Seventy percent of business travellers have experienced cyber-attacks, with experts warning that they are prime targets for cybercriminals looking to steal confidential data.

The rise in business travel – up 19 percent in the past year – has increased exposure to security threats, particularly due to poor cybersecurity habits, weak passwords, and a general lack of awareness.

Indusface, an application security SaaS company, has identified the key cybersecurity risks facing business travellers and provided guidance on how to protect company data while on the move.

Unsecured Wi-Fi Networks and Cyber Threats

One of the most common security risks for business travellers is connecting to unsecured Wi-Fi networks. Public Wi-Fi networks often lack encryption, leaving sensitive data vulnerable to unauthorised access. Cybercriminals exploit this by setting up fake hotspots, known as honeypot networks, to steal company data.

Cafés, restaurants (25%), airports (23%), and hotels (20%) are among the most common locations where personal and business information is compromised.

Venky Sundar, Founder and President of Indusface, advised businesses to implement clear policies for public Wi-Fi usage. “The first port of call for businesses is to create policies that outline the protocols for public Wi-Fi usage, with requirements for complete avoidance or VPN usage.

“Ensure employees turn off auto-connect Wi-Fi settings too. Alternatively, business-funded mobile networks for hot-spotting will help deter public Wi-Fi connections for employees in a pinch.”

Loss or Theft of Devices

Sixteen percent of business travellers plan to combine work trips with holidays this year, increasing the risk of lost or stolen devices. Research shows that 80 percent of travellers have lost or forgotten an item while travelling, yet only 40 percent recover their belongings. This could become a serious issue if the lost item in question turns out to be a work device.

Sundar recommended that businesses implement policies for handling company equipment securely.

“Effective ways to limit the risk of loss and theft is to implement clear policies on secure handling of business equipment when travelling and encourage employees to keep tech close at all times in secure luggage and hand luggage rather than checked bags. Companies can also invest in smart luggage and remote device management which allows the quick wiping of devices in the event of a loss.”

Security Risks of Mobile Apps

Business travellers frequently rely on mobile phones for work, often overlooking the security risks associated with their apps. Messaging services without end-to-end encryption pose a particular threat, making both personal and business communications vulnerable.

“Mobile app penetration testing is invaluable here, assessment of the security of mobile applications by simulating attacks helps identify vulnerabilities. Carrying out this testing is key to ensuring sensitive data is not at risk,” Sundar advised.

Fake Charging Stations

Public charging stations pose another security risk. Cybercriminals use compromised USB ports to steal data or install malware – a practice known as juice jacking. This is a common threat in airports, cafés, and public transport hubs where business travellers frequently recharge their devices.

Sundar said, “USB data blockers are inexpensive but a great solution to stop the data transfer between the device and the charging port. Investing in software security will help add another layer of defence if desperation hits. Alternatively, business travellers would benefit from a portable charger that can keep their tech going when away from the office,” Sundar suggested.

Shared and Publicly Accessible Devices

Using shared or public devices presents another cybersecurity risk. Saved passwords, browsing history, and sensitive information can be exposed to unauthorised users. Sundar advised against using shared devices, but acknowledged that it is sometimes unavoidable.

“Typically employees should avoid sharing devices at all times to limit the security risk, where unavoidable ensure to never save passwords, create separate accounts, and avoid using the device for sensitive material.”