Business executives who are keepers of secrets of the company are high-priority targets for cyber espionage. Especially, when traveling, precautionary measures – including those outside the world of IT – are essential, and they must be accompanied by an awareness of operational security (OPSEC).
Kaspersky, a global cybersecurity company, is increasingly focusing on improving broader IT security awareness, for example by improving the skillset of business travellers on how to protect critical data and fending off attacks of a physical nature. Keeping with the example of hotels and business travellers, there are numerous potential sources of danger on such trips that managers should be aware of.
Kaspersky was able to discover in a one-week test on inter-city trains that business travellers aren’t protective enough of corporate information. Picking up on a colleague’s name can be all that’s needed to create a business e-mail address and then use it for phishing attacks.
Marco Preuss, Director GReAT Europe, Kaspersky, reminds that in South Korea, the DarkHotel campaign uncovered by experts from Kaspersky back in 2014 drew attention to the fact that guests in certain luxury hotels had been spied on for years with the help of the hotel’s WiFi, which had been tampered with. According to media reports, over 1,600 guests in 42 rooms at 30 smaller South Korean hotels were also spied upon with miniature cameras up until early 2019. Unfortunately, the secret use of cameras – for example in women’s toilets – appears to have become common across the country.
Still, international trips are a necessary part of doing business. Marco Preuss, Director GReAT Europe at Kaspersky suggest taking measures for safe business trips:
- Restrict electronic communication to absolutely necessary things. While connecting to public WiFi, such as in airport lounges, use a VPN and encrypt messages to secure confidential data.
- Use «SyncStop» adapters while charging a device to avoid uploading malware while using USB cables.
- Carry less electronic equipment with you. It is better to take a separate travel notebook and smartphone containing as little data as possible. Do not place stickers indicating where you work on your devices.
- Remain as neutral and as cooperative as possible when dealing with border security service so not to have your belongings confiscated.
Speaking about physical threats, Kaspersky strongly recommends the following:
- Recognise a two-way mirror using the «finger spy test»: if, when you touch the mirror, your finger and its reflection touch, then this is a spy mirror.
- Turn on the tap or loud “white noise” sounds from the internet – it will help combat eavesdropping.
- Pick up infra-red lights from hidden miniature cameras or their electromagnetic signals – you can see the little LEDs on the phone’s camera screen or hear them as interference during a call when you are close to a camera. Infra-red lights from hidden miniature cameras or their electromagnetic signals can also be picked up using your mobile phone – you can see the little LEDs on the phone’s camera screen or hear them as interference during a call when you are close to a camera.
- Do not store electronic equipment in hotel rooms and their safes – it would be better to prevent tampering by placing the equipment in special protective sleeves that cannot be opened without leaving a trace. The “boot_check” script from one of Kaspersky’s experts will also help to uncover any “evil maid” attacks.