What is meant by “information in transit”?
Information in transit is all that which moves from point A to point B. This movement can be by technical means (from one computer to another), or by physical means.
When this is done by technical means, either because we send an e-mail that travels over the Internet or we enter data on a web page, protection measures are required that are the responsibility of the IT Department and are called “encryption of communications”. These measures may involve the use of passwords, digital certificates, double authentication factors and VPN systems, both for consulting, extracting and transferring information.
But today we will not talk about this more technical part, we will only focus on the physical part, the responsibility of the Userthat is to say, the person who is accessing corporate information remotely (from home or any other place), or who is transporting it for reasons of a trip, work visit or because he/she needs to continue working on it at home.
Moreover, when we talk about data in transit, we should not only think about the information as such, or what is the same, in a digital or physical document, but we also have the responsibility to protect it even if it travels within apparently secure devices. This implies applying a principle that is always remembered in public places such as train stations, airports, etc., not to leave personal belongings or objects unattended., This includes physical briefcases, computers, USB sticks, cell phones and/or tablets and any other “information containers”.
What security incidents can we suffer and how to prevent them?
- THEFT: We can be victims of data theft, both in places and public transport where they can steal, for example, a computer, as well as if they force the door of our vehicle to steal its contents.
- LOSS: Unlike the previous point, in which a third party forces this situation, the loss of data is usually due to human error or carelessness in their care. Therefore, it is our responsibility to be careful with the information, especially if we are outside the work environment.
- INSECURE CONNECTION: It is not uncommon, especially when we are traveling or traveling, that we try to connect to WIFI networks available in trains, hotels, airports, restaurants, etc. so that the internet connection is faster and works better. In this sense we must be careful and connect only to those WIFI that are officially of the establishment, and for this it is preferable to confirm it with the staff of an information point, reception or customer service, before making the connection.
- UNAUTHORIZED ACCESS: Whether we are consulting information on a plane, on a train or in a coffee shop, we must be aware of a type of technique called “looking over our shoulder”, which implies that the people around us may have within their field of vision our cell phone and computer screen or the physical documentation we are reading. They do not always have to have a criminal interest in knowing that information, but sometimes we could make the mistake of providing data, without realizing it, to an unauthorized third party. And it could be the case that this third party later uses them in their own interest. Therefore, our recommendation in this regard is to treat and work on strictly confidential information (including e-mail replies), preferably in a private environment, away from prying eyes. It is preferable to postpone this reading for when we are already at home or in a hotel room.
IMPORTANT NOTE: If you have the slightest suspicion of having suffered a similar situation or have been the victim of a security incident, do not hesitate to inform your line manager, the CISO Security Manager and the IT department, so that they can advise you appropriately. And on a personal level he reports the cyberattack to the police authority.