Cyber security extends beyond traditional desktop and laptop computers; it also includes:

• Mobile phones
• Personal digital assistant (PDAs)
• Car navigation systems, etc.

Safeguard your portable devices to protect both the machine and the information it contains.

• All electronic equipment using some kind of computerized component is vulnerable.
• Risk increases if device is connected to the Internet or a network where an attacker can gain access.
• Wireless connections are also vulnerable to attackers gaining access to your device; they can send information to or extract information from your device.

Only you can determine what is actually at risk.  Ask yourself, “What information on my device do I not want anyone to have access to?”

If a thief steals your electronic device, all of the information stored is at risk, as well as any additional information that could be accessed as a result of the data stored on the device itself.  Even if there isn’t any sensitive corporate information on your laptop or PDA, think of the other information: information about appointments, passwords, email addresses and other contact information, personal information for online accounts, etc.

Physical Device Security – Protect the Machine

In a home or official office setting, you may be able to control who has physical access to your electronic devices.  However, traveling with a portable electronic device has a greater risk of being stolen, which means additional steps must be taken to protect the information on these devices.

• Remember physical security – Having physical access to a device makes it easier for an attacker to extract or corrupt information. Do not leave your device unattended in public or easily accessible areas.
• Keep your portable electronic device with you at all times – When traveling, laptops, PDAs or cell phones should never be checked with other luggage or stored in a temporary airport or train station storage locker, but should be part of your carry-on baggage that will stay with you at all times.
• Hand-carry portable electronic devices securely.  Don’t put mobile phones or PDAs in the external pockets of your bag or purse; keep it inside. If you keep your mobile or PDA on a belt, use a case. It is more difficult to remove the case from your belt unnoticeably.
• Never give your electronic device to someone you do not know.  Do not allow an unfamiliar person access to your device even if it is just to carry it to your hotel room or place a call on your cell phone.
• Downplay your electronic device. Avoid using your portable device in public areas, and consider non-traditional bags for carrying your laptop.
• Consider an alarm or lock – If you travel often or will be in a heavily populated area, you may want to consider investing in an alarm for your laptop bag or a lock to secure your laptop to a piece of furniture.
• Identify and label electronic devices.  Place a decal or mark device (such as engraving) that will be difficult to remove.  Record all serial numbers and other identifying information and keep a hard copy of the information in two different locations.
• Secure wireless networks.  Place wireless base stations away from outside walls in order to minimize transmission of data outside of building.

Data Security – Protect the Information

• Password-protect your device.  Follow proper password management for all electronic devices.  Make sure that you have to enter a password to power-up and log in to your computer or electronic device.  Enable timeout mechanisms that automatically prompt for a password after a period of inactivity.  Do not choose options that allow your device to remember your passwords.
• Turn off all communication ports during periods of inactivity
• Disconnect your computer from the Internet when you are not using it. Your device is at a much higher risk for being targeted by attackers and viruses if always connected to the Internet.
• Disable remote connectivity – Some PDAs and phones are equipped with wireless technologies, such as Bluetooth, that can be used to connect to other devices or computers. Disable this function when not in use.
• Evaluate your devices’ security settings. Most software, including browsers and email programs, offers a variety of features that you can tailor to meet your needs and requirements. Increase web browser security settings to High and limit or disable plugins.
• Physical access to computing facility.  Depending on the country you’re working in, it is not always possible to dictate what employees can do or where they can go.  For example, in certain countries it is not permitted to log the fact that a specific person accessed a specific data set at a certain time on a certain date, because such a log could be misused to inappropriately monitor his/her work habits, speed, productivity, etc.  Likewise, in some countries, there are resident fire marshals in the facility who do not work for the enterprise, but are authorized access to each and every part of the physical facility.  Factors such as these must be understood and carefully planned for.

Computer Theft

It is obvious to a knowledgeable observer by the distinctive shape of the carrying case and the special care taken by the owner, when a person is carrying a computer.  The laptop is a clear target for its intrinsic value, and a ready market for stolen equipment and the computer’s compact size make the theft a very lucrative, low risk venture for the criminal.  The loss or theft of a laptop poses a significantly greater risk of valuable information loss than ever experienced in the past, because of how much information can be stored on it.

What can you do if your electronic device is lost or stolen?

Report the loss or theft to the appropriate authorities.  These parties may include representatives from law enforcement agencies, as well as hotel or conference staff.  If your device contained sensitive corporate or customer account information, immediately report the loss or theft to your organization so that they can act quickly.  For cell phones, call your service provider and suspend your account immediately.

As the end of 2011 approaches, we’d like to take this opportunity to thank you for your continued partnership and business with Angel Alert Network (AAN). It is associates and clients like you who make our job a pleasure and success.

In 2011, we provided AAN training services to many new clients. How exciting and fulfilling it was for us to share valuable safety and security information to those out in the field who are helping those in need.

May your New Year be filled with much joy, happiness and success. We look forward to working with you in the coming year and hope our business relationship continues for many years to come.

Anyone involved in international communications should be aware of the threats and vulnerabilities that exist through methods of communication like telephones, computers, and fax machines. This article is the first in a series that discusses security measures your organization can take to secure your electronic transmissions.

Threats

• Electronic transmissions can be monitored by the host government, intelligence agencies of third party nations, terrorists, and criminals.  The host government usually owns and operates the phone systems, and while monitoring is more difficult for others besides the host country, the equipment required for such surveillance can be easily obtained by almost anyone.
• Business and technical data obtained from U.S. corporations may be, and often is, provided to foreign competitors and potential customers.
• Personal information obtained may be used to kidnap executives for financial gain or political purposes.
• Electronic equipment, such as facsimile machines, telephones, and desktop computers, may be altered to make electronic monitoring easier.  These alterations may be made either to the transmitting/receiving device itself or to the lines leading to and from the devices.

Vulnerabilities

• Telecommunications monitoring may be done at a phone company’s switching facilities; phone lines may be tapped or bugged; or microwave transmissions may be intercepted anywhere between the two microwave transmitters. In any event, telecommunications monitoring may be virtually undetectable.
• Telephones do not necessarily cease transmitting once they are hung-up.  Conversations taking place near a phone may be transmitted to the foreign state’s phone system switching facility and can be monitored anywhere between the phone and that facility.
• Most international U.S. corporate telecommunications are not encrypted.  Some countries do not allow encryption of telecommunications traffic within their borders, but it should be considered where feasible for any transmission of competitive information.
• Many telecommunications transmissions will contain “key words”, used to identify information of interest to a third party.  A key word can be the name of a technology, product, project, or anything else, which may identify the subject of the transmission.
• Encryption should be the first line of defense, however encryption will provide little if any security if a careful examination for audio “bugs” elsewhere in the room is not conducted.

 Suggested Counter-Measures

• For telephones: A small, company controlled switch installed within the facility can help ensure that conversations are not transmitted through handsets which are “hung-up”, and can also serve to decrease the threat of covert line access.
• Avoid “key words” or phrases that may be used by intelligence agencies and others to search recorded conversations for subjects of interest.  Examples would be project names, product names, the names of persons of interest (e.g. heads of state, CEO’s, etc.) and classification labels such as “sensitive” and “company confidential”.
• Positively identify all parties participating in phone conversations or receiving the facsimile transmissions.
• Whenever possible, utilize your corporate transmission facilities instead of those of the host government.
• Corporate offices should be located in facilities totally controlled by the corporation.
• Always keep at least one phone and facsimile machine secured in a container equipped with a combination lock, and restrict access to the combination. This will help maintain the integrity of that equipment.
• Check connecting lines to telecommunication devices (telephones, computers, fax machines, etc.) monthly to ensure that the line has not been replaced or modified by unauthorized personnel.
• Place stickers on phones warning of hostile monitoring to maintain awareness.

Last month, we covered overall awareness and image tips. But the topic of awareness doesn’t stop there! There are several things you can do to become more aware of your environment, thereby reducing your risk to threats, danger, and crime.  

Awareness becomes even more vital when you are traveling outside your home or normal environment.  Below you’ll find Street Smart tips on increasing your awareness while commuting.

Remember:  Be Alert, Be Aware, Have a Plan!

WALKING

• If unfamiliar with the area, seek reliable advice on areas considered safe for walking. Consult a local street map before leaving and bring it along.
• If possible, walk with companions. Avoid walking at night or in the dark. Use well-traveled and lighted routes.
• Walk with confidence and assurance but remember to anticipate problem situations that may arise unexpectedly.
• Avoid groups of people loitering, demonstrations, disputes or commotion in the streets. Avoid walking too close to bushes, dark doorways, and other places of concealment.
• Pickpockets often work in pairs using distraction as their basic ploy. Be aware of jostling in crowded areas. Divide money and credit cards between two or three pockets or bags.
• When carrying a backpack or purse, keep it close to the body. Do not carry valuables in these bags; instead, leave them in a secure place. It is better to carry only a small amount of money and a cheap watch to hand over if threatened.

VEHICLE SAFETY AND SECURITY

• Vehicles should be well maintained and checked daily. Make a maintenance checklist and keep a copy of the checklist and maintenance schedule with each vehicle.
• Have travel documentation in order, including vehicle registration, inspections, and passes as required. All drivers should have an international driver’s license or a valid license for the host country.
• Park in well-lit, heavily populated areas. Close all windows and lock doors before leaving the vehicle.
• Have keys ready in hand when returning to vehicle. Check the back seat before entering. Immediately lock doors upon entry. Open windows no more than 5 cm and only those windows near occupied seats.
• Wear seat belts at all times, in the front and rear of the vehicle.
• Know where the vehicle safety and communication equipment is and how to use it. Know how to perform basic vehicle maintenance (changing a flat tire, checking and adding fluids, etc.)
• Do not speed or drive too fast for conditions. Observe local driving laws and regulations.
• Take extra precautions when driving through rural villages or on undeveloped roads with pedestrians on the roadway. In remote areas or where threats may be present along the route, select primary and alternate routes. Avoid developing patterns.
• Avoid night driving or driving alone. Avoid letting the fuel tank fall below half full.
• Keep a spare vehicle key in the office. Keep vehicle and residence keys on separate key chains to reduce additional losses during a carjacking.
• Never voluntarily carry unauthorized passengers, especially soldiers. However, if threatened, provide the transportation. In the event of an attempted carjacking, do not risk your life to save a vehicle.
• Avoid areas with criminal activity or known threats. If possible, avoid “choke points” such as narrow alleys.
• Notify others of travel times, destination, and steps they should take if you are late. When possible, consult with other agencies and organizations to monitor route conditions and change routes as necessary.
• If approaching a suspicious area, stop well before the area and observe other traffic passing through it. This is especially useful for “unofficial” or unexpected checkpoints or police roadblocks.
• Avoid transporting sensitive documents or equipment in areas prone to banditry. Arrange proper permits for transporting items that could be interpreted as useful to combatants or terrorists.
• Keep an up-to-date, well-stocked first-aid kit in each vehicle. In areas of extreme weather conditions, prepare accordingly. For instance, in very hot areas, keep extra water; in extremely cold areas, keep blankets and food in the vehicle. Be prepared to survive if stranded.

CHECKPOINTS

• Avoid checkpoints whenever possible.
• When approaching a checkpoint or threat area, decrease speed and open windows slightly. If possible, allow others to pass through the area and observe from a safe distance.
• At night, switch to low beams and put on the interior light.
• Be ready to stop quickly, but stop only if requested.
• Keep hands visible at all times. Do not make sudden movements or attempts to hide or move items within the vehicle. High theft items, such as radios, cameras, and computers, should always be stored in nondescript containers or kept out of sight.
• Show ID if requested, but do not surrender it unless it is insisted.
• Leave the vehicle only if requested. If the checkpoint is not judged to be an attempted carjacking, turn the vehicle off and take keys. Remain close to the vehicle if possible.
• Comply with requests to search the vehicle. Accompany the searcher to ensure nothing is planted or stolen. Use judgment about protesting if items are removed. Do not aggressively resist if something is taken. Request documentation if possible.
• Do not offer goods in exchange for passage. This can encourage this behavior, making it more difficult for future travellers.

Awareness is a practice in being cognizant of your environment and how you should interact with that environment. Especially in a foreign country, awareness plays a huge role in your security. There are several things you can do to become more aware of your environment, thereby reducing your risk to threats, danger, and crime. Below you’ll find tips on how to increase your General Awareness and ways to use your Image, or how people perceive you, to your security advantage.

GENERAL AWARENESS
· Learn about local religious and cultural beliefs and practices and the various issues that may arise from them.
· If not from the area, learn the local language and practice it often. At a minimum, be aware of words or phrases that could be offensive as well as those to deter an offender or call for help.
· Keep informed of potential threats and areas to avoid.
· Be alert to the possibility of confrontation with individuals or groups. Be aware of times when crowds can be expected, such as after religious services, sporting events, or demonstrations. Avoid these areas.
·Be aware of the extent and activities of organized crime and take necessary precautions.
· Immediately leave any location that makes you feel uncomfortable.
· Know the local security arrangements, such as the nearest police station, emergency contact procedures, and potential safe areas.

IMAGE
· Arrange an introduction to the local authorities as appropriate.
· Interact often with neighbors and other staff. Become involved in community activities apart from work.
·Dress and behave in a manner considerate of local customs to avoid unwanted attention or disrespect.
· Avoid political discussions.
· Avoid being drawn into relationships that might carry unwanted personal obligations or expectations.
· Obey local laws at all times.
· Avoid transacting business with or carrying on personal relationships with those suspected of violating local laws
· Respect individual differences in risk perception. Always act in a manner that does not increase perceived risk to oneself or other members of the organization.
·Macho appearance in dress and behavior can provoke anger and escalate a dangerous situation. Maintain a calm, mature approach to all situations. Be non-provocative when confronted with hostility or potentially hostile situations.

An up-to-date emergency information form can make the difference between an emergency situation successfully resolved and a full-blown crisis concluding in devastating results. Especially if you are taking a trip, be sure to update your emergency information prior to your departure.  Keep a hard copy on file for yourself and share a copy with your organization, family members, and a close friend.  An individual not traveling or living with you should maintain a copy of the emergency form.  Good security practices involve reviewing your emergency information prior to leaving for a trip and at least once every six months, whichever is sooner.

A helpful emergency information form includes the following pieces:

• Basic personal information: name, date of birth, place of birth, social security number (or equivalent), name of your spouse
• Identification card(s) information: passport and driver’s license number, including expiration dates, country/state of issue, and date of issue
• Your contact information: phone number, email, and home address
• The names and contact information of at least 2 people to contact in case of an emergency
• An alert code to use in case of duress (forcibly restrained or restricted), giving you a discreet way to tell family, friends, or coworkers you are in danger (be sure to communicate this alert code to the people you will try to contact in distress)
• Health care information: name and contact information of primary care physician, dentist, and health insurance company (including the policy number)
• Any known medical conditions
• Prescriptions, including dosage information
• A current picture of yourself

For an example Emergency Information form you can download and use, please visit the Resources page.

Planning to travel away from home?  To a foreign country? Traveling in your home country is very different from traveling abroad. Overseas travelers must deal with local culture, language barriers, and foreign government officials. There are several things you can do before you travel to make your time abroad smooth and enjoyable. Whether you are traveling for business or as a tourist, you can easily learn how to travel abroad in complete safety when you put some thought and planning into your trip.

The following checklist will help you prepare for your trip and ensure you have all the necessary documents and safety precautions in place.

Documents

• Passport: Do you have 6 months remaining validity?
• Arrange visas for entry into countries to be visited, including those that you will transit.
• Carry a current driver’s license with your photo on it. Make sure it will not expire during your trip.
• Leave a copy of your itinerary with family or friends at home in case they need to contact you in an emergency. Arrange to check in with them at regular intervals.
• Photocopies: make two copies of your passport identification page, airline tickets, and driver’s license that you plan to bring with you. Leave one photocopy of these data with family or friends at home; pack the other in a place separate from where you carry your valuables.
• Make a list of addresses and emergency telephone numbers for U.S. embassies and local consulates.
• Make a list with your blood type, allergies, medical conditions, medications you are taking, and other special medical requirements.

Health

• Take a copy of your prescriptions and the generic names for the drugs.
• Take an extra set of eyeglasses or contact lenses.
• Take a health book (record of immunizations).
• Carry a small first aid kit.
• Take any medicines you need in your carry-on luggage.

Money, Cards, and Phone

• Obtain a modest amount of foreign currency before you leave your home country.
• Take only the credit cards you need.
• Bring travelers’ checks and one or two major credit cards instead of cash.
• Carry the minimum amount of valuables necessary for your trip and plan a place to conceal them.
• Make two copies of the numbers of credit cards and travelers’ checks, telephone numbers to report their loss, and air ticket numbers and store them in your wallet or briefcase.
• Ask your credit card company how to report the loss of your card from abroad, including a number you can call internationally.
• Consider getting a telephone calling card, worldwide paging or satellite cellular service.
• Find out your home country access code.

Luggage

• Tags: Put your name, address, and telephone numbers inside and outside of each piece of luggage. Use covered luggage tags to avoid casual observation of your identity or nationality.
• Buy locks for your luggage.

Insurance

• Health insurance: Does your current plan cover you abroad? Does it cover medical evacuation from remote areas? If not, consider enrolling in an international health program. (Hospitals in foreign countries do not take credit cards and most will not honor U.S.-based medical insurance plans.)
• Find out if your personal property insurance covers you for loss or theft abroad.

Education

• Learn as much as you can about the local laws and customs of the places you plan to visit.
• Learn a few important words of your country destination.
• Get a large regional map.
• Get a foreign language/English pocket dictionary or electronic translator.

Poor email practices are as dangerous as a loaded gun!

Whether you are emailing someone in a “closed” country, or live in a closed country yourself, it’s important to monitor the words and information you share. Below are some guidelines for keeping your emails sensitive for those whose correspondence may be under scrutiny (Advise individuals or organizations emailing you to practice the same measures):

NEVER mention the names of specific countries, cities or locations

ALWAYS use general references like “North Africa”

Limit the use of full names

ALWAYS use a pseudo name such as Mr. H. for people in a closed country (the pseudo name should be a believable western type name for example “Frank Mills” or “FM”)

NEVER use words with religious or political implications.

Obtain permission before:

• Forwarding messages or attachments
• Giving out someone else’s email or contact information.  (Email introductions should only be done if all parties consent.)
• Distributing pictures of individuals.

Keep email subject lines vague.

NEVER “carbon copy” multiple email recipients. Instead, “blind carbon copy” everyone.  Using BCC protects the privacy of recipients and helps reduce spam.

Note:  When you send or select “Reply All”, all email addresses in the “To:” or “Cc:” fields are clearly displayed in the message.

Remember: Do not give out email contact information unless you obtain permission in advance.

An email’s content and recipient(s) have the potential to compromise your security as well as the security of the person to whom you are sending it. There is always a chance of your email being intercepted – no matter how safe you believe your system to be. One of the simplest, most effective ways to control risk is to control content.

Many organizations establish an internal email policy outlining email usage and content management, which should be reviewed on a regular basis.  An email policy aids in protecting not only the organization, but also the individuals.  Do you know if your organization has an email policy? And if so, when was the last time you reviewed it?

Implement safe, practical email habits. It will protect others and yourself!

Make it a regular practice to let someone know about your daily whereabouts. This person can be your spouse, roommate, close friend, or another family member—someone you are used to being in communication with on a daily basis. Clue this person in to your daily schedule, when you expect to be home, and any spontaneous errands you may run. You may also set up a time each day where you check in with this person. A good idea is to do this before you leave for work or school in the morning, and then again when you come home later in the day.

The check-in can be as simple as a text message or short phone call. If you vary the way you get to work or school each day, let the person you’re checking in with know which route you will be taking today. Also, if your job requires you to do things like make house calls, travel to different offices, etc., make sure you are checking in regularly with the designated person in your organization.

Checking in may seem like a very simple thing to do, but if the unthinkable should happen, such as kidnapping, the chances of you being found will be greatly increased if you have clued someone else in to your whereabouts before being taken.

NEVER give away your hotel name, and more importantly your room number. If you are riding in the elevator of the hotel you are staying in and feel uncomfortable about the people in the elevator with you knowing what floor you are on, hit the button for a different floor and then wait for another elevator to get to your floor.

NEVER tell anyone on the road where you are planning on staying, stopping next, etc. It’s best to keep an extremely low profile while traveling by car. When stopping at rest areas, etc. do your best to keep information about where you’re going under wraps. Sometimes it’s ok to offer a direction (“I’m going west”), especially if it’s going to be apparent as soon as you pull out of the area, but keep it as vague as possible. More often than not, people will get the hint that you would rather not disclose your destination.

NEVER give personal information such as your occupation, what organization you’re with, mobile phone number or email address to a stranger.

NEVER give information about how long you’re staying, when you are planning on flying out/driving out, any meetings or seminars you are planning on attending, and so forth.

AVOID talking loudly with friends or acquaintances in public situations. The point is to keep a low profile, wherever you are, whatever you’re doing. Don’t yell across crowded restaurants to friends, openly discuss travel plans, etc. where someone could overhear.

The most important thing is to be aware of your surroundings – if you notice someone paying attention to you or a conversation you’re having, don’t be afraid to move or change the topic of your conversation.