FBI Discusses International Cybersecurity Risks for Businesses
On April 5, 2017, White and Williams hosted a meeting of the World Trade Center of Greater Philadelphia CEO’s China Operations Club, which featured the program “Cyber Security Threats and Trade Secret – IP Protection.” In addition to discussing experiences of the member companies that are actively engaged in business in China, presentations were provided by two special agents with the Philadelphia office of the Federal Bureau of Investigation who have considerable experience with cybersecurity risks.
The presentations focused on new cybersecurity law, current U.S./China cyber dialogue, and examples of violations by U.S. companies relating to exporting sensitive technology to China. Additionally, the presentations identified the current cyber threat environment in certain countries, such as China, that engage in commercial espionage.
The presenters also discussed the need for education and awareness for any company that is engaged in international business, particularly those who visit on a regular basis certain countries that present potential cybersecurity risks.
Some of the practical observations included:
- Human error is the most significant source of cyber risk, whether errors occur when employees are traveling abroad or working diligently in an office cubicle. Sources of risk include:
- Lack of employee training to recognize and withstand phishing scams, email spoofing, and other social engineering exercises;
- Mixed use of personal computers and devices (i.e., phone or tablet) with work, resulting in potential transfer of malware to the company’s network; and
- Lack of data protection policies among company vendors who handle sensitive company information, including customer personal information.
- The failure to timely report a suspected cyber event to appropriate personnel to investigate, identify, contain and resolve a data breach or intrusion into a company network. The time for a company to respond is hours and days, not weeks.
- The failure to establish a visitor policy (including escort of visitors) and procedures for any place of business that hosts foreign visitors. This may include, particularly if the visit includes an inspection of a plant, leaving cell phones at the front desk and personal escorts for all visitors at the facility.
In addition to appropriate measures being taken at home, precautions should be taken when company personnel travel abroad.
- Recognize the risk that your hotel room may be monitored, that intelligence operations may be downloading data from smart phones, computers and tablets in the ordinary course at hotels, airports and as you proceed through Customs.
- If you must take a computer or tablet, bring a “clean” device, as well as a “clean” cell phone to minimize the risk of data attacks.
- Be careful while in country to limit your communications back to the U.S. as your phone or computer may be monitored in the ordinary course.
Please contact Gary Biehn (firstname.lastname@example.org; 215.864.7007) or Josh Mooney (email@example.com; 215.864.6345) for assistance in developing proper compliance policies and practices to better protect your data, particularly as it relates to the expansion of your business with international partners, and in international territories.