Cybersecurity on the Move
Today’s globally mobile employees face a constant risk: persistent, sophisticated cyber threats that target both the individual and their company.1
The Cybersecurity and Infrastructure Security Agency (CISA) announced that advanced spyware campaigns are targeting mobile devices and identifying messaging apps as well as social media platforms as primary threat vectors. CISA highlighted spyware capable of capturing messages, emails and authentication codes; enabling remote microphone or camera activation; circumventing device security settings; and propagating through compromised messaging applications. These attacks target both individuals and companies alike.2
For HR and Global Mobility leaders, when cyber security efforts are proactive and evolve to new threats, business traveler/assignee cyber risk becomes manageable.
The “Routine Travel Is So Low Risk” Assumption
Modern cyberattacks increasingly exploit mobility. According to Verizon’s Data Breach Investigations Report, stolen credentials, compromised devices, and unsecured networks remain leading causes of breaches.
In 2025, they report a 34% increase in attackers exploiting vulnerabilities to gain initial access and cause security breaches and that 44% of all breaches analyzed showed ransomware was present, marking a notable rise from last year’s report. These risks were amplified when employees travel internationally. Public Wi-Fi, hotel networks, airport charging stations, and even rental vehicles can be common attack vectors.3
Also, in 2025 the industry saw a sharp rise in zero-click spyware and social-engineering attacks (e.g., QR codes that instantly link an attacker's device to a victim's WhatsApp/Signal). Both fully updated iOS and Android devices are vulnerable, if the user scans a malicious code or installs a fake updater.
Critically, many networks that appear legitimate should be treated as untrusted. Government agencies advise that foreign networks, regardless of brand or familiarity, should always be accessed through secure channels.
Practical Controls That Still Matter—And Why They’re Strategic
While the tactics below may feel familiar, their strategic value has increased:
- VPN usage: Encryption remains one of the most effective defenses against interception on public or foreign networks.
- Multi-factor authentication and conditional access: Enforcing MFA and geo-aware access controls significantly reduces account takeover risk.3
- Stop auto connecting: Disable wireless connectivity and Bluetooth so only connecting to networks when one wants to.4
- USB data blockers: The risk of “juice jacking” is low but not zero and remains a threat; blocking data transfer while charging reduces exposure.5
- Travel-only or “clean” devices: Minimize data exposure by issuing devices with limited access rights for high-risk travel (“clean” loaner devices with minimal data), bring only essential devices when traveling internationally and require employees to use strong passwords and disable biometrics before crossing borders.6
- Situational awareness and screen privacy: Shoulder-surfing and visual eavesdropping remain common in transit hubs.
- Post-travel remediation: Updating operating systems, rotating credentials, and scanning devices after travel reduces lingering compromise risks.
Not All Destinations Carry the Same Risk
Cyber risk varies widely by country. In some, lawful interception, device inspection, or state-sponsored surveillance is routine. Employees are subject to local laws and corporate data may be exposed simply by crossing a border.7
Cybersecurity is a core part of duty of care. Forward-looking organizations should require pre-departure cyber briefings and classify destinations by cyber risk tier. These steps also help organizations align mobility programs with evolving global privacy and data-protection regulations.⁸ Regular, role-based training and integrated mobility-security planning are also no longer optional.3
Data Breach Ramifications Can Last Years
The long-term legal, reputational, and financial ramifications of a data breach can last years.
For HR and Global Mobility, this is an opportunity to rethink how travel, technology, and duty of care intersect -- and to engage employees earlier, smarter, and more securely in the mobility lifecycle.
“When employees travel internationally, the decisions they make about devices, networks, and data can have enterprise-wide consequences,” said Dar Andrews, CIO, NEI Global Relocation. “While cyber risks can’t be 100% eliminated even doing everything recommended, with awareness, controls, and training, NEI’s found exposure can be significantly reduced.”
If you would like more information on this or any other relocation topic, please contact NEI’s Dar Andrews or your NEI representative or visit www.neirelo.com any time.
For CISA’s Cybersecurity While Traveling Tip Card, visit their website (www.cisa.gov) or click here.
The above article is provided for informational purposes only. Please consult your tax, legal, or accounting advisors before making any decisions or transactions.
About NEI Global Relocation
NEI, a certified Women’s Business Enterprise (WBE), partners with over 200 clients—including Fortune Global 100, Fortune 500, and Fortune 1000 companies—to deliver world-class global mobility and assignment management solutions. Headquartered in Omaha, Nebraska, with offices in Switzerland and Singapore, NEI helps companies transition employees smoothly across the globe.
References
1. National Institute of Standards and Technology (NIST), “Cybersecurity Framework 2.0”
2. JD Supra, “New Warning on Mobile Spyware”
3. Verizon, “2024 Data Breach Investigations Report”
4. Cybersecurity & Infrastructure Security Agency (CISA), “Cybersecurity While Traveling Tip Card”
5. LastPass, “Juice Jacking in 2025: Want a Side of Malware with That Free Charge?”
6. JD Supra, “Protecting Data While Traveling Internationally”
7. I-Sight, “A Practical Guide to Data Privacy Laws by Country”
8. CISA Report: “Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications”
Cybersecurity on the Move
Today’s globally mobile employees face a constant risk: persistent, sophisticated cyber threats that target both the individual and their company.1
The Cybersecurity and Infrastructure Security Agency (CISA) announced that advanced spyware campaigns are targeting mobile devices and identifying messaging apps as well as social media platforms as primary threat vectors. CISA highlighted spyware capable of capturing messages, emails and authentication codes; enabling remote microphone or camera activation; circumventing device security settings; and propagating through compromised messaging applications. These attacks target both individuals and companies alike.2
For HR and Global Mobility leaders, when cyber security efforts are proactive and evolve to new threats, business traveler/assignee cyber risk becomes manageable.
The “Routine Travel Is So Low Risk” Assumption
Modern cyberattacks increasingly exploit mobility. According to Verizon’s Data Breach Investigations Report, stolen credentials, compromised devices, and unsecured networks remain leading causes of breaches.
In 2025, they report a 34% increase in attackers exploiting vulnerabilities to gain initial access and cause security breaches and that 44% of all breaches analyzed showed ransomware was present, marking a notable rise from last year’s report. These risks were amplified when employees travel internationally. Public Wi-Fi, hotel networks, airport charging stations, and even rental vehicles can be common attack vectors.3
Also, in 2025 the industry saw a sharp rise in zero-click spyware and social-engineering attacks (e.g., QR codes that instantly link an attacker's device to a victim's WhatsApp/Signal). Both fully updated iOS and Android devices are vulnerable, if the user scans a malicious code or installs a fake updater.
Critically, many networks that appear legitimate should be treated as untrusted. Government agencies advise that foreign networks, regardless of brand or familiarity, should always be accessed through secure channels.
Practical Controls That Still Matter—And Why They’re Strategic
While the tactics below may feel familiar, their strategic value has increased:
- VPN usage: Encryption remains one of the most effective defenses against interception on public or foreign networks.
- Multi-factor authentication and conditional access: Enforcing MFA and geo-aware access controls significantly reduces account takeover risk.3
- Stop auto connecting: Disable wireless connectivity and Bluetooth so only connecting to networks when one wants to.4
- USB data blockers: The risk of “juice jacking” is low but not zero and remains a threat; blocking data transfer while charging reduces exposure.5
- Travel-only or “clean” devices: Minimize data exposure by issuing devices with limited access rights for high-risk travel (“clean” loaner devices with minimal data), bring only essential devices when traveling internationally and require employees to use strong passwords and disable biometrics before crossing borders.6
- Situational awareness and screen privacy: Shoulder-surfing and visual eavesdropping remain common in transit hubs.
- Post-travel remediation: Updating operating systems, rotating credentials, and scanning devices after travel reduces lingering compromise risks.
Not All Destinations Carry the Same Risk
Cyber risk varies widely by country. In some, lawful interception, device inspection, or state-sponsored surveillance is routine. Employees are subject to local laws and corporate data may be exposed simply by crossing a border.7
Cybersecurity is a core part of duty of care. Forward-looking organizations should require pre-departure cyber briefings and classify destinations by cyber risk tier. These steps also help organizations align mobility programs with evolving global privacy and data-protection regulations.⁸ Regular, role-based training and integrated mobility-security planning are also no longer optional.3
Data Breach Ramifications Can Last Years
The long-term legal, reputational, and financial ramifications of a data breach can last years.
For HR and Global Mobility, this is an opportunity to rethink how travel, technology, and duty of care intersect -- and to engage employees earlier, smarter, and more securely in the mobility lifecycle.
“When employees travel internationally, the decisions they make about devices, networks, and data can have enterprise-wide consequences,” said Dar Andrews, CIO, NEI Global Relocation. “While cyber risks can’t be 100% eliminated even doing everything recommended, with awareness, controls, and training, NEI’s found exposure can be significantly reduced.”
If you would like more information on this or any other relocation topic, please contact NEI’s Dar Andrews or your NEI representative or visit www.neirelo.com any time.
For CISA’s Cybersecurity While Traveling Tip Card, visit their website (www.cisa.gov) or click here.
The above article is provided for informational purposes only. Please consult your tax, legal, or accounting advisors before making any decisions or transactions.
About NEI Global Relocation
NEI, a certified Women’s Business Enterprise (WBE), partners with over 200 clients—including Fortune Global 100, Fortune 500, and Fortune 1000 companies—to deliver world-class global mobility and assignment management solutions. Headquartered in Omaha, Nebraska, with offices in Switzerland and Singapore, NEI helps companies transition employees smoothly across the globe.
References
1. National Institute of Standards and Technology (NIST), “Cybersecurity Framework 2.0”
2. JD Supra, “New Warning on Mobile Spyware”
3. Verizon, “2024 Data Breach Investigations Report”
4. Cybersecurity & Infrastructure Security Agency (CISA), “Cybersecurity While Traveling Tip Card”
5. LastPass, “Juice Jacking in 2025: Want a Side of Malware with That Free Charge?”
6. JD Supra, “Protecting Data While Traveling Internationally”
7. I-Sight, “A Practical Guide to Data Privacy Laws by Country”
8. CISA Report: “Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications”
Cybersecurity on the Move
Today’s globally mobile employees face a constant risk: persistent, sophisticated cyber threats that target both the individual and their company.1
The Cybersecurity and Infrastructure Security Agency (CISA) announced that advanced spyware campaigns are targeting mobile devices and identifying messaging apps as well as social media platforms as primary threat vectors. CISA highlighted spyware capable of capturing messages, emails and authentication codes; enabling remote microphone or camera activation; circumventing device security settings; and propagating through compromised messaging applications. These attacks target both individuals and companies alike.2
For HR and Global Mobility leaders, when cyber security efforts are proactive and evolve to new threats, business traveler/assignee cyber risk becomes manageable.
The “Routine Travel Is So Low Risk” Assumption
Modern cyberattacks increasingly exploit mobility. According to Verizon’s Data Breach Investigations Report, stolen credentials, compromised devices, and unsecured networks remain leading causes of breaches.
In 2025, they report a 34% increase in attackers exploiting vulnerabilities to gain initial access and cause security breaches and that 44% of all breaches analyzed showed ransomware was present, marking a notable rise from last year’s report. These risks were amplified when employees travel internationally. Public Wi-Fi, hotel networks, airport charging stations, and even rental vehicles can be common attack vectors.3
Also, in 2025 the industry saw a sharp rise in zero-click spyware and social-engineering attacks (e.g., QR codes that instantly link an attacker's device to a victim's WhatsApp/Signal). Both fully updated iOS and Android devices are vulnerable, if the user scans a malicious code or installs a fake updater.
Critically, many networks that appear legitimate should be treated as untrusted. Government agencies advise that foreign networks, regardless of brand or familiarity, should always be accessed through secure channels.
Practical Controls That Still Matter—And Why They’re Strategic
While the tactics below may feel familiar, their strategic value has increased:
- VPN usage: Encryption remains one of the most effective defenses against interception on public or foreign networks.
- Multi-factor authentication and conditional access: Enforcing MFA and geo-aware access controls significantly reduces account takeover risk.3
- Stop auto connecting: Disable wireless connectivity and Bluetooth so only connecting to networks when one wants to.4
- USB data blockers: The risk of “juice jacking” is low but not zero and remains a threat; blocking data transfer while charging reduces exposure.5
- Travel-only or “clean” devices: Minimize data exposure by issuing devices with limited access rights for high-risk travel (“clean” loaner devices with minimal data), bring only essential devices when traveling internationally and require employees to use strong passwords and disable biometrics before crossing borders.6
- Situational awareness and screen privacy: Shoulder-surfing and visual eavesdropping remain common in transit hubs.
- Post-travel remediation: Updating operating systems, rotating credentials, and scanning devices after travel reduces lingering compromise risks.
Not All Destinations Carry the Same Risk
Cyber risk varies widely by country. In some, lawful interception, device inspection, or state-sponsored surveillance is routine. Employees are subject to local laws and corporate data may be exposed simply by crossing a border.7
Cybersecurity is a core part of duty of care. Forward-looking organizations should require pre-departure cyber briefings and classify destinations by cyber risk tier. These steps also help organizations align mobility programs with evolving global privacy and data-protection regulations.⁸ Regular, role-based training and integrated mobility-security planning are also no longer optional.3
Data Breach Ramifications Can Last Years
The long-term legal, reputational, and financial ramifications of a data breach can last years.
For HR and Global Mobility, this is an opportunity to rethink how travel, technology, and duty of care intersect -- and to engage employees earlier, smarter, and more securely in the mobility lifecycle.
“When employees travel internationally, the decisions they make about devices, networks, and data can have enterprise-wide consequences,” said Dar Andrews, CIO, NEI Global Relocation. “While cyber risks can’t be 100% eliminated even doing everything recommended, with awareness, controls, and training, NEI’s found exposure can be significantly reduced.”
If you would like more information on this or any other relocation topic, please contact NEI’s Dar Andrews or your NEI representative or visit www.neirelo.com any time.
For CISA’s Cybersecurity While Traveling Tip Card, visit their website (www.cisa.gov) or click here.
The above article is provided for informational purposes only. Please consult your tax, legal, or accounting advisors before making any decisions or transactions.
About NEI Global Relocation
NEI, a certified Women’s Business Enterprise (WBE), partners with over 200 clients—including Fortune Global 100, Fortune 500, and Fortune 1000 companies—to deliver world-class global mobility and assignment management solutions. Headquartered in Omaha, Nebraska, with offices in Switzerland and Singapore, NEI helps companies transition employees smoothly across the globe.
References
1. National Institute of Standards and Technology (NIST), “Cybersecurity Framework 2.0”
2. JD Supra, “New Warning on Mobile Spyware”
3. Verizon, “2024 Data Breach Investigations Report”
4. Cybersecurity & Infrastructure Security Agency (CISA), “Cybersecurity While Traveling Tip Card”
5. LastPass, “Juice Jacking in 2025: Want a Side of Malware with That Free Charge?”
6. JD Supra, “Protecting Data While Traveling Internationally”
7. I-Sight, “A Practical Guide to Data Privacy Laws by Country”
8. CISA Report: “Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications”
