Going on an international business trip is a hassle, almost inherently. But traveling abroad and staying connected in a country with high-stakes cybercrime is downright stressful and possibly dangerous.
As China has shown repeatedly and Iran demonstrated prominently by hacking Obama administration emails just last week, the world’s autocratic governments utilize cybertheft to get the information they want. Vigilance in protecting sensitive email communication is especially critical when working for a company that does business in unsafe regions of the world.
“If you are an executive, what you are doing and where you are going will be captured through email,” said Will Ackerly, co-founder and CTO of Virtru, an email encryption and digital privacy company. “In one case, we received a call from an oil company whose executives were kidnapped in Mexico because their email communications and calendar invitations were not protected.”
Ackerly, who previously worked as a cloud security architect for the National Security Agency, founded Virtru in 2012 to develop a method of encrypting email that is easier to use than the tools currently available such as PGP encryption. One of the strongest methods for encrypting data, Pretty Good Privacy (PGP) employs a system of public and private cryptographic keys to send information securely. This type of encryption is asymmetric as messages can be encrypted with the public key, but only decrypted with the private key.
“PGP encryption is highly effective when you are traveling abroad and want to send proprietary information. But to use it with absolutely everyone you speak with is absurd,” said Ackerly.
Since PGP is difficult for the average person to use, the Virtru app provides an alternative to PGP encryption, and it can be integrated with cloud-based services such as Gmail to offer end-to-end encryption for emails.
Ackerly stressed the importance of virtual private networks (VPN). A VPN lets users share data across a public network as if their computers were connected to a private network, thereby protecting travelers from prying eyes in airport lounges or hotel lobbies. Another tip for travelers to ensure that private information remains safe is to download the latest updates on all their software, which is usually more secure, before they leave home.
It might be tempting to save valuable data by connecting to an open Wi-Fi connection, but that temptation should be resisted. Even Wi-Fi networks requiring a password can be easily compromised and hacked. So open Wi-Fi networks are very insecure.
Employees of companies that are could be targets of foreign governments because of their political connections should take extreme precautions when traveling in those countries, Ackerly said.
“One security officer at a newspaper mentioned that when their employees travel to China, they are given a burner laptop and a burner email address,” Ackerly noted. “You have to assume hackers are going to be looking for the content you are trying to communicate.”
A “burner” email is a temporary address a business traveler can create with the intention of deleting it at the trip’s end. By using a separate address, all information from the main account is inaccessible to hackers because it’s compartmentalized from the burner email.
While a seemingly extreme measure, a separate email address helps to safeguard people’s identities, since their older emails usually contain personal, identifying information.
“It is hard to reprogram human nature, and the human component comes into play a lot when protecting information,” said Ackerly. “It is still important to remember that email is a communication mechanism that should be secure.”