About ITRC
- Mission Statement
- ITRC Corporate Overview
- ITRC Awards & Commendations
- ITRC History
- Volunteer Opportunities
ITRC Sponsors
- Sponsors Logos & Links
- About Our Sponsors
Training & Presentations
- Introduction
- Presentation/ Training Catalog
- Past Presentations
- Presenter Biographies
Business Solutions
- Workplace Facts
- Consultation Services
- Business IQ Test
Media Resources
- Media Introduction
- Facts & Stats
- Press Releases
Law Enforcement
- Law Enforcement Introduction
- State & Local Resources
- Law Enforcement Victim Communications
- Fraud Investigator
- ITRC Presentations & Training
Reference Library
- ITRC Surveys & Studies
- Speeches, Articles & Testimonials
- Facts & Stats
- State & Local Resources
- Other Resources
Community Events
- Community Events Introduction
- Upcoming ITRC Events
- Past Community Events
Paginas en Espanol
- Recursos para las victimas
- Hoja de Datos
Pages in Chinese

Fact Sheet 134 - Business on the Move

Posted in: Consumer Guide
By Identity Theft Resource Center
Jun 26, 2008 - 10:43:14 AM

Digg this story!
Email this article
Printer friendly page

Fact Sheet 134
BUSINESS ON THE MOVE
For the Business Traveler

The Business Traveler often carries electronic storage devices and documents for reference or work while on planes, in hotels, and in the spare time between meetings. There is often information you may need in case your office or a customer contacts you during your trip. However, some of the information included may be sensitive personal identifying information (SPII). SPII includes Social Security numbers, employee identification numbers, addresses, insurance policy numbers, credit card or payroll information, financial account numbers, and other items that could be readily used by an identity thief.

Business Travelers must stay alert for situations that an identity thief might use to try to steal this information, and also guard against inadvertent loss or exposure of personal identifying information. ITRC believes that the great majority of people are honest. With that said, any particular person could be looking for the opportunity to gain access to sensitive information in your possession. In this respect, you should not trust anyone you meet with any SPII. Housekeeping staff, bellmen, security guards, TSA agents, front desk clerks, and many others you encounter during your trip, could have the opportunity to access your data if you are not aware.

You must realize that once you remove SPII from your office, you are, in fact, responsible for its protection and security. In addition, even inadvertent exposure or loss of such information (without theft involved) could trigger state breach laws which can require:

Law enforcement data exposure notification
Consumer or customer notification of those exposes
Media notification

These data exposure events (data breaches) may cost your company money, consumer trust and negative publicity.

Rules for the Road
The following items should be considered when you are on the move:

Laptops, Computer Storage Devices, and PDAs with sensitive personal information (SPII) – The best way to protect this information is by using data encryption, prior to leaving the workplace. While many people believe password protection is sufficient, studies and historical data prove thieves know how to bypass passwords, whether the password is on the laptop or file access. Do not carry the encryption code in writing with you. Commit it to memory.

Prior to beginning your trip, make time to consider which files really need to be carried on the trip. Although it is usually easier to do a “data dump” to your laptop, such action may expose large amounts of sensitive data to unnecessary risk. Take only those files which are likely to be needed during the trip.
Make an effort to keep your laptop in your control at all times. Be especially alert when going through airport security when crowds and security procedures may cause some chaos. Do not put your laptop through the security x-ray scanner until you are in position to be the next person through the metal detector. Thieves are waiting for those moments to delay you while an accomplice picks up your laptop from the opposite side of the x-ray scanner. By the time you get through the metal detector, your laptop is long gone.

Other protective measures include: GPS tracking devices for the laptop; fingerprint readers to access laptop files; and files that self-destroy if the wrong password is used. Finally, it is important to log out of your computer when it is not in use, even if it is for just a few minutes.
Paper Documents with SPII – Sensitive documents should always be kept in a locked briefcase that is secured at all times. As in the case of data files, select only those files for the trip that are likely to be needed. Do not leave sensitive documents in baggage that must be checked for flight.

If, during a trip particular documents become no longer necessary, see that they are shredded at the first opportunity. Most hotel business centers have crosscut shredders available for your use. Do the shredding yourself. All documents should be cross-cut shredded when no longer needed.
Hotel Safes – Be sure to take advantage of hotel safes if you are leaving your laptop, PDA or storage devices in a hotel room, even for a short period of time. Many persons have access to your hotel room when you are not there. Leaving any of your valuable items in the room, in this case SPII, is providing an opportunity to a thief. You must recognize that the information you carry is a target for an identity thief.
Business Center Computers – There is always a higher risk in using a public computer. In addition to leaving information (history) on the computer about your cyber travels, there may be malware or viruses that have been installed on the computer. These might be a virus, key-logger, Trojan, or worm that you then allow to transfer to your company network when you log-in to your company network. Key-loggers are programs that record and store each and every keystroke you make while using an infected computer. That keystroke data is quietly stored for later access by the thief. When it is retrieved, the thief will have an exact record of all the websites you visit, files you access, including your company network, and your user name and password that were used to access any accounts you visited. This information is a goldmine for an identity thief.

A better choice would be to use your own laptop and connect to a hotel network on a wired connection.
Limit information on the move – Assess your work needs before downloading files for travel. Do you really need to take employee or customer SPII with you? Minimize, or truncate when possible, records with this information. A better option would be to create a separate document or file with only the most necessary data.
Personal and Business checks – Leave personal checkbooks and checks at home. If necessary, keep business checks in a secure location (hotel safe) when not needed. Checking account takeover is one of the hardest types of financial fraud to remedy. ITRC recommends that you use cash, traveler’s cheques or credit cards for purchases.
Leave bills at home – Taking personal bills and financial account information with you during your travels puts you at greater risk for identity theft. Unfortunately, many people have access to your room while you are away at meetings and victims have reported that financial account information and checking information has been stolen in this way.
Pickpockets – Business travelers should be aware that in addition to wallets, pickpockets are also looking for laptops and PDA’s that are temporarily out of your control. This can easily happen at airports, in hotel lobbies and in restaurants. Remember, out of sight means out of control. Thieves may travel in pairs and watch where you put your belongings long before you know you are even a target.
Shoulder surfers – Many business travelers are tied to cell phones or PDA devices 24 hours a day. In public areas, identity thieves use “shoulder surfing” to gain access to your personal information. That term used to only apply to those who looked “over your shoulder” to see information. With the common use of cell phones, we forget that we are in a public venue and may talk about things that a thief can use. (This pertains to public payphones as well.) In other words, if you wouldn’t want to see it on a billboard, don’t talk about it on a phone in public. This includes SPII as well as company proprietary information.
Mail – If you travel frequently, you might want to consider having a PO Box rather than allowing mail to accumulate in your mailbox. If you do not have a locked mailbox, and don’t want to get a PO Box at the post office, at least put your mail on “postal hold” while you are gone.

Rules for the Company
There should be a person in your company or organization that audits information and tracks who has access to SPII files or records. This person should be the first person notified in the event information is misplaced or lost. This way, a response team can be alerted to follow a pre-established protocol regarding information containment as well as implement the steps which need to be taken at that time by the company or agency.

For additional information about ways to reduce identity theft risk while traveling, please refer to:

Fact Sheet 122 - Identity Theft Travel Tips

Created by ITRC.

This fact sheet should not be used in lieu of legal advice. Any requests to reproduce this material, other than by individual victims for their own use, should be directed to ITRC.

This project was supported by Grant No. 2007-VF-GX-K038 awarded by the Office for Victims of Crime, Office of Justice Programs, U.S. Department of Justice. Points of view in this document are those of the ITRC and do not necessarily represent the official position or policies of the U.S. Department of Justice

Resources

Add this site to...

Fact Sheet 134 - Business on the Move