when traveling. These risks include the following:

               Sensitive Data Ideally, the devices should not contain any sensitive
               data. This prevents the loss of data if the devices are lost or stolen. If

               an employee needs this data while traveling, it should be protected
               with strong encryption.

               Malware and Monitoring Devices There have been many
               reported cases of malware being installed on systems while employees
               were visiting a foreign country. Similarly, we have heard firsthand
               accounts of physical monitoring devices being installed inside devices
               after a trip to a foreign country. People might think their devices are

               safe in a hotel room as they go out to a local restaurant. However, this
               is more than enough time for someone who otherwise looks like hotel
               staff to enter your room, install malware in the operating system, and
               install a physical listening device inside the computer. Maintaining
               physical control of devices at all times can prevent these attacks.

               Additionally, security experts recommend that employees do not bring
               their personal devices but instead bring temporary devices to be used
               during the trip. After the trip, these can be wiped clean and reimaged.

               Free Wi-Fi Free Wi-Fi often sounds appealing while traveling.
               However, it can easily be a trap configured to capture all the user’s
               traffic. As an example, attackers can configure a Wi-Fi connection as a
               man-in-the-middle attack, forcing all traffic to go through the

               attacker’s system. The attacker can then capture all traffic. A
               sophisticated man-in-the-middle attack can create a Hypertext
               Transfer Protocol Secure (HTTPS) connection between the client and
               the attacker’s system and create another HTTPS connection between
               the attacker’s system and an internet-based server. From the client’s
               perspective, it looks like it is a secure HTTPS connection between the
               client’s computer and the internet-based server. However, all the data

               is decrypted and easily viewable on the attacker’s system. Instead,
               users should have a method of creating their own internet connection,
               such as through a smartphone or with a Mi-Fi device.

               VPNs Employers should have access to virtual private networks
               (VPNs) that they can use to create secure connections. These can be
               used to access resources in the internal network, including their work-