The summer travel season is right in front of us. While the jungle may not be your intended destination, that’s exactly where you’re likely to find yourself. When you walk out the door with your smartphone and laptop, you become a high-value target. Your individual privacy and your employer’s valuable data is at risk, sought after by attackers eager to get their paws on it.
But don’t fret. Here are some simple (and free) steps you can take to keep your information safe when travelling. If you like these tips, check out my recent webinar that goes into more depth about security precautions executives and employees should take when travelling or working remotely.
Beware of rogue Wi-Fi access points and unmanaged networks
While mobile hotspots in coffee shops and airports are convenient, shared computers and free Wi-Fi are easy attack zones. Wi-Fi skimming, in which anyone on the public network can “sniff” your traffic, is a common tactic. Public Wi-Fi networks may appear legit, but some are specifically designed to dupe connected users Fake hotspot registration pages -- designed to look like the real deal -- entice you to hand over your credit card information. Public computers may be infected with malware or in the hands of keystroke loggers.
- Avoid using public computers to login to your company’s network.
- Use Virtual Private Network (VPN) connections on your connected devices to secure your internet connection and your encrypted traffic, especially on public Wi-Fi.
- Use a personal VPN service, such as Private Internet Access, for personal computing.
Always use two-factor authentication
Two-factor authentication is an imperative no matter where you are or what device you’re using. It requires both something you know – such as a PIN or password – and something you have, such as your cell phone. Users input their passwords or protected log-on credentials and a secondary device provides a random one-time use code to authenticate the second log-on step. Most major email programs and many popular websites now offer two-factor authentication. You can see how to do it on Gmail here.
- Turn on two-factor authentication to access your online accounts.
- Visit https://twofactorauth.org to find websites that support two-factor authentication.
Encrypt your laptop and devices to protect data and corporate networks
Illegal access to your computer or device enables attackers to infiltrate corporate networks and steal your files. In some cases, when travelling to foreign countries, border agents reserve the right to examine your computer and possibly copy files. Your privacy is compromised and your data can be exposed. But if your device is encrypted, access to your computer or phone doesn’t mean they can access the data. Full-disk encryption is a strong precaution -- use it at all times.
- Don’t blindly flip on encryption – make sure you understand the basics.
- Fully research encryption options and follow instructions.
- Remember, if you forget your passphrase, it’s difficult to gain access into an encrypted hard drive.
Guard against electronic surveillance
Electronic eavesdropping has been reported on airlines and in hotel rooms, taxis and meeting rooms. When you’re in a public place you should never expect your communications are private. Assume that phone calls and electronic communications are insecure and being monitored by adversaries.
- When travelling to foreign countries, consider bringing a company-owned loaner cellphone, laptop and/or tablet with minimal and non-critical data stored. This limits the loss of corporate and personal data if the device is lost, stolen or confiscated by officials.
- Ensure the phone is encrypted and is set to wipe after a number of failed login attempts.
- Use a single-use email – not your regular business email account – from your company or from an external provider, such as Gmail. Use different passwords than your regular email.
- Don’t carry unencrypted USBs or connect foreign electronic storage devices to your computer or phone, as they may be compromised.
- Avoid enabling Bluetooth and always switch off the microphone, camera and location applications on your computer and devices.
Organizations invest millions of dollars in sophisticated security measures to protect you when you’re on their network. But the moment you step out into the jungle, your choices can make an even larger impact on your security. Be aware and take basic precautions. While security practices may seem inconvenient and burdensome, the stakes are too high to consider cybersecurity an afterthought.
For additional tips, watch my on-demand webinar, Welcome to the Jungle on practical operational security for travelers.
-- Justin Harvey