Blog

Corporate Secrets at 30,000 Feet: A Wake-Up Call for Business Leaders

Introduction

Last weekend, I boarded a simple domestic flight—nothing glamorous, just another leg in my usual travel routine.

I had my Canon camera slung over my shoulder, a notebook in my carry-on, and a quiet determination to catch up on some reflection while cruising 30,000 feet in the air.

But what I saw left me thinking about something much deeper than travel or schedules.

Across the aisle, a corporate consultant opened his laptop before take-off.

Within minutes, I could see his client presentation—complete with budget breakdowns, logos, and confidential notes.

A few rows ahead, a senior manager was on a loud call discussing staff restructures, naming names, and projecting layoffs. Nearby, someone connected to the in-flight Wi-Fi to send files via a free email service—without using a VPN, without hesitation.

And I sat there, as someone trained in human intelligence and counterespionage, thinking:

Do they even realize how exposed they are?

The Danger You Don’t See: Social Engineering in Transit

When we talk about data theft, most people imagine cybercriminals working behind screens—writing code, breaching firewalls, and deploying malware.

But in my world, where I’ve worked for decades as a human intelligence and investigation expert, the most effective breaches happen not through devices, but through people.

In the field, we trained to read faces, anticipate vulnerabilities, and quietly extract information without raising alarms.

I’ve sat in cafes, on trains, in boardrooms, and yes—on airplanes—where I’ve watched individuals unknowingly reveal critical data.

Not because they were careless, but because they were comfortable. Distracted. Unaware.

Social engineering isn’t about hacking systems. It’s about exploiting trust.

I am not the only one who is trained in how to gather information through conversations; there are hundreds of trained operatives who will manipulate environment and attention and assess what people willingly give away just by being observed.

And the tactics haven’t changed much over the years—because they still work frighteningly well.

Difficult it is when one person is elevated from being a person of interest to a target.

Here are a few real-world methods I’ve seen used time and again in transit:

  • The Lounge Observer: Blending into a business class lounge, listening for keywords, watching for keystrokes, collecting fragments—each piece a puzzle that leads to something valuable.

  • The Friendly Stranger: A classic technique. Establish rapport. Mirror language. Show subtle interest. Let the target do the talking. You’d be surprised what people share when they think they’re just chatting to someone like them.

  • The USB Drop: One of the oldest tricks in the book—and still effective. Label a drive “Confidential Payroll” or “Q3 Strategy.” Leave it in a visible location. Curiosity often does the rest.

  • The Shoulder Surfer: I’ve observed everything from client billing details to internal HR conversations just by glancing at a laptop screen on a flight or in an airport cafe. I wasn’t the only one watching.

These tactics don’t require sophisticated tools or elite training. They require presence. Patience. Psychology.

Many of the individuals I observed on my most recent domestic flight weren’t breaking any rules—they were simply doing their jobs.

But they were doing them in the open, in an environment full of unknowns. Without privacy screens. Without VPNs. And without realizing that their “mobile office” is in fact a public arena.

And it’s not just anecdotal.

The IBM Security Report (2023) concluded that over 95% of cyber breaches are linked to human error. Not poor software. Not weak infrastructure. People.

Another report published by Forbes Travel Intelligence found that 60% of business travelers use public Wi-Fi during layovers or flights, and most don’t enable protection tools like VPNs.

And while “juice jacking” may sound like science fiction, the FBI officially warned against public USB ports last year due to documented cases of malware infections from airport kiosks.

These risks aren’t theoretical. They are routine.

The Modern Office Has No Walls

Here’s the uncomfortable truth:

We’ve turned airplanes and airports into floating, digital offices—but without the walls, locks, or discretion.

From economy seats to airport lounges, professionals are working on sensitive contracts, client accounts, and confidential negotiations in plain view of hundreds of strangers.

Many of them believe that because they are flying domestically, the risk is minimal. After all, who would spy on a flight from Brisbane to Melbourne?

But espionage doesn’t discriminate by distance. It follows opportunity.

I’ve noticed corporate spies hop on short-haul planes solely to follow a target.

People in business have lost millions of dollars’ worth of contracts due to unknowingly taped conversations.

It only takes one moment of carelessness—one slide, one file, one name spoken too loudly—for a competitor, a scammer, or a rogue actor to gain the upper hand.

What Should We Do?

I’m not saying we should stop working while traveling. I understand deadlines. I live on the road too. But there is a smarter way.

Here’s what every professional and organization should start doing—immediately:

  1. Organize and implement training for your employees in industrial espionage prevention. Implementing effective training for your employees in industrial espionage prevention is crucial for safeguarding sensitive information. By educating staff on identifying potential threats and establishing best practices, you can create a culture of vigilance that protects your company’s valuable assets.

  2. Raise awareness internally: Treat information security as a culture, not a checklist. Train staff not just on phishing emails but on physical and verbal discretion.

  3. Ban confidential work in transit: Set clear boundaries. Sensitive documents, high-level calls, and contract negotiations should be off-limits during transit.

  4. Use privacy screens: If you must work, use a screen filter that prevents side-angle viewing.

  5. VPNs only: Never connect to open Wi-Fi without a VPN. Better yet—use mobile data tethering.

  6. Power safely: Avoid public USB charging stations. Use your own cable plugged into AC power.

  7. Think before you speak: Assume everyone around you can hear and understand. Even in domestic lounges.

What Are We Really Risking?

The most valuable commodity in business isn’t stock, real estate, or even time.

It’s information—and by extension, trust.

Once your client’s data leaks, or your strategy is exposed, you don’t just lose a competitive edge—you lose credibility.

And that’s not easy to win back.

As someone who has worked in human intelligence and investigations across war zones and boardrooms, I can tell you this:

The greatest threats rarely announce themselves. They don’t come through the front door. They smile at you in the queue, compliment your luggage, and sit beside you on the plane.

So next time you fly, ask yourself:
Who’s really watching?

And more importantly—what are you showing them?

This post was written by Mario Bekes