7 Cybersecurity Travel Tips

As we get into the summer travel season, here are a few recommendations to help you security your smartphones, tablets, and laptops.  Let’s remember that even short trips from home to the coffee shop or library can expose you and your devices to risks.

Public WiFi

wirelessWin7-1Wireless access points represent a point of entry when you are away from home.  Most coffee houses and restaurants offering public wireless Internet do so using access points that have not been secured at all.  You can identify open WiFi by the little gold shield next to the connection icon (see image at right.)  If you do not need an access code to log on, this means your wireless connect is not encrypted, and everything you are doing on the Internet can be read by another user who has simple wireless network sniffer software running on their laptop. Email addresses, user names, passwords, and credit card numbers are easily readable on an unsecured access point, and then can be reused by the cyber-thief to access your online accounts and use your credit card.  Also be on guard for fake free wireless connections that may be no more than a man-in-the-middle exploit, where the perpetrator can take over your session, even if it has been properly secured.

Geolocation Services

Many of our devices, especially smartphones, provide location information to other applications we may be using, especially social networks such as Facebook, LinkedIn, Twitter, Pinterest and the like.  You may want to take a look at your phones settings and turn off unnecessary location sharing with apps.

Social Networks

And while we are talking about social networks, posts about your travel experiences, and posting pictures during your trip announce to the world that you are away from your home or business and give crooks an opportunity for straight up burglary.  You may want to wait until you return to share your vacations and other trips with your Facebook friends.  This also means considering how necessary your local logins to locations are.  You need to explain this issue to any family members you are traveling with so they are not supplying this information to their friends, followers, circles, and connections either.

ATMs and Gas Pumps

ATMs and gas pumps can me modified with skimmers and other devices to record the information on the magnetic stripe and surreptitiously video record your keystrokes for PINs and other access codes.  If the ATM looks like it has been modified in any way, you may want to skip the transaction.  Using an actual credit card instead of a banking checking card overs you better protections against fraudulent reuse of your card information.

Public Computers

Using public computers in hotels, coffee shops, or other travel locations carries the risk of a previous user installing a keylogger, a software program that records all keystrokes and reports this information to a control server over the Internet connection.  Computers such as these are fine for general surfing, mapping, news, or weather reports, but reading your email or making online banking or shopping transactions is a bad idea.

Theft of your Device

According to Sophos, “around 100 smartphones are lost or stolen in the US every minute. About 12,000 laptops are lost in US airports every week. In Chicago alone, people lose 120,000 phones in cabs every year. Most of those people never see their devices again.”  The best way to protect yourself against loss or theft is to maintain go physical security.  Lock laptops and tablets out of sight in your trunk, or leave them with the front desk at your hotel instead of in your room.

Locking your laptop, tablet or phone with a password or pass code will prevent a thief from access your data without a password.  Install a locator app or remote wiping app to provide more protection from the loss of your data.  Setting up your online accounts with two-factor authentication will make it more difficult for criminals to log on to your accounts and should make hijacking your online life more difficult.

Using hard drive encryption on your laptop, or encrypting your smartphone means that even if your computer or phone has the hard drive or memory chip removed, any data on them will be unreadable.

Beware of Free Gifts

The most famous free gift was the Trojan Horse that breached the impregnable walls of Troy and gave the Greeks a military victory.  The Trojan Horse malware program is still the number one way that cyber-criminals gain access to your computer or network.

When at trade shows or seminars, consider the free flash drive you just got as another potential source of malware.  It is always a good idea to scan new flash drives for malware before opening any files that came with it, although you still have some risk from the autorun feature in Windows being used to automatically install malware when the drive is inserted into your USB port.  There have been breaches where it was determined that the point of attack started when someone found an intentionally “lost’ flash drive on a parking lot and and on using it, gave a cyber-attacker access to their computer and network.

Charging kiosks also could be modified to swipe your data while the USB charging cord is inserted.  If you need a charge it would be better to use your own charging cord in a standard electrical wall outlet.

And we have already advised against using public computers, and being on guard for rough public WiFi access points.

Conclusion

So as you are busy moving about the world, please take a few moments to employ some of our suggestions to keep yourself safe when away from home this summer.  You will be glad you did.

0

About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com

Add a Comment


This site uses Akismet to reduce spam. Learn how your comment data is processed.