The recent news that tourists travelling to the US may have to reveal social media content, passwords and/or financial data under “extreme vetting” procedures should worry you.
It’s another clear sign that today’s febrile climate is increasingly unpredictable, making travel – for leisure and business – even more difficult.
But while there is nothing you can do if you are “pulled to the side”, you can take steps to keep your personal and business information as secure as possible.
Keeping personal info safe
The first step to protecting your personal data is to disable Bluetooth and Wi-Fi services. These auxiliary radios, which transmit constantly, can leak your location.
Another useful step is to disable single sign-on for individual applications where available on the device when travelling. This means you will have to enter a password for each individual service on the device. While onerous, it is likely to deter even the most hardened official.
Also, consider packing the smart phone you use as your “daily driver” in your suitcase and carrying an alternative “light” device through the border.
Next, backup and remove any sensitive data from the device prior to departure. If you’ll need the data while travelling, make sure your backup is accessible after you cross the border (by using the cloud, for example). If you are forced to divulge any passwords, change them immediately once you successfully enter the country.
Finally, turn off your device when travelling and going through border controls. This not only disables biometric identifiers but also means that border authorities would need to ask for your password, which might be illegal depending on the country you are looking to enter.
Protecting business data
To safeguard corporate information, companies may wish to use policies for specific countries that can be automatically activated depending on geographic location. This will shift the onus away from employees and keep sensitive information safe.
IT departments may also want to remove certain apps from corporate devices while still enabling access to company apps via a browser. Removing important data from the device before embarking could prove useful too.
Companies are advised to consider the use of an emergency app, which is pushed out to the device when an employee is travelling. This can include advice on what to do if they are asked to hand in their device, or are detained.
An emergency app should include an emergency notification feature so an employee can gain direct access to a nominated person, or group of people, who are able to act on their behalf if required.
The nuclear protection option is to wipe the device. This may be required should an employee feel it necessary and may well be a last minute judgement call. However, with frequent backups and syncing to the cloud, employees and companies alike can mitigate the risks of a wipe.
Tougher controls at borders will mean you will have to take tougher measures to keep your data safe. Yet, obtaining entry into the country must remain your priority and, as such, don’t take any risks when faced with the possibility of being denied entry.
Border officials are being granted ever increasing powers, and the bad news is that it is up to them as to whether you enter the country.
Refusal to supply information when asked lawfully could result in being denied entry. So too could extreme mitigation techniques such as changing passwords prior to departure that you yourself can’t remember.
However, if you play the border game smart, data access and security shouldn’t be an issue.
James Plouffe is lead solutions architect at MobileIron.