How to keep the spies out of your computer
Fortunately, you can take steps to prevent these sorts of spying attacks and other security threats or remediate them after the fact. Here are some tips from security experts and practitioners:
1. Leave your own laptop at home; bring a loaner instead. The best way you can guard against losing valuable data or having it compromised is to bring a temporary laptop or other computing device when going overseas. "Upon returning home, the devices can be wiped to remove any malicious software," says Ben Piper, president of Ben Piper Consulting, which focuses on security.
If a temporary device isn't an option, remove all data from your device before leaving on the trip, except for what is absolutely needed, Piper advises. Have your company email forwarded to a temporary email account. Log into that account when overseas; if it's compromised, only that forwarded email is stolen and the attackers don't get access to your company email account.
Whatever you do, don't connect your devices to your personal or corporate networks or services upon returning from a trip until you have a security pro ensure there's no malicious software on the devices. "The goal of spyware is to steal information, whether by accessing it directly from the device or sitting latent until the device is connected to the company network, where the malicious software can infect other devices," Piper says.
Note that traditional antispyware tools have difficulty detecting the kind of spyware that foreign governments and sophisticated organized crime rings install, Martinez says. You might even use an inexpensive laptop that you throw away upon return rather than risk not detecting the spyware -- much as criminals use disposal ("burner") cellphones to evade police and leave no records.
2. If you must bring your regular computer on a trip, don't leave it unattended or vulnerable to tampering. When the situation calls for you to bring a laptop or mobile device on a business trip, always carry it with you, rather than leaving it in a hotel room or airport club, even for short durations. And -- seriously -- keep it under your pillow while sleeping.
If you leave it unattended, "assume it has been tampered with and when returning from overseas, hand it over to the IT security team at your organization, detailing the day and amount of time you left it unaccompanied," says Lance James, director of intelligence at Vigilant, a provider of managed security services provider.
In those instances where keeping your laptop with you at all times is not practical, you might use the safe in your hotel room or at the front desk. Just be clear that this won't protect you from state-sponsored spies, who will have access to such safes. "Although hotel safes are not a perfect solution, they do raise the security bar beyond the level of the casual thief," says Raymond McDonald, senior security consultant at Akibia, a security consulting firm.
Employees, including executives, should be versed in data classification and handling procedures as a part of an established security training and awareness program, McDonald says. This helps ensure they understand what types of data they're authorized to maintain on their laptops at any time and what steps they must take to protect it.