The holidays are shortly around the corner, and who doesn’t want to open gifts on the beaches of Tahiti, light the menorah in a castle in Ireland, or ring in the New Year at the Sydney Opera House? We worked hard all year, and who wouldn’t like a last-minute trip out of the country before the onslaught of the upcoming filing season or year-end close?

Sadly, international travel presents more safety concerns than just those physical. There is significant concern over data privacy internationally. Those unaware or unprepared may be putting themselves, their data, and their client data at risk.

Physical Security

Anytime you travel, there is an increased risk of theft for physical items, especially high-ticket items such as laptops, tablets, phones, and smart watches. Even high-end travel apparel, luggage, or bags become an invitation for theft. While there are some areas that are definitely an increased risk, even safe and tourist-attracting areas are common places for theft of devices or material possessions.

With the increased cost of enterprise-level hardware (current laptops now cost over $1200, smart watches average over $600, and tablets cost over $1000), these devices are common targets and become a loss for the owners if stolen. Nothing is worse than realizing you have been robbed or even actively being victimized on the street than realizing you are now out several thousand dollars in equipment. Then, moments later, you realize the amount of data you had on those devices.

Over 2 million laptops are stolen each year, with nearly half of them at airports. 600,000 of those 2 million are stolen at US-based airports, and approximately 200,000 are stolen at international airports.

Before you depart on your next trip, whether it be domestically or internationally, be sure you have taken precautions to protect your physical devices.

Protecting Your Data

More risky than losing a laptop or having your phone stolen is the heightened risk of data loss or theft. There are so many ways that your data can be accessed while travelling internationally (or even domestically in many cases!). Let’s look a bit deeper at the many ways your data could be stolen while away from your secure office:

• If your device is stolen, even with added encryption, it is only a matter of time and computing power because a password crack or encryption breach could occur. With less than 30% of small businesses leveraging Multi-Factor Authentication at logon, the risk for a personal or small business device is even greater. As computing power increases, the time to breach a password continues to shrink.

• 62% of people still write down a password and carry that password on their person. If your bag or purse is stolen, you could easily have just handed over the keys to your entire world. More so, if they possess your passwords, would you be able to recall them in an emergency to immediately replace them?

• There is an increased risk while travelling of connecting to unknown or risky networks, especially in public. Similarly, juice jacking (data theft through charging ports and devices), local NFC or Bluetooth hacking, and increased malware are all heightened risks while travelling.

• Every country has different data access, monitoring, and privacy laws. Just because you are awarded certain privacies within the United States does not guarantee that your online activity is under the same protection globally. Many countries monitor internet activity at a greater level. Even accessing cloud-stored data may present the same risks. Remote access to local, US-based systems may still be subject to screen monitoring. The less data you access or provide access to, the better.

  • Be as cautious as possible. Recently, while travelling in Europe, I had a small payroll emergency, and the country I was in had limited privacy privileges. I actually had to take a train to a neighboring country to ensure the remote access I required was protected.

The Unexpected Risk at Customs

There is one last risk we haven’t discussed yet, and it is actually right at our own borders. US Customs and Border Protection (CBP) reserves the right to search your possessions on re-entry to the United States. This search, without cause, can include access to your devices. In full disclosure, this occurs to less than .01% of travelers each year. During an electronics search, the CBP agent is authorized to request that you unlock your devices. While this may seem like an overreach, this is authorized through Titles 6, 8, and 19 of the US Code.

If a US citizen is electronically searched, they have the right to decline the search; however, the agent may detain the device in question. CBP is not permitted to deny re-entry based upon a denial of search. A non-US citizen may be denied entry if they refuse a device search upon request.

With the risk of your data sitting on a device detained by CBP or, worse, accessed by an agent, financial services professionals need to be extra cautious when travelling across borders.

You can read more about this regulation in CBP Directive 3340-049A and the CBP website.

The Risks Are Real

No, just carrying your device with you when you travel does not guarantee that it will be stolen or breached. However, travelling with your device does increase of a device being stolen or breached.

The important thing to remember when travelling or planning to travel is that you need to plan for and account for what devices and data you will need while away.

Honestly, as somebody with over 2 million air miles in their pocket, my professional advice is, “Just go.” Find a way to separate from work for those few days and enjoy life.

Interested in Best Practices to Protect Your Data?

Paid Subscribers can access Financial Guardians’ recommended steps to protect their data and devices while travelling. Subscribe today to access this list of recommendations.

(Please Note: Financial Guardians Lite and Founding Members have immediate access to this content. Financial Guardians Monthly Guardian members will have access through their www.cybersecurity.tax account, or you can request access here if you prefer to read it here.)