As if flying wasn't stressful enough, laptop bans in airplane cabins and the possibility of having data on your devices searched create even more frustration for those traveling internationally this summer. Currently, the laptop ban is in effect for travel to the U.S. from 10 Middle East airports; there has been discussion about expanding the ban to all European travel.
Even now in some domestic airports, passengers are asked to remove all electronics from carry-on luggage and place them in bins separate from other personal items. Anecdotally, on a recent flight, I was asked to turn on my phone for TSA before I left the security area.
This is an inconvenience for all travelers, but especially for business travelers who may intend to work on their laptops during long flights and have sensitive data stored on the devices that must be checked. It can also create security risks.
What if you must check your laptop and it is stolen or gets pulled for an inspection? What if you are pulled aside and asked to hand over your devices and passwords to allow access? How can you comply with the government while keeping your company from suffering a potential data breach?
Understand that, even though you may not like it, government agencies have the right to search your belongings on public transportation, and it's been the case for a while, according to Chris Roberts, chief security architect at Acalvio, a Santa Clara, California-based provider of advanced threat detection and defense solutions.
"We've all seen the stickers and the warning signs that basically state you are in an environment where anything you have can be searched," Roberts said. "This does apply to your electronics, which are typically considered closed containers – hence, they can be 'opened.'"
This means airport security can ask you to turn on your device and for login information. They can also copy files and confiscate the device if warranted. According to U.S. Customs and Border Protection data, they searched the electronic devices of 14,993 arriving international travelers in the first six months of 2017. The Fourth Amendment won't protect you either.
"Decades ago, the Supreme Court created the border search exception to the Fourth Amendment's warrant requirement, permitting government agents to search travelers' luggage, vehicles or persons without a warrant and almost always without any individualized suspicion of wrongdoing," said Nick Bilogorskiy, senior director of threat operations with Cyphort, a threat detection company based in Santa Clara, California.
Simple steps to protect data
While you can't control what the government will do about electronic devices, you can control what they – or anyone – have access to. It begins with encrypting all of the data on your laptop, especially if there is the possibility that you have to put it into your checked bag. However, Bilogorskiy pointed out, they can ask for the encryption key if they deem it necessary, and if it is not provided, you can be detained.
So, the better option is to have a device with as little information on it as possible. Christopher Ensey, COO of Dunbar Security Solutions, advised taking "vanilla" devices that can only connect to sensitive information via secure tunnels and strong authentication. He also recommended businesses require anything on these vanilla devices to be wiped before going through customs to eliminate the risk of sensitive data being accessed by others.
Similarly, consider a burner phone when traveling internationally. This prepaid device would allow you to make calls and texts and access a Wi-Fi connection if needed, but it wouldn't be loaded with the apps and data stored on your regular phone.
If you must use your regular devices, Bilogorskiy recommended deleting your social media and other apps that hold sensitive information. If you can't delete them, be sure to log off after you are done using them. Yes, you may be asked to log in at customs, but if you're logged off, no one can open the apps without you knowing.
"It is also a good idea to talk to your IT department before traveling," said Bilogorskiy. "They may install software to protect your device from data breaches. This includes updating all software, increasing security settings, installing encryption software, implementing VPNs and securing user restrictions, turning on remote data wiping and locating software.”
But the best way to keep your device and data protected while going through customs? Take the bare minimum of devices necessary and leave everything else at home. If you don't absolutely need to use your laptop on the trip, don't take it. The new regulations may be a hassle, but they may redefine the way we work while traveling, which could, in the long run, create better security for sensitive data.