The office on the move for corporate travellers consists of laptops, mobile phones and tablets – and a place, sometimes any place, to stop and connect.
Road warriors are used to accessing networks at the airport and in-flight, in a hotel room, lobby or business centre, logging on at conventions business spaces, and checking emails in public areas that offer wifi hotspots.
Unfortunately, the freedom afforded by greater mobility and connectivity also exposes people to an increasing array of security threats, including viruses, data breaches and industrial espionage.
The good news is heightened vigilance and simple precautions can protect business travellers from the perils of working on the road.
Network worries
When leaving the office, you’re at your most vulnerable. Logging on outside of a safe work environment essentially leaves you at the mercy of the network you’re connected to, and in terms of security, it’s usually weaker than what you left behind.
“There’s an expectation that people remain connected at all times, and therefore business is conducted in these environments. Because of that, there is a huge business risk,” says Michael Ormiston, country manager, Hong Kong, for global workspace provider Regus.
Using an insecure wireless internet connection leaves your communication open to eavesdropping. Anything sent over such a connection, including credit card details and emails, could be intercepted.
To combat such dangers, only use secured networks that encrypt the data transmitted, make sure your firewall is turned on and always use an anti-virus program.
Privacy protection
It’s not just unsecured networks that are the problem; working in public poses a different range of security risks.
Ormiston points to a 2014 Regus survey of 22,000 business travellers across some 100 countries, which polled their views on privacy.
Respondents ranked cafes (59 per cent) as offering the least privacy, followed by hotel bars and lounges (50 per cent), aeroplanes (46 per cent) and airline lounges (44 per cent).
Business travellers’ top concern was that such public places made it easy for others to sneak a peek at confidential information on laptop screens or other devices.
To avoid would-be snoopers, Regus provides private working areas in public places, including at airports, such as London’s Heathrow Airport.
“With over 3,000 locations worldwide, we operate business lounges that feature a product known as the ‘thinkpod’. It has been designed in a way where, unless you’re standing on top of someone, you’re guaranteed privacy in the work that you do,” says Ormiston.
Many airport lounges provide similar “work cubicles”, for example Singapore Airlines’ productivity pods and the signature honeycomb-style booths at the Plaza Premium Lounge.
Another option is to consider investing in a privacy screen protector. These are filters that are stuck onto device screens that effectively reduce the viewing angle, thereby preventing the screen from being viewed from the side.
Sticky problem
The USB drive poses another big security risk. These products are popular giveaways at conventions and events. Small, cheap to produce and with excellent portability, it’s no wonder they’re passed around frequently. But they may contain an unwelcome gift in the form of malware.
Malicious software delivered through USB flash drives could allow hackers to take control of a computer, infiltrate data, or spy on users.
“USBs are very well known for their ability to transfer malicious files, and these are no longer just limited to desktops and laptops, but to tablets that allow USB devices to be attached. And it is these consumer technology devices that are particularly vulnerable due to many of them being fairly new to the market,” says Dino Soepono, director of enterprise mobility Asia-Pacific at software company Citrix.
This was demonstrated by a USB firmware hack called BadUSB, which was unveiled at the Black Hat Briefings computer security conference in Las Vegas in August last year.
BadUSB was developed to show how a USB flash drive could be reprogrammed to take control of a computer, infiltrate data, or spy on the user.
The hack, created by security researchers Karsten Nohl and Jakob Lell, was capable of compromising a full system without being detected by current defences. It acts as a wake-up call for anyone that considers USBs to be safe.
Another key problem with USB devices is that they are easily lost or stolen, sometimes with dire results.
On February 18, 2014 a pharmacy staff member at Hong Kong’s Queen Elizabeth Hospital misplaced a USB drive containing the personal information of some 92 patients. The USB device was not recovered, and the embarrassed hospital reported the case to the police and the office of the Privacy Commissioner for Personal Data.
The dangers this case highlights need to be mitigated given their widespread use, says Soepono. One solution is cloud-based services, which enable users to access information stored on remote servers over the internet. But even these types of services carry risks.
In October last year, an Asia-Pacific company faced a data leakage when the files it stored on a popular free file hosting service were inadvertently leaked through the service’s vulnerabilities.
“There were a lot of data from corporations that were stored in [the host], which anyone could basically get access to,” says Soepono.
For this reason, he says companies and employees should be wary of the free consumer data storage/transfer services that are available, as they “don’t have the same security requirements as those specifically developed for enterprises”.
Citrix’s Workspace Cloud encrypts data and stores files behind the firewalls of the user company’s own servers. Soepono says it provides the efficiency of a cloud while ensuring the physical files remain onsite in a secured environment. “The beauty is that you can still manage all these files on the cloud when needed.”
Companies also don’t have to invest in a lot of infrastructure to get the service up and running.
Trojan horses
Yet more risks are posed by the growing prevalence of “bring your own device” (BYOD) to work, where employees use their personal devices in the workplace, including to access privileged information. This is a trend particularly prominent in small and medium-sized enterprises, where resources may be more limited.
Having workers’ personal devices connected to a company’s network can pose several risks, one of the biggest being the loss or theft of business-critical information, says Tony Lee, a consultant at Trend Micro Hong Kong, an internet content security company.
Photo: Courtesy of Jacob Botter
“When employees use their personal device for work-related purposes, any work-related data stored in that device could be compromised if the device is lost and/or stolen,” he says.
“A particularly malevolently inclined individual could get hold of the stolen information and either publish it online for everyone – and that includes your customers, investors and stakeholders – or sell it to the highest bidder. This could severely impact a business’ operations and finances, depending on the information lost.”
A survey conducted by hardware and software firm Oracle in 2015 found that 38 per cent of senior security decision-makers in Asia cited device security as one of the top worries when it comes to BYOD.
And the scope of the problem could be huge. A 2014 study by the International Data Corporation found that close to 155 million consumer smartphones would be used in the BYOD model across Asia-Pacific in 2015, up some 40.4 per cent year-on-year.
Lee says organisations should use common sense, as well as implement policies to mitigate the risks posed by BYOD, which could include points such as:
• Acceptable devices or operating systems to be used by employees;
• Best practices for protecting company information stored/access via mobile devices;
• Consequences for the company if data are not properly maintained;
• Other corporate BYOD guidelines specific to the individual business.
In addition to an office strategy, password protection and encryption are no-brainers for any smartphone, tablet or laptop. If stolen or lost, the data stored on devices would be inaccessible to some extent. Likewise new fingerprint recognition security features like the iPhone’s touch ID system are a step forward.
Other useful security features include the ability to remotely wipe mobile devices of data. Mac devices that support the “Find My iPhone” service can be tracked remotely and wiped in the event that the device is lost or stolen. Android devices and Citrix’s Workspace Cloud service have similar functionality.
Other tips are obvious but again worth mentioning, say the experts. Only use official platforms when downloading apps, and make use of mobile management solutions such as endpoint security software, which will monitor your devices for anomalous activity.
Apps, in particular those on Android, may seem harmless but can easily contain malicious features. Exercise caution when downloading any app, says Lee, and pay attention to the app’s name and publisher, and carefully review the app’s permissions.
ANTI-VIRUS SOFTWARE
Always use anti-virus software. Such products are readily available, and can be scheduled to run seamlessly in the background, scanning regularly for viruses and other malware. Jonathan Yeung, network engineer at DMX Technologies Group, recommends the following three anti-virus programs.
AVG ANTIVIRUS
One of the best. The free version provides full anti-virus protection, and helps you scan web links and your emails to warn you of malicious attachments. There is also a paid-for version with added security features, but the free one will do just fine.
Windows, OSX, Android
avg.com
NORTON SECURITY
A comprehensive all-in-one anti-virus software suite that development company Symantec is so confident in it will give a refund if the software or its experts are unable to get rid of a virus from your computer. For an annual fee starting at US$44.99, you get expert help from Norton technicians if you experience any problems with your devices.
Windows, OSX, iOS, Android
norton.com
MCAFEE ALL ACCESS
Priced at US$99.99, this comprehensive package
comes with unlimited licences, meaning you can use the software across all your devices. A separate mobile security package is available for iOS
and Android – and both are available for free.
Windows and OSX
mcafee.com
SIGNS AND SYMPTOMS OF viruses or INFECTIONS
Slow performance – Is your device excruciatingly slow or even unresponsive at times? Viruses eat up huge chunks of memory, which may result in slow computing.
“Blue screen of death” – A blue error screen that signifies a fatal system error on a Windows device.
Missing critical files – The loss of critical files can cause a system crash. A common symptom of a virus infection is missing core files, which you may learn about when attempting to use applications.
Error messages – An increasing number of error messages could be symptomatic of a computer virus. It’s important to determine if a malicious program is causing the errors, or whether the problem is caused by hardware. Failing hardware can lead to error messages, too.
Unfortunately, the freedom afforded by greater mobility and connectivity also exposes people to an increasing array of security threats, including viruses, data breaches and industrial espionage.
The good news is heightened vigilance and simple precautions can protect business travellers from the perils of working on the road.
Network worries
When leaving the office, you’re at your most vulnerable. Logging on outside of a safe work environment essentially leaves you at the mercy of the network you’re connected to, and in terms of security, it’s usually weaker than what you left behind.
“There’s an expectation that people remain connected at all times, and therefore business is conducted in these environments. Because of that, there is a huge business risk,” says Michael Ormiston, country manager, Hong Kong, for global workspace provider Regus.
Using an insecure wireless internet connection leaves your communication open to eavesdropping. Anything sent over such a connection, including credit card details and emails, could be intercepted.
To combat such dangers, only use secured networks that encrypt the data transmitted, make sure your firewall is turned on and always use an anti-virus program.
Privacy protection
It’s not just unsecured networks that are the problem; working in public poses a different range of security risks.
Ormiston points to a 2014 Regus survey of 22,000 business travellers across some 100 countries, which polled their views on privacy.
Respondents ranked cafes (59 per cent) as offering the least privacy, followed by hotel bars and lounges (50 per cent), aeroplanes (46 per cent) and airline lounges (44 per cent).
Business travellers’ top concern was that such public places made it easy for others to sneak a peek at confidential information on laptop screens or other devices.
To avoid would-be snoopers, Regus provides private working areas in public places, including at airports, such as London’s Heathrow Airport.
“With over 3,000 locations worldwide, we operate business lounges that feature a product known as the ‘thinkpod’. It has been designed in a way where, unless you’re standing on top of someone, you’re guaranteed privacy in the work that you do,” says Ormiston.
Many airport lounges provide similar “work cubicles”, for example Singapore Airlines’ productivity pods and the signature honeycomb-style booths at the Plaza Premium Lounge.
Another option is to consider investing in a privacy screen protector. These are filters that are stuck onto device screens that effectively reduce the viewing angle, thereby preventing the screen from being viewed from the side.
Sticky problem
The USB drive poses another big security risk. These products are popular giveaways at conventions and events. Small, cheap to produce and with excellent portability, it’s no wonder they’re passed around frequently. But they may contain an unwelcome gift in the form of malware.
Malicious software delivered through USB flash drives could allow hackers to take control of a computer, infiltrate data, or spy on users.
“USBs are very well known for their ability to transfer malicious files, and these are no longer just limited to desktops and laptops, but to tablets that allow USB devices to be attached. And it is these consumer technology devices that are particularly vulnerable due to many of them being fairly new to the market,” says Dino Soepono, director of enterprise mobility Asia-Pacific at software company Citrix.
This was demonstrated by a USB firmware hack called BadUSB, which was unveiled at the Black Hat Briefings computer security conference in Las Vegas in August last year.
BadUSB was developed to show how a USB flash drive could be reprogrammed to take control of a computer, infiltrate data, or spy on the user.
The hack, created by security researchers Karsten Nohl and Jakob Lell, was capable of compromising a full system without being detected by current defences. It acts as a wake-up call for anyone that considers USBs to be safe.
Another key problem with USB devices is that they are easily lost or stolen, sometimes with dire results.
On February 18, 2014 a pharmacy staff member at Hong Kong’s Queen Elizabeth Hospital misplaced a USB drive containing the personal information of some 92 patients. The USB device was not recovered, and the embarrassed hospital reported the case to the police and the office of the Privacy Commissioner for Personal Data.
The dangers this case highlights need to be mitigated given their widespread use, says Soepono. One solution is cloud-based services, which enable users to access information stored on remote servers over the internet. But even these types of services carry risks.
In October last year, an Asia-Pacific company faced a data leakage when the files it stored on a popular free file hosting service were inadvertently leaked through the service’s vulnerabilities.
“There were a lot of data from corporations that were stored in [the host], which anyone could basically get access to,” says Soepono.
For this reason, he says companies and employees should be wary of the free consumer data storage/transfer services that are available, as they “don’t have the same security requirements as those specifically developed for enterprises”.
Citrix’s Workspace Cloud encrypts data and stores files behind the firewalls of the user company’s own servers. Soepono says it provides the efficiency of a cloud while ensuring the physical files remain onsite in a secured environment. “The beauty is that you can still manage all these files on the cloud when needed.”
Companies also don’t have to invest in a lot of infrastructure to get the service up and running.
Trojan horses
Yet more risks are posed by the growing prevalence of “bring your own device” (BYOD) to work, where employees use their personal devices in the workplace, including to access privileged information. This is a trend particularly prominent in small and medium-sized enterprises, where resources may be more limited.
Having workers’ personal devices connected to a company’s network can pose several risks, one of the biggest being the loss or theft of business-critical information, says Tony Lee, a consultant at Trend Micro Hong Kong, an internet content security company.
Photo: Courtesy of Jacob Botter
“When employees use their personal device for work-related purposes, any work-related data stored in that device could be compromised if the device is lost and/or stolen,” he says.
“A particularly malevolently inclined individual could get hold of the stolen information and either publish it online for everyone – and that includes your customers, investors and stakeholders – or sell it to the highest bidder. This could severely impact a business’ operations and finances, depending on the information lost.”
A survey conducted by hardware and software firm Oracle in 2015 found that 38 per cent of senior security decision-makers in Asia cited device security as one of the top worries when it comes to BYOD.
And the scope of the problem could be huge. A 2014 study by the International Data Corporation found that close to 155 million consumer smartphones would be used in the BYOD model across Asia-Pacific in 2015, up some 40.4 per cent year-on-year.
Lee says organisations should use common sense, as well as implement policies to mitigate the risks posed by BYOD, which could include points such as:
• Acceptable devices or operating systems to be used by employees;
• Best practices for protecting company information stored/access via mobile devices;
• Consequences for the company if data are not properly maintained;
• Other corporate BYOD guidelines specific to the individual business.
In addition to an office strategy, password protection and encryption are no-brainers for any smartphone, tablet or laptop. If stolen or lost, the data stored on devices would be inaccessible to some extent. Likewise new fingerprint recognition security features like the iPhone’s touch ID system are a step forward.
Other useful security features include the ability to remotely wipe mobile devices of data. Mac devices that support the “Find My iPhone” service can be tracked remotely and wiped in the event that the device is lost or stolen. Android devices and Citrix’s Workspace Cloud service have similar functionality.
Other tips are obvious but again worth mentioning, say the experts. Only use official platforms when downloading apps, and make use of mobile management solutions such as endpoint security software, which will monitor your devices for anomalous activity.
Apps, in particular those on Android, may seem harmless but can easily contain malicious features. Exercise caution when downloading any app, says Lee, and pay attention to the app’s name and publisher, and carefully review the app’s permissions.
ANTI-VIRUS SOFTWARE
Always use anti-virus software. Such products are readily available, and can be scheduled to run seamlessly in the background, scanning regularly for viruses and other malware. Jonathan Yeung, network engineer at DMX Technologies Group, recommends the following three anti-virus programs.
AVG ANTIVIRUS
One of the best. The free version provides full anti-virus protection, and helps you scan web links and your emails to warn you of malicious attachments. There is also a paid-for version with added security features, but the free one will do just fine.
Windows, OSX, Android
avg.com
NORTON SECURITY
A comprehensive all-in-one anti-virus software suite that development company Symantec is so confident in it will give a refund if the software or its experts are unable to get rid of a virus from your computer. For an annual fee starting at US$44.99, you get expert help from Norton technicians if you experience any problems with your devices.
Windows, OSX, iOS, Android
norton.com
MCAFEE ALL ACCESS
Priced at US$99.99, this comprehensive package
comes with unlimited licences, meaning you can use the software across all your devices. A separate mobile security package is available for iOS
and Android – and both are available for free.
Windows and OSX
mcafee.com
SIGNS AND SYMPTOMS OF viruses or INFECTIONS
Slow performance – Is your device excruciatingly slow or even unresponsive at times? Viruses eat up huge chunks of memory, which may result in slow computing.
“Blue screen of death” – A blue error screen that signifies a fatal system error on a Windows device.
Missing critical files – The loss of critical files can cause a system crash. A common symptom of a virus infection is missing core files, which you may learn about when attempting to use applications.
Error messages – An increasing number of error messages could be symptomatic of a computer virus. It’s important to determine if a malicious program is causing the errors, or whether the problem is caused by hardware. Failing hardware can lead to error messages, too. 
