Kaspersky Lab International Travel Report: the urge to connect at any cost is putting international travelers’ data at risk

News

Introduction

Of the consumers that travel, only a minority pauses to consider the implications of their online activity when they are away from home.

Our survey questioned consumers – 97% of whom had travelled to another country during the past 12 months – about their digital habits abroad. It found that in the world of work and leisure, we are a well-travelled lot, but we tend to leave our digital security at home.

Of those surveyed, more than half of respondents (58%) travelled abroad for leisure more than once in the last 12 months. Half (49%) travelled abroad in the past year on business, and a third (32%) have done so more than once. The number is highest in Asia Pacific (64%) and the US (63%); one in five (20%) Americans work abroad at least monthly.

When travelling, either for pleasure or work, we hardly give a second thought to how we connect, where we connect, and who might be ‘listening’ in. The report shows our urge to be connected at whatever cost, and our indiscriminate attitudes and behaviors when searching out connectivity options abroad, are putting both our private and company data at risk.

Key findings

  • People more likely to be robbed of their data than their travel money abroad; one in five people generally, and three in 10 senior business managers, have been hit by cybercrime while abroad.
  • Half of us are online by the time we leave the airport; the second nature of digital communications, plus the pressure from work, is driving people to connect to the first-available Wi-Fi network, regardless of security.
  • Three in four people connect to free public Wi-Fi when abroad; a third connect with work devices, rising to almost half of business leaders.
  • Half of people rely on their old internet habits from home to stay safe when surfing online abroad.
    Almost half of people bank or shop online via Wi-Fi on personal devices when abroad; a third use Wi-Fi to transmit confidential work information on work devices.
  • Business people assume their work devices are safer because of in-built security; twice as many think, if they are to be sent abroad to work, then their employers should accept the associated security risks.

Methodology

The research, undertaken for Kaspersky Lab by Toluna research agency, surveyed 11,850 employed individuals who travel abroad for business and leisure, about their attitudes towards using their devices and connecting to the internet whilst abroad. Participants across 23 countries (Europe, Russia, Latin America, Asia Pacific and the US) took part in the research.

Not all the survey results have been included in this report. To request further data please contact Kaspersky Lab at prhq@kaspersky.com.

Quick to connect, slow to consider: international travelers playing with fire in rush to connect

The urge to connect immediately on touching down abroad means the majority of people are connecting to unsecured Wi-Fi networks and putting their personal data at risk.

The research finds cybercrime is commonplace when abroad, and yet three quarters of people (82%) connect to unsecured, free-at-use public access Wi-Fi networks (such as at airport terminals, hotels, cafes and restaurants).

On leaving the airport, nearly half of us (44%) are already online, with 50% connected by the time we arrive at the hotel. Most (69%) connect in order to let family and loved ones know they have arrived safely, followed by a need to download travel information (39%).

But pressure from work (38%) is also strong, and outruns even the desire to get up to speed on social media (34%). As a trend, it is notable more want to find out what they’ve missed back at home than want to update with news of their own adventures. One in three (34%) state, simply, it is instinctive to go online after touching down.

Indeed, our digital lives are second nature, and we are hardly inclined to change our behaviors as we roam away from our homes, and our trusted home networks. Half (50%) of people say they forget their connected devices are packed with highly personal and sensitive information – just because they use them for so many other things, such as for calls, cameras, and navigation.

This is strongest among the young (60% of under-25s, 57% of 25-34 year olds) and also among females (52%).

But away from home, and away from familiar communications networks, the lack of regard for network security plays into the hands of cybercriminals. Indeed, although consumers are more afraid of physical crime, they are more likely to be mugged virtually than physically when abroad, with data, rather than travel money ending up in the wrong hands.

Kaspersky Lab International Travel Report: Incidents that have happened to people when traveling

Almost one in five (18%) have been victims of cybercrime while traveling, with one in ten (9%) hit while shopping and 6% when banking online. 7% were infected by malware from an email.

Getting away from it all

We go on holiday to relax, and get away from it all. 15%, for example, say they drink more when they are abroad (with the UK smashing the average, at 29%). But just because we are relaxing more, doesn’t mean we should be letting our guard down.

We might be enjoying ourselves on holiday, but our digital habits often remain the same abroad. And that can put travelers at risk. When comparing what people do abroad and at home, the study shows us that three in five (61%) spend the same amount of time – or more – searching for information on the web when they are abroad, and two in five (42%) make the same number or more online purchases using credit cards. One in ten is more active on social media when abroad, and another third is as active as normal.

Kaspersky Lab International Travel Report: online activities

The research also revealed that when they are traveling and connected to Wi-Fi, people conduct dangerous activities online. According to the study, more than half bank (61%) and shop (55%) online via Wi-Fi when they are abroad. Almost half (46%) visit websites of a sensitive nature, and 70% post something on social media.

The research uncovers other ‘truths’ as well. Almost one in five have left personal devices with hotel concierges (19%), or handed them to strangers to take pictures (18%). Almost three in 10 (28%) have left them unsupervised in public spaces. Without casting aspersions, such statistics appear to demonstrate the casualness with which people guard their devices.

Bad attitudes of business travelers put personal and company data at risk

The urge for business travelers to connect is complicated, and heightened, by their work pressures. For three in five (59%) senior managers, there is an expectation from employers to stay connected.

In general, 27% of people are motivated to log on when abroad because they are worried about a specific work activity. This number jumps to 43% among senior managers, on a par with accessing urgent travel information, and 33% among mid-level executives.

Kaspersky Lab International Travel Report: employees travel habits

But the impulse to connect, and the second-nature of digital communications, is driving indiscriminate behavior, and leaving businesses and business people vulnerable to security breaches.

A reason for this is people perceive work devices to be inherently more secure than private communications tools; 41% expect their employers to have set strong security measures. This is most pronounced among business leaders (53%) and mid-level executives (46%).

Half (52%) of senior managers say their work activities on company devices are better protected than their leisure activities on personal devices when on Wi-Fi abroad. A third (33%), and almost two in five (38%) business leaders, say they don’t worry about cybersecurity abroad with a work device because they assume work devices are properly protected, by default.

More than this, one in four (and more than half of business leaders) believe it is the responsibility of the corporation, rather than the individual, to keep data safe. Indeed, the view from the top is that, if employers are to send staff overseas, they must accept any security risks that go with it.

Twice as many think employers should accept the security risks as those that think they should not – the figure rises to three times as many business leaders.

It is clear, however, their employees are not helping. Business travelers make little or no allowance for the fact they are indiscriminately docking with confidential, often highly valuable, information at every unsecured internet portal they arrive at, putting their employers’ private business at risk at every turn.

Taking security for granted

The major concern for employers should be the apparent lack of regard staff have for the pitfalls of data security when outside their home networks. A large proportion of business travelers take for granted that their data is safe. Their instinct to connect comes before their instinct to be secure, even abroad.

A third (35%) of people log in to unsecured, free-at-use Wi-Fi networks in airport terminals, hotels, cafes and restaurants with work devices as a matter of course, rising to 48% and 43% among senior and mid-level executives.

A similar number (31%) have used open access Wi-Fi to transmit emails via work accounts with sensitive or confidential information, and often attachments; this rises to 44% among senior business managers and 40% for mid-level executives.

Figures are broadly similar for accessing confidential documents via work email accounts on personal devices. Despite their claims company-issued devices provide additional protection, many business travelers are inclined to disregard the security measures their employers put in place.

Kaspersky Lab International Travel Report: employees travel habits

The provenance of the device often makes little difference. Two in five access work emails via Wi-Fi on their own personal email accounts on their own devices, which don’t run any corporate security software, and one in five log into corporate networks from unsecured personal devices.

Indeed, half of people (54%) make no distinction at all between their online activities when travelling for work and for leisure, despite the fact they depend on secure residential and office connections at home to keep their communication safe; the number rises, again, for mid-level and senior managers (to as much as 62%).

Conclusion

Cybercrime is a real danger for every type of traveler. This report demonstrates that it is more common now than physical ‘crime’. The second nature of digital communications, plus notably the expectation and pressures to get connected, is driving people to make bad choices when it comes to connectivity abroad – with hardly a thought for where they connect, how they connect or who might be ‘listening’ in.

Generally, the report shows people remain disinclined to make allowances for when they are outside the secure bounds of their home communications networks, often even when they are transmitting highly personal data and high confidential business information. This is likely to be down to two things: a lack of understanding of the risks of cybersecurity on unsecured public Wi-Fi networks, which people are more likely to use when abroad; and also a fundamental lack of options (or well-known options) from industry for users to get safely, cost-effectively and easily online when they want to, and need to.