Two years of COVID-19 related lockdowns benched business travel for a lot of companies, but that’s no longer the case. However, as the travel industry is resurging, cybercriminals are using the influx as an excuse to defraud travelers. Recent estimates find that cybercrime targeting the travel industry increased by 393% between 2020 and 2021.
But that’s not the only concern businesses should be worried about when sending employees to meetings overseas. Other risks, like growing geopolitical unrest and the rise of COVID-19 variants, can spell trouble.
If you’re not careful, your business travel plans may be subject to the consequences of these risks. But what can be done?
While you can’t solve the world’s problems, you can plan how your company will respond when those problems affect your travel plans. How? With travel risk management.
What Is Travel Risk Management?
Travel risk management is a system of processes that provides consistent and proactive security protection to your employees while they travel. This system is largely meant to accomplish three things:
- Educate employees on travel risks: Knowledge is the first line of defense for risk prevention. Educating employees about potential travel risks can help them know what risks to consider and plan their trip accordingly.
- Eliminate those risks whenever possible: Employees that are educated about potential risks can recognize threats. By identifying these threats ahead of time (and taking the appropriate evasive actions), many risks can be eliminated.
- Establish a plan of action if threats ever materialize: Even when working with the most proactive travel risk management plans, certain threats still prevail. While this can sometimes be the case with travel cybersecurity threats, this is certainly the case with risks like natural disasters, weather phenomena, and canceled flights or trains. That is why every travel risk management plan should prepare employees with reactive measures to mitigate the effects of active threats.
To put it simply, a travel risk management plan prepares your employees with proactive and reactive measures to keep themselves and their information safe while traveling.
Twitter Linkedin
Jonathan Nelson
Director, Risk Intelligence
LinkedinWhat Travel Risks Do Organizations Face?
The security risks your employees face while traveling usually fall into one of two categories: physical threats and cybersecurity threats.
Physical Threats
Travel can be unpredictable. There are several physical threats your employees should be aware of at all times to remain safe and continue their travels without a hitch.
- Weather patterns: Bad weather can cancel flights. Extreme weather can affect road conditions, flood residential areas, and generally cause massive damage. Weather can be unpredictable, so you just have to do your best to prepare employees for worst-case scenarios.
- Public health concerns: The travel destination may be the epicenter of a public health crisis. Travelers to China, Italy, Brazil, and many other countries experienced this when COVID-19 first reared its ugly head in early 2020. In these cases, your employees will either have to cancel their plans or take necessary precautions to prevent the spread of disease.
- War/terrorism: While war-torn areas can easily be avoided during travel, it’s still worth noting the geopolitical climate of a travel destination before departure. The last thing you want is for your employees to be caught in the middle of an attack.
- Break-ins: Many people see hotels as a haven while traveling but that is not always the case. Thieves may break into hotel rooms to steal your belongings while you’re away or even while you’re in the room.
- Fatigue: This final risk is entirely internal—the fatigue one feels while traveling. While this can be fairly harmless, it can be incredibly debilitating for those who are jet-lagged after traveling long distances. If those employees have to drive a car or take other means of transportation, dozing off can be disastrous.
Cybersecurity Threats
Cybercrime, particularly identity theft, is on the rise. A large reason for the increase is that cybercriminals develop new ways to steal your information. Some involve malware, while others rely on old-fashioned methods. If you don’t have some form of existing cybersecurity protection for employees, these risks can snowball into serious issues for your employee and your company.
We’ll break down the most common travel cybersecurity threats your employees may encounter.
Malware
Here are a few strategies cybercriminals have developed that your employees need to be aware of before traveling.
- Charging ports: Public charging stations may seem like a convenient way to charge your phone in a pinch, but they may not be all they appear to be, thanks to “juice jacking.” Juice jacking is a new attack method where cybercriminals will upload malware into a USB charging station, allowing them to access devices while they are connected to the port.
- Public networks: Free public networks you find in airports or city centers are not secure. Hackers take advantage of this lack of security and implement a variety of strategies to steal information from connected users. Examples include packet sniffing (acquiring airborne data) and man-in-the-middle attacks (intercepting communication between you and the web browser).
- Fake networks: While the best cybersecurity practice is to not connect to any public network, be incredibly careful about which one you choose to connect to. Some networks are fakes created by a cybercriminal. If you log on to such a network, you’re offering your information on a silver platter.
Traditional Thievery
Criminals don’t have to hack into your computer to get information that can compromise your business’ cybersecurity. There are plenty of physical threats your employees must be aware of if they travel.
- Theft: The simplest example of a physical threat to cybersecurity is theft. If your employees bring a work phone or computer on their travels, they must ensure the device is secured and on their person at all times. If someone gets their hands on the device, assume your company’s data is at risk.
- Peering eyes: When traveling, you’ll likely work on your laptop in a public place, be it a train, bus, or airport lobby. When working with sensitive information, you must be mindful of your surroundings. Peering eyes may scan your screen and write down passwords or other sensitive information.
- File searches: If you fly internationally and your destination is in the United States, the U.S. Department of Homeland Security has allowed screeners at airports to conduct heightened screening of personal electronic devices. This may include searching emails, text messages, social media profiles, and similar accounts. There’s not much you can do if your devices are subjected to a search—just be aware of this risk and protect your files as best you can.
Why Is Travel Risk Management Important?
When your employees travel for work-related tasks, their safety and security are in your hands. Therefore, you should do everything in your power to ensure your employees are safe during their journeys so you can protect them, your company’s data, and even your brand reputation.
Financial Repercussions
If an employee’s safety becomes jeopardized while traveling, you could be subject to workers’ compensation claims, just like if they were at the office. Of course, the well-being of your employees should be a concern on an ethical level as well, not just in fear of the monetary repercussions.
Data Security Concerns
If your employee’s cybersecurity is compromised while traveling, it may spell trouble for your business. If passwords or other credentials are stolen, cybercriminals may gain access to sensitive information, putting your business at serious risk of future crippling cybersecurity attacks.
What Is a Travel Risk Assessment?
A travel risk assessment is a process that identifies and evaluates the specific risks an employee may face during their travels.
This assessment will need to be performed on an individual basis, measuring the risks associated with the employee’s travel experience, their final destination, and their means of transportation.
How Are Risks Assessed?
When assessing risks, it’s best to look at two variables: the likelihood the risk has to occur and the impact it would have on the employee and/or the company.
Assessing Likelihood
How prevalent is the threat? The answer to this question will vary. Fortunately, there are resources that can help you with the answer for any travel destination:
Assessing Impact
Some risks are simply less severe than others. For example, food poisoning may be highly likely when traveling to a third-world country. But outside of a couple of days of discomfort, it shouldn’t be too much of a problem.
Traveling to a country that’s on the brink of civil war? That’s a different story. Use your best judgment here and communicate with your traveling employees to determine what risks they are comfortable with.
The Assessment Matrix
To put this into a visual, consider the following matrix you can use to determine the severity of a risk:
Acceptable | Tolerable | Unacceptable | Intolerable | |
Unlikely | Low Risk | Moderate Risk | Moderate Risk | High Risk |
Possible | Low Risk | Moderate Risk | High Risk | Extreme Risk |
Probable | Moderate Risk | High Risk | High Risk | Extreme Risk |
If you’re traveling outside the United States, check out current U.S. travel advisories to research your employee’s final destination. This resource can give you a quick snapshot of the safety of any country in the world.
How to Create a Travel Risk Management Plan
Travel risk management is not a formula. Instead, it should be an ever-evolving process that improves upon itself with every usage. You can break this process down into six steps.
1. Prepare
This is when you plan your proactive approach to risk management. Think of all the possible scenarios your employees may run into during a trip and create contingency plans for every situation. While it may seem like overkill, there’s no limit on how cautious you can be.
2. Identify/Assess
If there are certain locations your employees travel to frequently, identify the risks they are most likely to encounter. It’s best to run through the Travel Risk Assessment process we described earlier.
3. Train
Once your plan is prepared and contingencies are established, you have to train the traveling employees and the employees who will respond to any travel-related crises.
You may run employees through crisis simulations to test how they would respond if something went wrong during travel. Meanwhile, you should train traveling employees on best practices for maintaining physical and cybersecurity safety while on the road.
4. Monitor
While the employee is traveling, monitor the surrounding climate. Are severe weather storms heading their way? Are political relations brewing into a conflict? Are diseases spreading in their vicinity?
Also, consider monitoring their cybersecurity health with a travel risk intelligence service. These programs can provide real-time data regarding the security of your employees’ credentials; you’ll know immediately if they’ve been compromised.
5. Respond
In the rare event that risk turns into a real threat, move into action. Remain in constant communication with the traveling employee and give them actionable feedback on how they should proceed. Follow your contingencies closely, but be flexible when required.
6. Review and Revise
After the travel has concluded, review how it went. If you had to respond to a crisis, how was that response received? Could anything have been done differently?
Ask the traveling employee(s) for their feedback. Use this feedback to improve your process so it runs more smoothly for future employees.
Protect Employees with Better Data
The more data you can gather about the circumstances your employees will be in, their travel, and the risk climate in their area, the better job you can do at protecting them. How do you gather more data? By adopting a comprehensive threat detection and protection platform.
With Constella’s services, you can better track the threats surrounding your employees as they travel throughout the world and also keep tabs on their cybersecurity health. Request our demo before you schedule your next trip to see data-enriched protection in action.