Employee and Cyber Security in International Business
Investing in employee safety and cybersecurity is not optional for a business with an international footprint — it’s a must. In the global business world, this is about risk mitigation and as such the question becomes: how to do it and to what degree? Keeping employees and company data safe is a complex undertaking that requires a deliberate effort to combine deeper cultural knowledge of a host country/business counterpart with a comprehensive duty of care program, as well as common sense training for any employee representing your company abroad.
High-risk travel/relocation increasing
As international travel and longer-term assignments become more and more common, it is also the case that business travel/relocation to high-risk destinations is increasing. Some numbers shared at a recent global travel risk forum in San Francisco were a 20 percent rise in trips to medium/high-risk destinations, a 70 percent rise in trips to extreme risk destinations and a 50 percent rise in modified itineraries due to high-risk incidents. Considering these numbers, it is clear that employee safety and support are of utmost importance, as is a comprehensive cybersecurity program that is up to date, flexible and thorough.
A key component in creating effective programs is having a deeper knowledge and understanding of the country in which you are doing business. This is particularly true for countries that are considered high risk and where the cultural differences are greater compared to your home country. In these instances knowing customs and how people and society function is not a must just in order to make the most of an international assignment, it's a must in order to stay as safe as possible, both physically and from a cybersecurity standpoint.
The mistake of assumption
Several speakers at the San Francisco global travel risk forum spoke of the “mistake of assumption” — meaning there is a risk in heading abroad thinking that everything works the way it does back home. As international travelers/assignees are often already at a disadvantage with language barriers and unfamiliar surroundings, the “mistake of assumption” becomes another liability.
China, for example, limits many types of internet communication services — this could have a serious impact on an unaware traveler/assignee who is expecting to be able to carry on as usual with email communication, or various Google tools for example. Also important to know as a foreign citizen abroad — you typically don't have the same privacy rights as you do in your home country.
Preparing and supporting employees in international travel and relocation means having a program in which matters such as cultural awareness, company safety procedures abroad, chains of communication, and support package details are relayed. Many bigger companies have a system in place for automatically triggering a digital information flow once an employee has been issued a ticket for international travel. This flow may include information such as safety procedures, emergency information while abroad, and perhaps even some country-specific support. However, there is often a gap in information delivery by the company and information absorption by the employee. Access to support resources on an ongoing basis is an important but often overlooked, component.
Many companies provide VPN logins, clean loaner laptops and cell phones for their international business travelers as a data security measure but will neglect to educate employees on simple safety precautions regarding use of devices on an airplane or in public settings, or how to make (or not make) business calls in public places. How many of us haven’t been in the row behind someone on an airplane and had a clear view of their laptop screen, or have heard most of someone else’s private business conversation simply by being in the same lounge area?
One estimate for intellectual property lost is $600 billion on average/year in America alone. Cybersecurity requires a comprehensive strategic effort and educating employees on common sense data safety practices is a small, but important, piece of the puzzle. As business travelers are considered soft targets for intellectual property theft, corporate counterintelligence strategies should include a plan that spans pre- to post-departure of an employee on an assignment/business trip.
Keeping employees and data safe is no small task. Cultural awareness and understanding of the conditions under which an international counterpart/host country operates are basic starting points for determining risk. A comprehensive duty of care package in combination with employee training and well-established company procedures for cybersecurity, emergency response and employee support serve as risk mitigators.
By: Felicia Shermis
New York Times: https://www.nytimes.com/2017/08/15/opinion/china-us-intellectual-property-trump.html