What is meant by “data in transit”?
Data in transit is all information that moves from point A to point B. This movement can be by technical means (from one computer to another), or by physical means.
When this is done by technical means, either because we send an e-mail that travels over the Internet or we enter data on a web page, protection measures are required that are the responsibility of the IT Department and are called “encryption of communications”. These measures may involve the use of passwords, digital certificates, double authentication factors and VPN systems, both for consulting, extracting and transferring information.
But today we will not talk about this more technical part, we will only focus on the physical part, the responsibility of the Userthat is to say, the person who is accessing corporate information remotely (from home or any other place), or who is transporting it for reasons of a trip or work visit.
Furthermore, when we talk about data in transit, we should not only think about the information as such, or what is the same, in a digital or physical document, but we also have the responsibility to protect it even if it travels inside apparently safe devices. And this implies applying a principle that is always remembered in public places such as train stations, airports, etc.: not leaving personal belongings or objects unattended, including physical briefcases, computers, USB sticks, cell phones and/or tablets and any other “information containers”.
What security incidents may we experience in relation to data in physical transit?
- THEFT: We can be victims of data theft, both in places and public transport where they can steal, for example, a computer, as well as if they force the door of our vehicle to steal its contents.
- LOSS: Unlike the previous point, in which there is a third party that forces this situation, data loss is usually due to human error or carelessness in their care. Therefore, it is our responsibility to be careful with the information, especially if we are outside the work environment.
- INSECURE CONNECTION: It is not uncommon, especially when we are traveling or traveling, that we try to connect to WIFI networks available in trains, hotels, airports, restaurants, etc. so that the internet connection is faster and works better. In this sense we must be careful and connect only to those WIFI that are officially of the establishment, and for this it is preferable to confirm it with the staff of an information point, reception or customer service, before making the connection.
- UNAUTHORIZED ACCESS: Whether we are consulting information on a plane, on a train or in a coffee shop, we must be aware of a type of technique called “looking over our shoulder”, which implies that the people around us may have within their field of vision our mobile and computer screen or the physical documentation we are reading. They do not always have to have a criminal interest in knowing that information, but sometimes we could make the mistake of providing data, without realizing it, to an unauthorized third party. And it could be the case that this third party later uses them in their own interest. Therefore, our recommendation in this regard is to treat and work on strictly confidential information (including e-mail replies), preferably in a private environment, away from prying eyes. It is preferable to postpone this reading for when we are already at home or in a hotel room.
How can we avoid it?
As cybersecurity experts, we insist on the fact that users, that is, all the people who work for a company or entity, are another security measure. In fact, we are the most important, given that, unlike machines and computer programs, people act differently in similar situations and this means that we can be manipulated, deceived and make mistakes that cause what we call security incidents. Or what is the same, theft, loss and unauthorized access to corporate information that was under our supervision and that we have the obligation to guard, to guarantee its confidentiality.
IMPORTANT NOTE: If you have the slightest suspicion of having suffered a similar situation or have been the victim of a security incident, do not hesitate to report it to your line manager, the CISO Security Manager and the IT department, so that they can advise you appropriately. And on a personal level he reports the cyberattack to the police authority.
*Shipment date: March 31, 2025