Safe Travels
While it’s always important to develop good cybersecurity habits (updating devices and apps, using strong passwords, enabling multi-factor authentication, etc.), travel brings an additional set of cybersecurity considerations that many people may not think about. Whether traveling for business or pleasure - domestic or international - taking a few extra precautions could make the difference between having the time of your life or having the worst trip ever.
Before You Go
Update your mobile devices. Treat your mobile device like your home or work computer. Keep your operating system software and apps updated, which will improve your device’s ability to defend against malware. Updates often include tweaks that protect you against the latest cybersecurity concerns. Sign up for automatic updates, if you can, and protect your devices with anti-virus software.
Back up your data. Back up your contacts, photos, videos, files, and other mobile device data. You can back up your data on the cloud, on an external device like a hard drive or, preferably, both. That way if your device is lost, stolen, broken or compromised, you won’t lose all your data.
Keep your devices locked. Get into the habit of locking your device when you are not using it. It only takes a few minutes to steal or destroy your information. Set your devices to require the use of a PIN, passcode or biometrics to unlock it. This will help protect your information if your device is misplaced or stolen.
Know the country you are traveling to. Be aware of security restrictions , including encryption and export controlled data. Many foreign countries do not permit encryption software to be imported or used without prior approval. For example, China requires international travelers to apply for a license to use encryption software before arrival.
Protect your data. Only bring the data that you need. If you don’t need the data during your trip, delete it on each device you bring with you. Store the data you do need in secure applications.
Bring only the devices you need. If you can leave a computing device at home, do so. Do you need to bring your smartphone, tablet, and laptop? Could you leave one or two behind? If traveling on business, ask about using an encrypted loaner if possible. When traveling to a high risk area, consider purchasing an inexpensive disposable phone when for the trip. Be strategic about your choices—a tablet or smartphone could be a better option than a laptop because those devices can often be more secure and easier to keep up with.
Check your settings. Check the privacy and security settings on web services and apps. Set limits on how and with whom you share information. You might want to change some features, like location tracking, when you are away from home. Set your security software to run regular scans. You may also want to set up the “find my phone” feature if applicable. Not only will this feature allow you to locate your phone, it gives you the power to remotely wipe data or disable the device if it gets into the wrong hands.
Pack your own chargers. It’s dangerous to power up using the . Hackers sometimes embed their connections at public charging kiosks - such as airports, hotels and coffee shops - or install charging cords with malware so that they can steal data from your phone.
While You’re There
Connect securely. Before you connect to any public wireless hotspot – like on an airplane or in an airport, hotel, train/bus station or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Using your mobile network connection is generally more secure than using a public wireless network. Do not accept any unexpected Bluetooth connections. Do not connect to any unknown networks. Do not transmit personal info or make purchases on unsecure or public Wi-Fi networks. Don’t access key accounts like email or banking on public Wi-Fi. Instead, create a personal hotspot with your phone and securely connect through a Long-Term Evolution (LTE), end-to-end encrypted channel. Alternatively, use a Virtual Private Network (VPN), which provides an encrypted method of accessing the internet in public settings.
Stop auto-connecting. Disable remote connectivity and Bluetooth. Some devices will automatically seek and connect to available wireless networks. Disable these features so that you only connect to wireless and Bluetooth networks when you want to. If you do not need them, switch them off.
Guard your mobile device. Thieves often target travelers. Never leave your mobile devices–including any USB or external storage devices–unattended in a public place. Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room. Meal times are optimum times for thieves to check hotel rooms for unattended laptops. If you are attending a conference or trade show, be especially wary — these venues offer thieves a wider selection of devices that are likely to contain sensitive information, and the conference sessions offer more opportunities for thieves to access guest rooms. Ensure your devices are always with you while traveling. If you can’t bring them with you, lock them in your luggage or a safe. Hotel safes are not always secure, so if you leave them in a safe, be sure to lock the device and turn it off before leaving it. Never hand your devices to strangers, even briefly.
Be aware of your surroundings. Be aware of who and what’s around you when working with sensitive information. Cameras and eavesdropping people can steal information or passwords. Cover cameras and muffle microphones during confidential meetings or when discussing personal information.
Do not accept or use portable media given to you. Assume it has malware or tracking software on it.
Do not use public computers or charging kiosks. Hotel business centers, libraries, and cyber cafes provide computers that anyone can use. However, travelers cannot trust that these computers are secure. They may not be running the latest operating systems or have updated antivirus software. Cyber criminals may have infected these machines with malicious viruses or installed malicious software such as a keylogger which, when installed, captures the key strokes of the computer’s users. Through this malware, criminals are able to steal personal information, such as name, credit card numbers, birthdates, and passwords. If you must use a public computer, keep your activities as generic and anonymous as possible. If you log into personal accounts, such as email, always click “logout” when you are finished. Simply closing the browser does not log you out of accounts.
Protect your passwords. Take extra precautions when traveling to help prevent bad actors from stealing your credentials. Do not enter your username and password on any device that is not your own. Consider changing your credentials for your trip, then changing them back when you return home.
Actively manage location services. Turn off location services when not in use, and consider limiting how you share your location on social media. Remember, photos and videos can tag your location in their metadata, so be sure that setting is off if you’re posting photos while you’re away. If you have set up the “find my phone” feature, it will still work with your location turned off.
Think before you post. Think twice before posting pictures or comments that indicate you are away. Wait until you getting back to share your magical memories with the whole internet. You might not want everyone to know you aren’t at home. Also, if you are being targeted while abroad, you might not want to let bad actors know that it’s a good time to break into your hotel room or where they can find you.
Be extra cautious when travelling overseas. Try to limit any banking or other sensitive transactions. Restrict using debit cards—which offer less financial protection than credit cards. Avoid ATMs, but if you absolutely need to make a withdrawal, only use ATMs located inside reputable banks because these locations tend to offer greater security. When paying for a transaction with a credit card, use the chip reader rather than swiping your card when possible. You could also use Apple Pay or Google Pay, neither of which exposes your real credit card info to the merchant.
When You Get Back
Save your data. Copy data created during travel to a secure external device.
Reset everything. If you used a loaner device, delete all personal data stored on it. This includes files and images saved to the hard drive as well as clearing browser history. If you purchased a disposable phone, reset it and discard it before you get home. Reset credentials you used during the trip. Consider credentials you used during the journey to be compromised. Use a trusted computer to reset credentials that were used during the trip.
Double-check your accounts. When you’re in the safety of your own Wi-Fi connection, it’s a good idea to double-check your accounts to make sure your information wasn’t compromised while you were traveling. Be sure to check your bank accounts, credit cards, social media accounts, and email accounts. Report any suspicious activity immediately.