It's been a rough time of late for global business travellers who need to stay in touch. Earthquakes, tsunamis, volcanoes, floods and wildfires have disrupted communications across large geographic regions, while political turmoil and government crackdowns have thrown normal communications routines into disarray.
What's notable is how quickly and unexpectedly events can unfold. One day, a country can be wired and connected, and the next, mobile phone service is out and Internet connections are down. Travellers without a backup plan can be left stranded and scrambling.
It doesn't have to be that way. Well prepared employees who have been outfitted and updated before heading abroad have a much better chance of staying connected and safe during a disruption, says Jerry Luftman, executive director of the School of Technology Management at the Stevens Institute of Technology.
In troubled times like these, IT departments should adopt holistic "we've got you ready to go" policies, rather than leaving travelling workers to figure out ways to stay connected on their own, says Phil Cox, director of security and compliance at SystemExperts, a network security consultancy.
Security experts agree with Luftman's and Cox's observations. With companies of all sizes doing business in remote or volatile regions of the world these days, the time is right for organisations to develop plans that take into account workers' destinations, and the difficulties they're likely to encounter there.
But not enough employers are doing that, says Greg Bell, principal and global services leader for information protection at business advisory firm KPMG. "There are a larger number of firms today that are thinking through this than there were a few months ago," he says, "but mostly these are larger multinational companies that have learned from what's happened around them."
"The bigger risk is to the smaller and midsize firms who are starting their global expansion but don't have enough people looking at risk or aren't asking questions at all," says Bell.
Road warriors in tough conditions
Tech managers at Edgewater started asking questions a long time ago. Employees of the IT consultancy have a history of enduring tough conditions on the road. In the mid-1990s, for example, some Edgewater workers were working in Sri Lanka when the country was caught in a brutal civil war.
Telephone wires there were often stolen for their copper, and other key components of the telecommunications infrastructure often had been blown up or were just plain non-existent in rough jungle terrain. So the company outfitted its employees with mobile phones, a technology that was just beginning to gain wide use.
The firm continues to send people all over the world, to remote areas of Africa, Europe and Asia, says Dave Clancey, the company's CTO. Clancey says Edgewater, with its global reach, has always recognised the need to deliver reliable tools to its travelling workforce. People need to stay connected so they can do their jobs, but also to keep them in touch with support from the US offices.
And that can be a moving target, since mobile technology changes almost as fast as the geological and political conditions worldwide. "You have to stay on top of it, stay up to date," he says. "The last thing you want is people not being able to contact you or you not being able to contact them."
Of VPNs and VoIP
As the world becomes more connected, it might be hard to imagine not being able to contact others no matter where you happen to be, but the reality is there are still large swaths of the globe where avenues of communication are limited. In some places, clouds are just clouds, Wi-Fi isn't available even for a fee and access to basic voice and data lines is a luxury.
Moreover, recent events have shown that, even in developed regions, seemingly robust communications and technology infrastructures can be incapacitated in the wake of natural disasters and political upheaval.
As the former director of IT at Vantage Deluxe World Travel, Peter Groustra knows what it takes to equip workers to handle unexpected situations.
To support Vantage's employees, whose jobs include leading overseas tours in places like Egypt, Groustra deployed a Cisco Unified Communications platform, a VoIP system and a virtual private network (VPN) that allows workers to use their laptops to place secure calls into the main office using the same number from any Internet connection regardless of their location.
He says workers use their smartphones as well. The travel company generally signs up for service with local providers in the regions where it offers tours.
With all of those options, says Groustra, he felt confident that Vantage's workers the connectivity they needed.
That was until the uprising in Egypt this past spring, when the government shutdown of Internet connections left Vantage's tour guides unable to use their regular methods of communication. The tour guides managed to make it to Vantage's offices in Cairo, where they used old school landlines to call the home office, which then arranged for a chartered plane out of the country.
Groustra says the experience made the company rethink a proposal to cancel landlines in its Cairo office and go all-cellular.
Smooth travel starts at home
While the IT department should be at the forefront of deciding what gear and software is best for which employees, protecting mobile workers is not a job for IT alone. HR executives, legal experts and physical security specialists should all be part of the discussion with IT leaders, says Luftman. "Much of this goes beyond IT, though much of it can be enabled with IT," Luftman says.
He says IT's role starts at home, with the establishment of a portal where employees can find travel updates, including safety tips, State Department warnings and other key pieces of information.
IT could create a hotline for travellers to call, via landline, Internet or satellite phone, if they run into trouble. And it could set up a means of pushing out information to ensure travelling workers get critical information right away. Managers may also want to keep tabs on the burgeoning array of disaster preparedness smartphone apps to determine which, if any, are right for their employees.
On the hardware side, IT should ensure that workers are equipped with the basics, such as Skype on their laptops and a cellphone that will actually work overseas. "You have to have these in place and communicate that these are in place," he says. From there, Luftman says, IT can look at the places where workers will be travelling to determine what additional needs they might have.
At Edgewater, Clancey has the process down. He says he looks at where his workers are going and how long they'll be there. Then he starts to pack up their travelling kits, pulling most of the needed items from the stock he keeps at company headquarters. One big decision is whether smartphones and laptops are enough, or whether travellers will need satellite phones and solar-powered battery chargers.
"Everybody goes out with a high-end laptop and a smartphone. We make sure they have the proper adapters for power supplies that handle 110-220V automatically," he says. "If someone is going for an extended period, we provide a country-specific unit."
If employees will be overseas for an significant amount of time, he arranges for local phone service in addition to their regular mobile provider.
And if they're likely to pass through remote areas with no service, including rural areas even in developed nations, he rents them satellite phones for backup (even though placing a call on such a device can be prohibitively expensive). He might also pack solar-powered battery chargers or hand-cranked chargers, both of which typically generate enough juice to power a laptop.
Cost vs risk
While Clancey says such investments make sense for his workforce, given the risks employees might encounter, security experts advise companies to assess their own needs and balance cost of technologies against the potential benefits they might yield.
Despite the tense situation Vantage workers encountered in Egypt, for example, Groustra says he doesn't think satellite phones would have been worth the cost in that situation. "We found it was expensive, and we could generally reach people with cellphones," he explains.
Groustra notes that phones that support multiple mobile networking protocols work best. However, at Vantage he occasionally gave employees 4G LTE devices for special purposes, such as if a travelling employee wanted to create a hotspot so several people could share connectivity
Of the risk vs cost debate, Groustra says, "It's a tricky balance. Like any company, we had to watch the bottom line. We didn't want to go with the most expensive option, but we wanted to have multiple options because we didn't want our guides to be out of touch."
Encrypted data doesn't always travel well
It's no surprise that more and more companies are turning to encryption to keep data safe when their employees travel overseas. They're using encrypted hard drives to safeguard data on laptops, and encryption apps to protect company files and user data kept on smartphone storage cards.
Phil Cox, director of security and compliance at SystemExperts, says clients have told him stories about foreign customs officers taking possession of their laptops and claiming that they needed to inspect them. Although the clients said there was no evidence that anything was hacked, the experience left questions in their minds.
With such uncertainty in the air, encryption makes sense. But from a legal point of view encryption can pose problems. Specifically, taking an encrypted device into some countries can violate international laws.
"Some countries have restrictions on what type of information you bring in. There are certain countries where encrypted data isn't allowed. And in some cases, coming in with a laptop with an encrypted hard drive is breaking local laws," says Greg Bell, principal and global services leader for information protection at KPMG.
The laws are complex. Even countries that currently prohibit individuals from bringing in encrypted devices or data will allow it under certain circumstances with permits or prior permission from government agencies. Of course, determining which government agencies can grant that permission can be a complex task in itself.
According to IT security experts, the countries that prohibit and/or require special permits for encryption include Belarus, China, Hungary, Israel, Russia and Saudi Arabia.
Richard Mackey, vice president of consulting at SystemExperts, says prudent companies shouldn't allow workers to carry around too much sensitive information, encrypted or otherwise. He recommends that IT departments make it a policy to know what each traveling worker has on his or her computer and other mobile devices, and keep only what's absolutely necessary for a particular business trip.
What do you do if the country your employee is visiting prohibits encryption? Consider the cloud.
Bell says some companies are now storing sensitive data in the cloud rather than on laptop drives and equipping their road warriors with secure VPN connections that allow them to access material when they need it.