Tech Today with Ken May
Cybersecurity While Traveling
While your network at home or at work may be secure, you should assume that any network you connect to when traveling cannot be trusted. You never know who else is on it and what they may be doing. Here are some simple steps that go a long way to protecting you and your data before you travel:
- The safest information is information you don’t have. Identify what data you need and only bring that information. This can significantly reduce the impact if your devices are lost, stolen, or impounded by customs or border security.
- Lock your mobile devices with a strong passcode. if it’s stolen or lost, people cannot access your information on it. Also, enable full disk encryption. For most mobile devices, this is automatically enabled when you use a screen lock.
- Install or enable remote tracking software. Some kinds can even remotely wipe the device.
- Update all your devices’ applications, and anti-virus software before leaving. Many attacks focus on systems with outdated software.
- Do a complete backup of all your devices. This way, if something does happen to them while
traveling, you still have all of your original data in a secured location.
Once you begin your travel, ensure the physical safety of your devices. For example, never leave your devices in your car where people can easily see them, as criminals may simply smash your car’s window and grab anything of value they can see. While crime is definitely a risk, according to a recent Verizon study, people are 100 times more likely to lose a device than have it stolen. This means always double-check that you still have your devices when you travel, such as when you clear security at the airport, leave a taxi or restaurant, check out of a hotel room, or before you disembark from your airplane. Remember to check that seat back pocket.
Accessing the Internet while traveling often means using public Wi-Fi access points, such as ones you find at a hotel, a local coffee shop, or the airport. There are two problems with public Wi-Fi: you are never sure who set them up and you never know who is connected to them. As such, they should be considered untrusted. In fact, this is why you took all the steps to secure your devices before you left. In addition, Wi-Fi uses radio waves, which means anyone physically near you can potentially intercept and monitor those communications. For these reasons, you need to ensure all of your online activity is encrypted. For example, when connecting online using your browser, make sure that the websites you are visiting are encrypted. You can confirm this by looking for ‘HTTPS://’ and/or an image of a closed padlock in your address or URL bar. In addition, you may have what is called a VPN (Virtual Private Network), which can encrypt all of your online activity when enabled. This may be issued to you by work, or you can purchase VPN capabilities for your own personal use. If you are concerned that there is no Wi-Fi you can trust, consider tethering to your smartphone. Warning: this can be expensive when traveling internationally. Check with your service provider first.
h/t: SANS Ouch! 02/17