Corporate_Travel_Security.jpgI am currently sitting in the United Club at O’Hare Airport on a relatively busy Tuesday morning. There is the usual smattering of hurried travelers milling around.
 
Among those are the busy professionals with their laptops out, earpieces in, and working on all sorts of tasks.
 
To my left, is a gentleman working on a presentation detailing the key sales figures for a major national retailer.
To my right is a young lady working on the social network posts that she is planning on sending out specific times for the next few days for yet another nationally known corporation.
 
Across from me, is another gentleman holding a conference call discussing, in fairly good detail, the reasons why a specific email server went down this morning and what they are trying to do to recover apparently missing data.
 

Where's the Security?

I am continually surprised at how little focus to security is paid by business travelers. All of this sensitive company information (sales, social strategy, specific infrastructure failings) is just sitting out there for a casual, but attentive, person to observe and report.
 
Neither of the people working next to me have a privacy screen or are making any effort to hide what they are working on (hint: lowering the brightness on your screen can make it more difficult for your screen to be seen by others).
 
Maybe these folks just aren’t aware of the sensitive data they are leaking? Maybe they don’t care? Both are bad (and one is obviously worse).
 

Play Your Part 

When it comes to security, everyone has to play their part. You can put as much structure, governance, and policy in place as you want, but you are only as strong as your weakest link which tends to be people.
 
The next time you travel, take a look a look around and observe. I’d like to think this was just a one-off event, but I’ve seen this type of risky behavior across airports worldwide.
 
So, how do you mitigate this type of security risk? Education and communication are a good start. Educate your staff, especially those that travel for work. Communicate with them the importance of keeping your company data secure.
 
Role play situations that can occur like shoulder surfing and talk about how to handle it. Privacy screens should be required for all laptops, as well, since you can’t control where those devices will make their way to.
 
In the end, this comes down to choice. Each individual will make that choice based on their knowledge and situational awareness. Empower and educate your mobile work force so they can make good decisions with how they handle your organization’s data.
Effective Identity Management Strategy
Jeff Steadman

Jeff Steadman

As part of our advisory practice, I partner with our clients to help plan their IAM strategies. Prior to joining Identropy, I spent over a dozen years managing, building, and running Identity & Access Management programs, projects, and teams for SC Johnson and Walgreens.