Recently, The New York Times ran an article warning travelers to exercise the same degree of security over data on mobile devices as they would in protecting themselves from muggers. The warning comes in the wake of increased pressure by foreign and domestic governments for travelers to hand over devices and passwords because border agents have an interest in accessing the data on that device to determine the eligibility of the traveler for entry. When border agents confiscate a device, the data may be downloaded and stored for further scrutiny, thereby putting confidential corporate information at risk.
According to the article, these are 6 ways you could safeguard mobile devices and computers from invasive searches; based on interviews with security and forensics specialists. But, implementing some of these suggestions could result in barring you from entry. Fortunately, there is a better way to protect both corporate and BYOD devices without landing on the wrong side of the law, and we will address that in point 7, but first the list from the New York Times:
1) Invest in a travel device – to prevent your information from being accessed by border authorities. Experts suggest using a so-called travel device that can be used when going abroad; a device that does not contain any sensitive data.
2) Disable fingerprint readers – because in the United States, law enforcement agencies have successfully used warrants to compel people to unlock mobile devices with fingerprint readers. But because of your right to remain silent, it is tougher for border agents to force you to share your device passcode.
3) Don’t memorize your passwords – The thinking here is that when resisting a data frisk, it is easier to say you didn’t memorize your password than refusing to give it to border agents.
4) Use two-step verification – having two-step verification enabled can act as an extra safeguard — assuming you aren’t carrying the device delivering the passcode. Of course, this could make logging into your accounts difficult while you are traveling.
5) Encrypt your devices – with encryption security, which scrambles your data so it becomes indecipherable without the right key. Then, to avoid surrendering this passphrase, jot it down and hand it to a friend you can contact after crossing the border.
6) Backup to the cloud, then wipe before you cross – when you’re traveling, at a minimum you will need access to your email and calendar, but this is sensitive information that border patrol agents could get their hands on. The best option is to backup data to a cloud service and then wipe all the data from your device before arriving at the border.
While all of these suggestions have their merits and their pitfalls, they fail to address two fundamental issues.
Firstly, most employees aren’t IT wizards and even when traveling with a ‘travel device’, it’s unlikely they’ll have the inclination or ability to completely wipe the device before crossing through border control.
Secondly, even with fingerprint readers disabled and passwords being handed across borders on scraps of paper, officers can still use forensic software to download a copy of the encrypted data from the device. They can store or send the data to a lab for more rigorous analysis and once that happens, there is no chance of wiping the data remotely.
The only foolproof solution, to ensure that sensitive corporate data never ends up in the wrong hands, is to prevent it from ever actually being on the device. When employees access essential business data, like email and attachments, that data should never be transferred from the security of your data center (and in particular the security of Microsoft Exchange) to the device.
And that brings us to recommendation number seven ... the only secure option for accessing sensitive corporate data.
7. Outlook Web with Messageware
When Outlook Web is combined with Messageware’s security solutions, employees can safely access essential company information without the risk of sensitive data ever leaving corporate control. Along with Outlook Web, Messageware's security software resides on the Exchange Server, not the device. Giving employees the ability to view messages and attached documents without a trace of the data ending up on their device. Furthermore, Messageware security products offer an easy-to-deploy and manage solution with minimal administrative overhead.
Before your employees are forced to expose sensitive data, talk to us about our award winning solutions for securing corporate information on Outlook Web and Microsoft Exchange Server. Find out why thousands of business, from medium size to F100 rely on Messageware. If you're interested in testing any of our products in your environment, we’ll be glad to help with a free, fully functioning product trial, just click here.