Planning, Logistics, and Security

This chapter focuses on planning, logistics, and security once the decision to travel has been made. Risks such as using online sites to purchase flights, acquiring security clothing and luggage, and downloading and using apps on your mobile devices will be explored.

Keywords

Travel purchase; travel plan; logistics; itinerary; organization; travel warnings; travel alerts; luggage; wearable technology; travel documents; passport; cultural norms; business norms; travel insurance; health insurance

The decision to travel has been made, and the authorization given. Now planning begins in earnest. Depending on your schedule and resources, this may be the least enjoyable part of the experience. Planning business travel can be tedious, time consuming, and frustrating. Online web sites and mobile apps often promise an easy, convenient, cost-conscious way to set your agenda. But buyer beware! Digital tools can lead to security and safety risks—from lost devices to socially engineered hacking attacks that target you and your data. A rule of thumb is to consider potential security risks you may face at each step in planning and finalizing your itinerary. Here’s something else to remember: If you are not the one planning the trip, review plans presented to you with security in mind. Better yet, discuss security with the person planning your trip before they begin making travel arrangements. This chapter discusses some of the risks of online travel purchasing, the protection certain apparel and luggage offer, and reliable online resources and apps that provide valuable information to assess and mitigate potential problems

Purchasing Online and Security

How many TV, radio, and Internet commercials bombard us daily touting online travel web sites, as a great way to obtain high-quality transportation and lodging at a fabulous price? Some of the more common and popular sites are (more can be seen in Table 2.1):

Each makes the same claim: the lowest price available for your desired destination and at your desired comfort or luxury level. Just put in your travel information and … voila! Suddenly you have lists to scroll through and select from. You even have the option of registering on the site, of saving the itinerary that you select, and returning to the site for additional statistics on your travel data, all neatly accumulated and formatted. But the data is also saved. At this point, a security-minded person should ask, saved where? This is an important question because you have no control of the security of the location where your data is saved (on the cloud, in a remote server). Access to that data (whether authorized or not) is also out of your control. You have to trust that these web sites have put into place appropriate security controls to protect your information—from financial information used to purchase travel services to personally identifiable information such as user IDs and passwords.

A few questions to ask before using one of these web sites:

Even though the travel web sites I listed relate to air travel, keep in mind that the same security concerns exist for any transportation web site—Amtrak (railroad), Greyhound (buses), Carnival Cruise lines (ships), etc. If you plan, book, and save purchases for travel or related items such as rentals for cars, bikes, canoes, etc., online, it is important to give careful consideration to security controls that may or may not exist.

Business travelers should also have the same security concerns about privacy and protection of personal and financial data when making lodging arrangements. There are a variety of web sites that provide information about hotel rooms, hotel direct web sites, or web sites that offer the option of being able to share a couch or room in a private home. These include:

Security professionals emphasize the importance of strong passwords for travel accounts as a first step to protect yourself and your data. Strong passwords reduce the risk of a security breach because they include an unpredictable mix of symbols, numbers, and upper and lowercase letters. You can increase password strength by not sharing the password among your other accounts. In addition, using biometrics or two-factor verification that require additional information in order to access your account is also highly recommended. Another strategy is to create a temporary e-mail address and password to be used only for a particular instance of business travel and then terminate the e-mail and password once the travel is completed. You could also create an e-mail and password only for travel.

Organizing the Plan and Logistics

Purchasing services is just one step in business travel. Travel logistics communications such as tickets and lodging confirmations are usually electronic and tend to be distributed to the parties who need to know by electronic means such as e-mail or mobile apps. Organizing all the information about a trip in one location is a time management strategy that has security implications. An example is the iPhone’s Passport app. Just one of a wide collection of travel-related apps, Passport “keeps things like airline boarding passes, movie tickets, and gift cards all in one place, letting you scan your iPhone or iPod touch to check-in for a flight, get into a movie, redeem a coupon, and more.3” Table 2.2 lists some others.

Having all of the information about a business trip in one place is convenient but also provides a hacker with a one-stop shop. When you couple this reality with the ubiquitous use of mobile devices, it’s easy to understand why corporate risk management is placing growing importance on mobile security.

Critical security questions to consider regarding apps and mobile devices before taking a business trip include: