Personal technology for the summer: privacy whilst travelling and remote working outside the office

Remote work during vacation rarely seems risky: it’s usually a quick login from a hotel, an email replied to at the airport, a document opened in a café, or a discussion about a project between meetings. For a company, however, this is the moment when data, devices, and decisions move beyond the controlled office environment—and test whether security policies are more than just a document on the intranet.

10 Min Read
urlop wakacje

Summer does not bring work to a standstill for boards, managers or those responsible for clients, budgets and operational decisions. It merely changes the setting: company data appears on laptop screens in hotels, airports and cafés, whilst the smartphone becomes a temporary command centre away from the office.

This need not spell disaster. It does, however, mean that the privacy and security of personal technology are no longer solely the responsibility of the IT department. They are becoming part of risk management, because devices used whilst travelling now provide access to email, instant messaging, documents, CRM, financial systems, the cloud and, increasingly, AI tools too.

The most important question, therefore, is not: can a manager work whilst travelling? Rather, it is: does the company still retain control over data when work moves outside the office, outside the familiar network and outside the daily routine?

Summer changes working conditions, not responsibilities

Hybrid and remote working have become so commonplace that logging in from a café, a hotel lobby or an airport no longer raises any eyebrows. The problem is that outside the office, almost everything changes: the network, the surroundings, the level of privacy, the user’s concentration and the availability of technical support.

That is why current recommendations for remote workers increasingly begin with checking the employer’s policies. Companies may specify where work is permitted, which devices may be used, what data may be accessed, and whether working from specific countries or public places is allowed. This is important because some organisations restrict work in crowded spaces or certain jurisdictions precisely for reasons of security and data privacy.

For senior management, this is not merely an operational detail. It is a test of whether the remote working policy is genuinely understandable to those making decisions outside the office.

Public Wi-Fi is just the tip of the iceberg

The most obvious risk remains public networks. Airports, hotels and cafés offer convenience, but also an environment over which the company has no control. Experts warn in particular against open networks, fake hotspots masquerading as legitimate Wi-Fi, and situations where a user automatically connects to an unknown network. The AP, citing warnings from the NSA, points out that even a network requiring a password does not guarantee data encryption, and one of the risks is so-called ‘evil twin’ networks.

But public Wi-Fi is merely a symptom of a wider problem. What matters most is what a manager is doing whilst using such a network. If they are checking the weather for personal use, the risk carries a different weight than when they are opening a financial document, discussing a transaction, approving a decision in the system or using their work email. In this sense, recommendations regarding VPNs, mobile hotspots or mobile data are not technical frills, but a way of maintaining control over access to information.

Data often leaks through the screen, not through an attack

One of the most underestimated risks of working whilst travelling is visual privacy. Data does not always have to be intercepted by a cybercriminal. Sometimes it is enough for it to be visible on a laptop screen on a plane, in a notification on a smartwatch, in a presentation open in a hotel lobby, or in a conversation conducted too loudly in a public space.

Advice for remote workers frequently highlights the issue of ‘visual privacy’: screen settings, choice of seat, minimising the risk of content being viewed by others, and exercising caution when discussing confidential matters in public places.

This is very much a business issue. Managers often work with information that need not be a trade secret to be of high value: pricing plans, customer data, HR decisions, sales figures, contract terms or crisis communication plans. Privacy whilst travelling is therefore part of professional conduct, not excessive caution.

A manager’s smartphone is part of the company’s infrastructure

When travelling, a smartphone and laptop become the company’s mobile hub. They provide access to email, calendars, messaging apps, cloud-based files, banking apps, sales systems and decision-making tools. The loss of such a device is no longer merely a private inconvenience for the user. It can become a security incident.

From the board’s perspective, the most important thing is not whether every manager knows the details of the MDM configuration. What matters more is whether the organisation can respond quickly. Can the device be remotely locked? Is the data encrypted? Does access to systems depend on location, device and risk level? Can the company terminate active sessions if a phone is lost? Is it clear who to report such a problem to at the weekend?

Remote working broadens the attack surface, as employees use different locations, networks and devices, often beyond the level of monitoring familiar from the office. Experts point out that even good security policies are weakened if their effectiveness depends solely on the individual user’s discipline.

When travelling, convenience can be the greatest threat

Holiday risks rarely look spectacular. More often, they start with a minor shortcut: public Wi-Fi instead of a hotspot, a personal email account instead of a work drive, a borrowed cable, a locally downloaded file, a document-scanning app or an AI tool that’s ‘just meant to help quickly’ summarise a note.

It is precisely convenience that is one of the greatest enemies of control. It does not stem from ill will. It stems from being in a rush, a low battery, client pressure, a delayed flight, a family trip and the belief that a small task means little risk.

The problem is that, for an organisation, it is not the intention that matters, but where the data ends up. If a snippet of a contract, a strategy document, an email from a client or notes from a board meeting is pasted into an unauthorised AI tool, the company may lose control of the information – not because someone has attacked it, but because it has failed to set clear boundaries. In analyses of remote working security, unauthorised productivity tools, including generative AI, are identified as a source of blind spots for IT and security departments.

Working from abroad should not be improvised

Working from abroad is a separate issue. For a manager, this may seem natural: a few days’ holiday, two urgent online meetings, quick access to documents, and the job is done. For the company, however, it raises questions about access policies, data location, client requirements, sector-specific regulations and the level of risk in a given location.

Not every employee should have the same access to the same data from every country, every device and every network. That is why a mature organisation does not stop at asking ‘can I log in?’. Rather, it asks: is access to this data from this location, on this device and in this situation justified?

This is the difference between remote working as improvisation and remote working as a controlled operational model.

What management should decide before the away season

The most important decisions are simple, but they should be made before staff travel, not after an incident. The company should know what data can be accessed outside the office, which devices are authorised for work, whether access to systems is subject to conditions, whether there are clear rules on the use of AI and personal apps, and how quickly it can respond to a lost phone or laptop.

This isn’t about yet another lengthy compliance policy that nobody will read. It’s about a short, clear set of guidelines for real-world situations: at the airport, in a hotel, in a café, when the battery is running low, at the weekend and under time pressure.

Remote working whilst on holiday does not require a manager to become a cybersecurity expert. However, it does require the company to clearly define the boundaries. What data can be taken outside the office? Which devices are permitted? Which tools are allowed? What should be done if a device, network or application is no longer considered trustworthy?

Personal technology has become an extension of the company’s infrastructure. That is why privacy whilst travelling is no longer solely the user’s responsibility. It is part of management’s responsibility.

TAGGED:
Share This Article