In today’s digital age, the threat of data breaches and information loss during international travel poses a significant risk to organizations worldwide. This includes foreign national workers carrying sensitive, proprietary, or regulated information. Understanding the potential risks and taking proactive measures can help safeguard your organization’s data and prevent security breaches.
Border Searches and Surveillance
Border searches pose a major concern, particularly in the United States. While the Fourth Amendment protects against unreasonable searches, this protection does not apply to searches at the U.S. border. Border agents can inspect electronic devices without a warrant or suspicion of wrongdoing, and searches can range from viewing accessible content on an unlocked device to requesting passwords, accessing encrypted files, or copying data for forensic review.
- U.S. citizens and permanent residents are also subject to these inspections, even when entering lawfully.
- Professionals carrying confidential information should take extra precautions, as your company data may be accessed or copied – and your workers could be detained.
Other Data Security Risks
Once inside a country, travelers face a range of digital security threats, including:
- Network surveillance
- Surveillance in public Wi-Fi hotspots
- Government surveillance
- Cybertheft
Network surveillance is common in many regions, particularly when using public Wi-Fi in hotels, airports, or cafes, where communications can be intercepted or monitored without the user’s knowledge. In some countries, there are legal restrictions or outright bans on the use of encryption tools, making it more difficult for travelers to protect their data. Countries with higher risks for such activities include:
China, Russia, Iran, North Korea, and certain parts of the Middle East
Export Control Considerations
Carrying certain data, software, or technologies abroad may trigger export control laws, especially in fields like defense, technology, and pharmaceuticals. Even encrypted files on a laptop can violate export laws if shared or accessed abroad. In the U.S., laws like ITAR and EAR impose serious penalties for violations.
Professional Responsibilities
Professionals in law, research, journalism, and academia may be ethically or legally obligated to protect sensitive data. A New York State Bar ethics opinion, for example, concludes that attorneys must take “reasonable precautions” to avoid ethical breaches at borders. Third-party access of devices may also constitute a data breach that would require disclosure.
Steps to Safeguard Data
To mitigate these risks, your organization can take the following steps:
| Step | Description |
|---|---|
| 1. Use VPNs or virtual desktops | Instruct workers to use VPNs or virtual desktops if permitted. |
| 2. Prohibit unsecured networks | Prohibit workers from using unsecured networks for sensitive communication. |
| 3. Monitor unknown USB devices | Require workers to be wary of unknown USB devices or file transfers. |
| 4. Limit devices and data | Instruct workers to bring only essential devices and data when traveling internationally. |
| 5. Train on digital footprint | Train workers on maintaining strict control over their digital footprint while abroad. |
| 6. Use encrypted devices | Use encrypted or “clean” loaner devices with minimal data. |
| 7. Secure cloud storage | Require workers to store confidential information in secure, institution-approved cloud platforms, not on devices. |
| 8. Ensure compliance | Ensure your compliance team has provided guidance on whether your data or software is export-controlled. |
| 9. Use strong passwords | Require workers to use strong passwords and disable biometrics before crossing borders. |
| 10. Back up data | Have workers back up important data before departure. |
| 11. Disclose travel | Require workers who travel abroad to disclose such travel with IT, legal, or compliance teams. |
| 12. Develop data policies | Develop institutional data handling policies for international trips and train workers on best practices. |
In conclusion, international travel poses significant data security risks, particularly for foreign national workers carrying sensitive information. By understanding these risks and taking proactive measures, organizations can safeguard their data and prevent security breaches.
