Technology has made travel significantly easier in some ways, such as purchasing flights and booking hotels, but it has also led to new risks for travelers. When you travel, you may in locations that are unfamiliar to you and your devices might be connecting to less trusted computer networks. Devices that are full of sensitive information can be compromised or stolen, leading to problems that can affect your life long after your trip is over.
A few simple steps before you hit the road can make all the difference. Below are some tips on how you can stay safe online and secure your devices and personal information while traveling.
Before You Go
There are a few things you can do before going on your trip to minimize any cybersecurity risks.
Choose What You Take with You
You may own multiple mobiles devices, such as a laptop, tablet and smartphone. If you are travelling with your family for pleasure, they may have one or more devices also. Each device you take on your trip is another device that may be stolen or misplaced. Each device you take may expose the personal information, documents, photos, etc on that device. It is recommended to take as few devices as possible, particularly on trips to locations less familiar to you.
The same applies to your passwords and credentials. If you use a password manager that supports travel mode such as 1Password, you might want to enable travel mode before you depart for the password vaults that you won’t need on your trip or until you get to your final destination. For example, if travelling on vacation, you do really need the password vault containing credentials for your company’s firewall or other security devices? Or if travelling for business, perhaps you enable travel mode while you are in transit and only re-enable once you have reached your final destination where you will need those accesses. Just remember not to prevent your access to credentials that you might need to authenticate to your password manager to disable travel mode!
Require Authentication to Unlock Your Devices
Hopefully this step is unnecessary because all of your devices are already protected with passcode or biometric authentication. But if not, your upcoming travel should be the compelling reason to act. It’s one thing if your device is easy to unlock in your own home, but the implications can be worse when you may be out in public more often, and less familiar places at that. Also consider enabling the option to remote wipe your device after a number of unsuccessful unlock attempts.
Update Device Software
Keeping your devices up to date is good security practice whether you travel or not. It may be more important to ensure your devices are up to date before you travel and connect those devices to unfamiliar networks. Networks in hotels may have bandwidth or download limitations so it is recommended to perform these updates before you travel.
Create a Travel Profile or Account
Use an alternate email account and phone number when making your travel plans and when you travel. You may be making reservations for accommodation, transportation and excursions with companies with which you don’t normally interact. You are likely unfamiliar with how they will handle your personal data, but as we know, even the most established companies can have data breaches and disrespectful handling of our personal data. Try creating a travel profile with MySudo, your primary personal information is protected if someone obtains and misuses the email address or phone number of your MySudo profile.
Make Bookings Securely
As well as using your travel profile, pay attention to the security of the sites you use to book your travel. For example, when booking a tour or day activity, if the tour company requires you to provide your credit card information via email, ask them instead if you can call and provide it over the phone. If a booking website does not use HTTPS, the company clearly has no regard for the protection of your personal information, and no deal is worth it.
During Your Trip
While you’re traveling, you should always keep these tips in mind to protect your devices and sensitive information.
Avoid Public WiFi
There’s no such thing as a free lunch, or free WiFi. Your use of free WiFi is normally exchanged for the overt or surreptitious tracking of your activity by the provider of the service. It can also expose your activity to other devices on the same WiFi network in some scenarios. If you cannot resist the seduction of free WiFi in your hotel, airport or while you take respite in an air-conditioned shopping mall:
- Minimize your use of public WiFi, especially for sensitive services such as banking.
- Enable your device’s setting to “Ask to join networks” so that you have greater visibility and control when your devices are connecting to networks.
- If connecting to the network requires registration, such as at LAX, register using the MySudo profile you created before you left home.
- Once connected, always use a VPN to ensure that your activity remains private from the provider of the WiFi service, along with the chain of companies with which the data may be shared.
- Disconnect from the WiFi network when you don’t need to be connected.
Leave Bluetooth Disabled
Unless Bluetooth is required, leave it disabled. This reduces the risk that a criminal can pair with your device and access your personal information.
Protect Your Belongings
You also need to be careful of people who may want to steal your devices, i.e. physical theft. Pickpockets and thieves who get ahold of your phone, computer, or tablet may be able to gain access to some of your personal information or data. As mentioned above, only take what you need with you, and be aware of your surroundings at all times. No travel is without risk, so don’t avoid the positive experiences of travel – just make the best choices you can.
Be Careful with Your Social Media Posts
It can be fun to share your adventures in real-time on your social media profiles, but this can disclose your location while you are away. Someone could either come find you and attempt to steal from you, or burglarize your home, knowing you’re away on vacation. If you are interested in sharing photos from your travel, perhaps wait until you return home and post them retrospectively. This isn’t always possible, for example, if you are traveling for business to an event, and your role requires you to use social media, you may be expected to tweet “Excited to be an XXX in YYY. Looking forwarding to ZZZ.”.
Don’t Get Juice Jacked
When your mobile devices are low on battery charge, you’ll do almost anything to get another 20% charge, right? Free charging kiosks may require you to connect your mobile device to a computer that can attempt to access and steal sensitive information from your mobile device. Charge your devices in your hotel from wall power outlets to reduce this risk.
When You Get Home
There are a few final steps you can take to help protect yourself, after your trip is over.
Reset Your Passwords
Reset the passwords on any accounts you accessed over untrusted networks and without a VPN. This may reduce the risk of account compromise if your activity was monitored while using those online services. For example, due to an emergency, you may have needed to access your online banking service from an Internet kiosk in order to transfer some money. In this case, changing your online banking password upon your return would be a must.
Also, if you set your password vault account to travel model before you travelled, this is when you would want to enable it again.
Monitor Devices and Accounts
Be on the lookout for unusual activity on your various online accounts, including your email and bank accounts. If you suspect any of them were compromised during your travels, the first thing to do is change the passwords on those accounts and if available in the online service, review the login activity for those accounts.
Decide what to do with your Travel Profiles
If you created MySudo travel profiles when making bookings for your travel, you may need to decide whether you will keep these profiles for future trips, or if you will remove them. You may choose to remove the profile if you start receiving significant spam email or calls, or if the place you travelled was a one-off, e.g. a family vacation to France. You may be more likely to keep and reuse the MySudo travel profile if it was used for recurring business travel, e.g. covering your sales territory in the US south eastern states.
If you want to read more on this topic, these resources might be of interest:
- National Cybersecurity Alliance’s Travel Tips (https://staysafeonline.org/blog/top-tech-tips-for-cybersafe-summer-travel/)
- US CERT guidance on travelling with personal Internet-enabled devices (https://www.us-cert.gov/ncas/tips/ST11-001)
Got a comment? We’d love to hear it! Hop over to our community forum to discuss your favorite MySudo topic, ask questions or get help.