1. Introduction: From Historical Ciphers to Today’s Need for Security and Confidentiality
The problem of protecting information did not originate in the digital age. As early as the 15th and, above all, the 16th century, the great European powers—most notably the Spanish Empire—faced the need to transmit orders, instructions, and sensitive data without them falling into hostile hands. Under Charles V, a true state apparatus was created for codes, ciphers, and systems of security. At that time, the numerous embassies sent to manage affairs of state were, with due differences, the equivalent of today’s business trips. In a world where long-distance communication was limited to correspondence, ensuring its security was a top priority. Diplomatic and military communication relied increasingly on ciphers and substitution codes. Messages, often carried by couriers on horseback or hidden by travelers—sometimes private individuals—were exposed to interception and theft. Consequently, cryptanalysis became a parallel and necessary art.
This invites a parallel reflection: knowing the past is not only interesting but enlightening. Back then, the goal was to preserve political, military, and sometimes economic secrets, and it was almost exclusively the domain of states, duchies, and empires. Today, however, the need is widespread and involves protecting financial and personal data, intellectual property (a concept that did not yet exist in the early modern era), and corporate strategies. Hence the need for reflection: the concept itself remains unchanged, even if the means have evolved. Those who travel with sensitive information—whether in the public or private sphere—are still potential targets.
1.1. The Historicization of Information Security
Every era has faced the same issue: how to safeguard and transmit confidential information without compromising its integrity.
In the 16th and 17th centuries, envoys and ambassadors of commercial companies—Spanish, Italian, English, and Dutch—carried with them book ciphers and letters of credit sealed with wax, for example. In the 19th century—the age of industrial revolutions, technological progress, and great political and social transformations such as Italy’s 1848 uprisings and its Unification—the advent of the telegraph and thus long-distance communication brought the need for numerical codes, leading into the era of “pre-modern encryption.”
In the 20th century, with the wars and tragedies of its first half, that “short century,” as Eric Hobsbawm defined it, brought humanity new discoveries: the birth of computer science and advanced systems of coding and encryption, such as the famous “Enigma” machine.
This brief overview shows how quickly information security has evolved, and how it has always been a constant pattern accompanying communication, both in war and in peace. Information security is therefore not a static concept, but one that can be historicized—historically determined and evolving in parallel with transmission technologies, from mail carried over sea or horseback to the web—and with the human and economic interests that require protection.
2. The Modern Age: The Corporate Traveler as an Asset to Protect
In the 21st century, corporate communication has become dematerialized: documents, data, and all work and research tools now travel through the cloud, mobile devices, and collaborative platforms. Yet, the physical travel of managers and employees, and their access to information, remain sensitive moments that carry potential risks for both personal and corporate data security.
Laptops and personal devices contain large amounts of sensitive data—valuable both to the traveler and to the company. The use of public Wi-Fi networks further increases the risk of interception, and the loss or theft of devices or data can result in severe economic and reputational damage. The business traveler thus becomes a prime target.
- Technical prevention: encryption of devices, use of VPNs, and multi-factor authentication;
- Behavioral prevention: the role of the individual within the network system is essential. Isolated good practices matter—such as not leaving devices unattended or avoiding sensitive discussions in public places;
- Organizational prevention: clear corporate policies, specific training, and emergency protocols in case of data compromise.
In other words, just as a 16th-century diplomat or ambassador received clear encryption instructions and methods from their sovereign, today’s manager must receive from their company the appropriate tools, guidance—ideally from security-specialized providers—and specific training to protect information while traveling.
3. Cybercrime and Travel: The Convergence of Threats
Cybercrime often exploits travel as a moment of vulnerability. Risks can arise from the fraudulent setup of public Wi-Fi networks, as well as from the physical theft or cloning of devices. Moreover, some countries practice “surveillance by default,” meaning the systematic monitoring of visitors’ electronic communications. The traveler is therefore not merely an individual in motion, but a mobile data node. By moving, they carry potential vulnerabilities that must be anticipated and mitigated.
Companies—especially those with employees who frequently travel—have both a legal and ethical duty of care to ensure the safety of their personnel, by providing:
- Adequate travel insurance;
- Cybersecurity guidelines tailored to business travel;
- Assistance and rapid response systems in case of data loss or device compromise;
- Ongoing training, information, and awareness programs.
A business traveler without adequate protection is, by comparison, like a 16th-century diplomat traveling from Spain to Flanders with uncoded dispatches—a vulnerability that could have devastating consequences for the organization.
3.1. Best Practices for Corporate Travelers
In light of these considerations, several key conduct rules emerge for protecting data and information while traveling:
- Before departure:
- Use travel-dedicated devices containing only essential data;
- Update operating systems and software;
- Enable disk encryption and biometric protections;
- Learn about the legal and regulatory framework of the destination country.
- During travel:
- Use only secure connections, such as a corporate VPN;
- Avoid connecting to unprotected public Wi-Fi networks;
- Never leave devices unattended in hotels or public areas;
- Limit the sharing of sensitive information in open spaces.
- Upon return:
- Perform a security check of all devices (antivirus scan, verify access logs);
- Report any anomalies or suspicions to corporate IT and security offices;
- Restore devices using verified secure backups.
4. Conclusions and Insights
As history shows, protecting information while traveling has never been simple. From encrypted dispatches to the armored briefcases of the 20th century, and now to encrypted laptops and cloud-based access, the evolution of technology has continuously reshaped the same essential challenge: safeguarding information.
For global enterprises, this implies a constant commitment—integrating the concept of travel security into a unified strategy, investing in staff training, providing appropriate data protection tools, and fostering a corporate culture that views security not as a constraint or mere obligation, but as a necessary and valuable resource.
Massimiliano Spiga, Ph.D., is an Intelligence Analyst at Kriptia. He also serves as Director of the Scientific and Cultural Committee and Coordinator of the Observatory on Corporate Crime for Kriptia International.
His research interests, in line with Kriptia’s cultural and scientific perspective, focus on the balance between historical analysis and contemporary reflections—geopolitical and strategic in nature—with particular attention to information analysis and its management in relation to corporate security dynamics.
He is currently conducting parallel research on the relationship between business and criminal activity.