Travel Smart: Four Tips for Taking Cybersecurity on the Road
Last updated August 1, 2018
Hackers and scammers don’t take vacations. In fact, they feast on tourists and travelers, taking advantage of people when their guards are down or when they’re distracted by other pursuits. The next time you take a personal holiday or a business trip — whether for a quick jaunt or an extended stay — make sure cybersecurity best practices are along for the journey. These four essential travel tips will help keep your devices and data safe while you’re on the road.
1. Stick to the Basics
Many travelers think about packing light when it comes to clothes and toiletries. This mindset should also apply to your mobile devices and personal data. Here’s how to streamline:
- Leave data-packed business devices and materials behind whenever possible. If you don’t think you’ll use it, don’t take it. Ask yourself, “Is this business critical?” If the answer is no, it shouldn’t make the trip.
- Limit the credit cards and personal identification items you take with you; pare down to the things you know you’ll need. Before you go, make a note of the items you’re taking and any relevant customer service numbers. Store that info in a safe place so you’ll have a quick reference in case your wallet is lost or stolen.
- Explore the possibility of using a “disposable” phone and laptop when traveling, particularly if you are an executive, manager, or business insider who deals with highly confidential data. This approach allows you to maintain connectivity without exposing the contact lists, files, and sensitive information that are stored on daily-use devices. If your organization doesn’t support this type of service, make the case for building a small repository of devices that can be issued prior to travel and then be wiped clean afterward.
2. Get Physical
Relatively simple physical security measures can be the difference between keeping data safe and suffering a breach. Dealing with the aftermath of a data breach — whether personal or corporate — is time consuming, frustrating, and (often) incredibly costly. Remember these basic tips to help keep your devices (and the data they contain) secure while you’re on the go:
- Don’t leave devices unattended in public, not even for a few moments. It can be tempting to put your smartphone off to the side while you check your bags at the airport or to leave your laptop sitting on the table while you got to the café counter to get a refill. Thieves are opportunistic; they can snatch up your device in a second while you’re not looking.
- Keep your devices concealed as often as possible, particularly when in a crowded place. Many smartphones — particularly iPhones and newly released devices — are coveted by criminals, and there have been known instances of particularly brazen thieves swiping phones right out of unsuspecting users’ hands and disappearing into crowds. Keep your smartphone tucked safely in an interior pocket of your jacket or bag when not in use, and consider using a wireless headset if you are “walking and talking.”
- Securely store your devices if you leave them behind. Naturally, your safest bet is to keep items with you, but sometimes that’s not practical while traveling. Remember that a hotel room is not secure; many people have access, and staff members often enter your room while you’re not there. A hotel safe is a better choice than leaving items out in the open or barely concealed in a suitcase (though even these safes shouldn’t be trusted to adequately secure devices that hold highly confidential data).
Check out our additional tips specific to international travel.
3. Share Smart
Would you be comfortable broadcasting on the radio that your house will be empty for a week while you’re on vacation? Would you hand you smartphone’s contact list to a complete stranger? Travelers often do the equivalent without even realizing it. Here’s how to keep your private information on lockdown:
- Turn off location tracking and be very selective about "check-ins." In this age of social sharing, people freely reveal their favorite haunts and places to visit. The problem is that, before long, your routines and habits are spelled out for the world to see. These activities reveal where you are, but they also reveal where you aren’t. Automatic check-ins are particularly concerning, as they can accidentally reveal information you don't want to share (a confidential business trip or meeting spot, perhaps). Keep in mind that scammers and criminals like to tap into schedules because it gives them more information about who you are and what you do.
- Save the vacation posts until you’re back home. As with check-ins, the social updates you post while you’re out of town make it clear that you’re not at home and you’re not at your office. Many people have hundreds of social connections and followers, and a vast number of those online relationships are superficial. If you’re 1,000 miles away and you let everyone know that you’ll be off the clock for a week, you create a window of opportunity for a criminal to climb through. Though it’s tempting to detail your travels in real time, it’s important to consider the potentially negative ramifications of sharing this information.
- Be careful about Bluetooth connections. You may think nothing of pairing your smartphone to rental cars and other convenience devices. But did you know that information is sometimes stored after you terminate the connection? That means your contact lists and other data could be left behind on, for example, a car that doesn’t belong to you. Before you turn in your keys, make sure your data has been deleted.
4. Be Cautious of Open WiFi
Many people set their phones to find and connect to accessible WiFi networks. While this approach can help reduce your mobile data consumption, it can also expose you to significant risks. Open WiFi — whether paid or free — must be approached with caution. Why? Because any WiFi network not protected by a password is vulnerable to attack. Here are some important tips to remember with regard to WiFi security:
- Confirm before you connect. Did you know that names of WiFi networks are manually created? This means that hackers can name networks anything they want. Scammers set up “rogue” and “evil twin” networks with names that sound trustworthy — Airport WiFi, for example — or that are similar to legitimate nearby networks — Official Café Wireless instead of Café WiFi, for example. Once connected to a scammer’s network, your data is in their hands. If you're going to connect, be sure to check with an employee or another trusted source before you access an open WiFi network.
- Limit your activities. The safest course of action with open WiFi is to avoid any activities that could compromise your data, like logging into password-protected sites or performing financial transactions, including checking your bank balance or making ecommerce purchases. It’s safest to handle these activities on known, secure networks.
- If you can’t wait, use a virtual private network (VPN) or https to protect your data. A VPN adds a layer of encryption and security that is valuable when using any unknown connection. If you can use one, do use one. At a minimum, you must ensure that https is present in the web address of any site that requires a login — though you should keep in mind that an https site is not necessarily a safe site, as cybercriminals use this security feature on malicious sites in order to trick unsuspecting users.
- Use a virtual private network (VPN) or https to protect your data. A VPN adds a layer of encryption and security that is valuable when using any unknown connection. If you can use one, do use one. At a minimum, you must ensure that https is present in a web address before accessing a secure site (i.e., webmail, social media, or any site that requires a login). In general, you should avoid logging into any site that requires a password when on an open network and you should not perform any financial transactions on an unfamiliar WiFi network, including checking your bank balance or making ecommerce purchases. It’s safest to handle these activities on known, secure networks.
- When in doubt, default to mobile data. WiFi is tempting because it gives your data consumption a break. But data security should always trump data consumption. If you need to be certain of a secure connection, use your mobile device directly; use your mobile device as a hotspot for your PC; or travel with a standalone mobile hotspot. This is particularly valuable advice for business travelers, given that it’s often necessary to network on the go — and security is a must for business-related activities.
Subscribe to the Proofpoint Blog