This is the fourth in a series of articles on information security. The first article in the series dealt with Simple Steps to Help Keep Your Data Safe and was followed by Thoughts on the Rise of Tablet Computing and the associated security concerns. The third article covered Keeping and Using Sensitive Customer Information and ways to keep it secure. This article is a follow-up to the prior discussion on traveling with technology assets, especially abroad.
As more and more companies continue to expand their global presence, lawyers are often called upon to travel internationally to negotiate and otherwise support these business transactions. Similarly to traveling domestically, there are certain basic things that all lawyers and other employees of companies can do to help keep technology assets and sensitive company information secure. However, international travel presents its own challenges with respect to information security.
It is well known that certain countries present a heightened risk with respect to information security, particularly in very sensitive transactions and negotiations. As such, lawyers should be extremely vigilant when traveling with their laptops or other communication devices such as smartphones, as these usually contains a treasure trove of information regarding the company’s position with respect to transactions and negotiations.
Additionally, lawyers should always remember that some of the information contained on these devices may be privileged. In light of these increased sensitivities, there are certain basic things that a traveler can do in order to minimize the risk associated with unintended data loss or theft.
These precautions include, but are not limited to:
- Never leave your laptop or your smart phone unattended. This includes never locking your laptop or your smartphone in your hotel safe. It is well know that in-room safes can be accessed by hotel staff with the end result being access to your technology devices by unknown actors.
- The same applies for hotel lockboxes and hotel safes in the lobby. These also can be accessed at any time by hotel personnel or by foreign intelligence operators and provide no security for your technology devices.
- If you must take a laptop when traveling, always use encryption to protect sensitive files and perform regular backups to ensure that you suffer no loss of vital information in case of theft.
- Always install some form of remote wiping software on your laptop and smartphone.
- Do not use hotel Wi-Fi or other Wi-Fi access points to receive or transmit data. These Wi-Fi points are notorious for data theft and present an easy avenue for malicious actors to intercept your data and/or other transmissions.
The best course of action is to take as little sensitive information as possible when traveling overseas. As stated previously, all technology assets should remain in your possession at all times. This includes any other types of media such as flash drives or other computer disks.
At the U.S. Border
While information security is usually a top concern when traveling overseas, it is worth noting that data loss or theft can occur at the U.S. border. Very few business travelers are aware that the agencies of the Department of Homeland Security have the right to search and seize laptops and other electronic devices at the nation’s border.
According to recent statistics, from Oct. 1, 2008 through June 2, 2010, more than 6,500 people have had their electronic devices seized and searched when crossing into or out of the United States at the U.S. border. Nearly half of these search and seizures involved U.S. citizens.
Additionally, in 2009 the Customs and Border Protection Agency ran more than 2,200 searches of digital media, including laptops. Under the agency directives for the Immigration and Customs Enforcement Agency, searches are allowed absent any individualized suspicion and agents can confiscate a digital device for up to 30 days without any supervisory approval. Under Customs and Border Protective guidelines, agents can keep a device for up to five days without any further approvals.
Given that laptops or other digital devices are subject to search and seizure at the U.S. border without probable cause of suspicion, it is prudent that business travelers, especially lawyers, carefully think about what information is absolutely necessary for their overseas travel.
Some of the things to consider are:
- Utilizing a “loaner laptop” system whereby anytime a traveler travels internationally, a loaner laptop is provided to that traveler onto which is loaded only the information necessary for that particular trip.
- As always, sensitive information should be encrypted with whole disk encryption being the preferred method.
- Travelers should also understand that smartphones are subject to the same search and seizure guidelines and, as such, travelers should consider whether to take their normal smartphone, which is probably connected to the company’s network, or to take a “loaner phone.” Like a loaner laptop, this loaner phone would not contain unnecessary sensitive information.
- Alternatively, travelers might consider whether to purchase or rent a cell phone at their destination so that they do not have to take their own smartphone with them. Many travel services companies can provide this type of service.
In short, international travel presents many opportunities to expand a business’ operations and revenues. However, care must be taken to insure that sensitive company information, such as business plans, trade secrets, customer lists, negotiating strategies, etc. are not unnecessarily compromised during this travel. While technology presents businesses with the capabilities to leverage their operations globally, technology also presents risks that must be mitigated, with inside counsel being at the forefront of this effort.