’re not checking emails and you use your device for work and personal use, and you happen to be browsing websites when a pop-up appears on your screen (and you don’t recognise the language but feel compelled to click the green button or tick the box) this could lead to malware being installed that could lay dormant for days or weeks and then when you’re back home could activate the malware so that it now affects your home network or even the company network and possibly grant unrestricted access to the hacker.
Techniques such as “Phishing” are becoming increasingly common and even more sophisticated, so if you’re asked by customs or a government official to hand over your device for examination, it is likely that they will require access to the device and its contents before they approve your entry to their country.
So, what can you do to prevent a situation from occurring that might lead to a compromise of personal data whilst you’re on the beach supping that 6th/7th/8th(maybe you’ve lost count) Pina Colada? Here’s a few tips to help you get started:
- The obvious advice is don’t take work devices with you if you don’t need to.
- If you do have to take the device, make sure that any information relating to work or personal data of employees, customers, business partners is removed from the device (you can uninstall work applications and email accounts and re-install when you return).
- Do not open files or attachments from people you don’t know and do not click on links in emails from unknown senders.
- If you have to have personal information and records that include personal information on your device whilst on holiday, make sure you complete a full backup and leave it somewhere safe (in the office perhaps?) before your leave, in case the data is lost during your vacation.
- Depending on the level of sophistication of your IT infrastructure, you may want to run your device in a virtual environment whilst you’re on holiday, as that will ensure that any issues or viruses are contained within the virtual environment.
- A password management policy should already be in place within your organisation but if it isn’t then it is worth changing your passwords for when you’re on holiday, and changing them back when you return (or even better – change to new unused password).
- If you don’t need to have your Bluetooth or wi-fi on, then turn it off!
Martin de Bruin, CEO suggests that you do not leave your device unattended at any time:
“Whilst the lure of another cocktail as you’re sat by the pool or sea running on ice-cubes and are in urgent need of a refill might seem appealing, keep your device with you! Also, if you lose your device or if it’s stolen you will need to report it immediately to your employer and company Data Protection Officer, stating exactly which customers’ information was accessible on the device and/or employees or business partners personal data as well. It may require a notification to the Information Commissioner’s Office or even to the users whose data has been affected.”
For further information or advice on how to creating and implementing appropriate policies around information security and data protection or device management for your organisation, contact firstname.lastname@example.org today.