Mobile devices, Bluetooth technology, public Wi-Fi access points and corporate loaner laptops are among the things Canadian business people should worry about when travelling abroad, according to the latest advisory from a government body responsible for co-ordinating the national response to cyber security incidents.
“The information that someone travels with, or the data accessed while travelling could be compromised by threat actors and used against the traveler of the organization represented,” according to the post on the Public Safety Canada Web site. “Potential threat actors include hostile and foreign intelligence services, criminals and competitors.”
The CCIRC did not mention any specific country or organization as potential threats but warned that technical, political, military, financial or personal data are targets that by cyber espionage groups seeking political, strategic, economic or competitive advantage.
Cyber criminals, the CCIRC said are capable of:
-Identifying and targeting mobile devices
-Delivering malicious code to devices
-Using network connections such as wireless and Bluetooth connections
-Accessing a user’s mobile device to track that person’s movements
-Activating the microphone on devices
-Interception of electronically sent communications
Among the things that business travelers should be concerned are:
-Smart phone and mobile device security
-Wireless access points
-Bluetooth access points
Some of the recommendations appear obvious, but others the CCIRC advisory also tackle some areas which may be easy to overlook.
For instance the security body advised users to disable the near field communications (NFC) and Bluetooth feature on their mobile device to lessen the risk of cyber criminals establishing a remote link with their devices.
The CCIRC also reminds business travelers to be careful in connecting to a hotel’s wireless access point because hackers often activate spoofed wireless access points identical to land sometimes even have a stronger signal than the legitimate access points.
Loaner devices from an employee’s company may offer a false sense of security because they are usually “clean” devices that don’t contain corporate data, are usually older models which the company can afford to lose. However, compromised loaner devices are a threat when they connect back to the corporate network.
Business travelers often get software and hardware giveaways at conferences and training events abroad. These too can be potential threat vectors, according to the CCIRC.
“Even when provided during the course of a planned activity, it is possible these materials may inadvertently or purposely contain malicious software,” the CCIRC warned.