Memorial Day in the U.S. traditionally signals the start of the summer travel season. With COVID restrictions declining, many of us are on the move again. As you get ready to travel – whether for personal or business, it’s important to be aware of evolving travel cybersecurity best practices.
For purposes of this article, I’m going to assume your organization already follows good cybersecurity hygiene. That means that you have backups and 2-factor authentication in place, and that your O/S, anti-virus protection, and software are all up-to-date. If you don’t have these things, stop reading and call your IT team immediately to get them set up.
Prepare Your Devices for Travel
The best way to safeguard your devices and information is to leave them home. If you’re traveling for business, use a laptop or smartphone that contains the minimum amount of data you need for this trip. That way, if the device is lost, stolen, or hacked as little as possible will be compromised.
If you do decide to bring your devices, here’s what to do before you go:
- Remove sensitive information such as your name, address, birthdate, Social Security number, stored credit cards, and passwords
- Only keep business data that you will need during the immediate trip
- Change settings so that your device doesn’t automatically connect to new Wi-Fi networks and disable Bluetooth
- Set up the “find my device feature” to track your phone, tablet or laptop if you lose it. It might also allow you to disable or wipe data if the device gets in the wrong hands
- Add a privacy screen to block unauthorized side views and shoulder surfing
- Lock your device with a fingerprint ID or passcode
- Enable encryption at rest, such as BitLocker for Windows or FileVault for Macs.
Carefully Craft Your Out-of-Off Message
Scammers can use details in your Out-of-Office message to impersonate you in phishing attacks. Follow these travel cybersecurity guidelines to avoid giving too much away. Better yet, skip the out-of-office autoreply and instead ask a trusted colleague to check for important messages while you’re out.
Secure Your Smartphone
Your smartphone contains sensitive personal information that can open you up to social engineering attacks, blackmail, and identity theft. In addition, state-sponsored spies target smartphones of business travelers looking for contact lists, business emails, chat histories, photos, and credit cards. This makes it critical to guard your phone while traveling. Keep your device with you or secured at all times.
Assume any device screened as part of border controls has been exploited. Border control agents may take control of your smartphone for any number of reasons. One example would be to check vaccine or health records. Another is to examine Digital Travel Credentials (DTCs), which are the digital equivalent of passports. In the U.S., Customs and Border Protection agents can legally search phones and laptops without a warrant.
So, what should you do to mitigate the travel cybersecurity risks with your smartphone?
- Turn off or lock your device at airport security
- Be cautious about connecting to smart car dashboard systems
- Charge your smartphone in a regular electrical outlet, or use your own battery-powered charging device
- If you must recharge using USB, power off the device before plugging it in
- Consider that conference room microphones, telephones, or video-conferencing equipment may be compromised
- Don’t download any software or use devices offered to you by an unknown person.
Avoid Public Wi-Fi, Use VPN
A common scam is to set up a fake Wi-Fi network in hopes of stealing sensitive information. Before you connect to any public Wi-Fi, such as on an airplane or in an airport, hotel, train/bus station or café, be sure to confirm the name of the network and exact login procedures. You can try purposely logging onto the public Wi-Fi using the wrong password. If you can get on anyway, it’s a red flag that the network is not secure.
Don’t use public Wi-Fi for sensitive information. When conducting business activities, use a Virtual Private Network (VPN) set up by your organization. This creates a secure end-to-end password-protected connection to safeguard your information.
Travel Cybersecurity – When You Get Home
Just like you unpack and do laundry, make sure any devices you travel with are clean and free of malware when you get home. The Federal Communications Commission (FCC) recommends updating passwords on any devices used or purchased abroad. Remember that when traveling in a foreign country their laws and policies around cybersecurity may be different than what you are used to.
Cybersecurity is a global problem that is only becoming more complex. No organization or software has yet developed a solution to completely guard against these threats. This means your knowledge and actions are critical when it comes to protecting you and your organization while traveling. Be aware, and be safe.
Feedback
If you have questions about this article, or if there is an IT topic you would like to know more about please email me your suggestions.
Referral$
If you know of a company that would be interested in the services of Invario, please email me the company name along with the phone number and email for the person we should contact.
That is all you have to do! Upon completion of the onboarding of a new customer, Invario will pay the equivalent of one month of Invario service to that customer. Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.
Referral$
If you know of a company that would be interested in the services of Invario, please email me the company name along with the phone number and email for the person we should contact.
That is all you have to do! Upon completion of the onboarding of a new customer, Invario will pay the equivalent of one month of Invario service to that customer. Recipients that cannot or do not wish to receive a referral payment may elect to have the referral fee donated to a charity of their choice or put into a company entertainment fund.