PGP Blogs

One of the most fun parts of my job is when my friends tell me how they're using PGP® products to protect their personal and professional information. Whether it's preventing their children from inadvertently altering financial records or preventing competitors from accessing new product plans, I always enjoy these stories tremendously.

So, I had to smile recently when an old friend of mine who's a retired government official told me about his recent experiences with PGP® Whole Disk Encryption. Despite the fact that my friend is no longer in government, there are evidently foreign governments that believe the information he carries is of interest. He discovered soon after leaving government service that if he left his personal laptop in a hotel room to go for a walk or out to dinner that it would be "reviewed" in his absence. Despite not carrying any classified material, my friend decided the prudent thing to do would be to encrypt his hard drive using PGP Whole Disk Encryption. Now he can leave his laptop in any hotel room in the world knowing the contents are secure even if the device is stolen.

I started thinking about my friend's experience and it occurred to me that the proliferation of mobile devices and high-speed networks in hotels have opened a potential security threat for all of us. Not only are the devices vulnerable when they aren't physically with us, but the data also is vulnerable, given the nature of the hotel networks on which we're dependent when we travel.

It's evident just from the physical installation of most hotel networks that security was not foremost in the mind of the designer or the installer. Whether the networks are wired or wireless, you have no idea who is really listening in on the network traffic, how they're secured, or where the sensitive data on them may end up. When you realize that these essentially open networks are really an extension of the security perimeter of the companies of every hotel guest, you quickly see just how risky their use can be.

Fortunately, there are simple steps you can take to protect your personal and professional data when traveling. The first step involves a change of mindset...you should just assume that your hotel's network has been breached or is being monitored by people that don't have your best interests at heart. Based on this assumption, you should follow my friend's example and never leave unencrypted data on any device in your hotel room, whether it's on your laptop, thumb drive, MP3 player, or phone. If you can't encrypt the data, you should keep the device with you at all times or just leave it at home.

Then you need to determine how to secure your email and voice communications. If your employer doesn't already use a PGP® solution or similar product to encrypt the email itself, you should insist that they support secure connections to your mail servers. Typically, this security is provided via a Virtual Private Network or VPN. It's not a perfect answer, but it's better than nothing. You'll occasionally run across the problem that some hotel networks don't support VPN access or SSL/ TLS connections, and you should take this limitation as a sign that you shouldn't use email to communicate sensitive information using the hotel's network.

I believe this issue of unsecure hotel networks will resolve itself over time and security standards will emerge that the hospitality industry will voluntarily adopt. Until then, we live in a caveat emptor world in which you'll need to take responsibility for your own data security when you’re away from home.

- Phil