Modern field guide to security and privacy

How to keep criminal hackers from ruining your vacation

Following basic security measures, like leaving extra devices at home and avoiding public Wi-Fi, could be enough to protect your information while you're traveling.

|
Jon Nazca/Reuters
Tourists taking a selfie in southern Spain.

There’s a million things to think about when planning a trip – tickets, transportation, socks. While you’ve probably got a section on your packing list for electronics (don’t forget your charger!), you might not have thought about your devices’ security for the trip ahead.

Especially in unfamiliar environments and on public Wi-Fi, it’s important to keep your digital security in mind.

“This all kind of boils down to knowing your surroundings,” said Lysa Myers, security researcher at the cybersecurity firm ESET. “You don’t know who’s on the network with you or what their intentions are, so it’s best to air on the side of caution.”

That advice is essential for people headed to the Olympics in Brazil, which has become something of a hotbed for internet fraud according to cybersecurity experts.

In fact, US intelligence officials have urged Americans traveling to Rio de Janeiro to bring devices that don’t contain any personal information. The National Counterintelligence and Security Center began a multimedia campaign Wednesday to raise awareness about the digital risk, saying the Olympics are a “great playground” for attackers because of the “sheer number of devices.”

But wherever you're traveling, it's not a bad idea to consider safeguarding your data. Here are eight steps for beefing up digital security both before you go.

1. Try to bring a phone without any personal information

Do some Googling before your big trip, especially if you’re hopping on a flight to China or another country known to engage in corporate espionage. Even if you’re just taking a vacation, consider deleting you work email account from your phone because your company’s communications are valuable.

In fact, mobile devices have proven to be irresistible surveillance targets for foreign spies, and both Russia and China prohibit travelers from visiting with encrypted devices. Scrub as many of your texts, photos and notes as possible. If that's too difficult, consider buying a pre-paid for cheap. 

2. Don’t bring extra tech or info

That includes extra USB sticks, unnecessary backup drives, and even spare business cards of your colleagues and friends that may be kicking around in your wallet. Any extra information someone has about you could be used to attempt to compromise your device or steal your information, said Garry McCracken, vice president of technology at disc encryption company WinMagic.

While you might not travel with USB sticks on vacation, you might for a business trip.

“If your bag gets stolen or somebody goes through it at an airport or at a hotel room, there’s no sense in giving them extra information. And you don’t even know what you’ve lost if you’ve got a two-year-old memory stick in the bottom of your bag,” said Mr. McCracken.

3. Use strong passwords

That means you need to a password in the first place. Setting a password prevents someone from gaining access to your device just by turning it on, ESET’s Ms. Myers said. Make sure, too, that your password is strong.

“If you have a passcode on [a device] or a biometric scan like a thumbprint,” she said, “that makes it a lot harder for criminals to be able to do anything with it.”

To go a step further, Myers recommends changing passwords again once you return from your trip.

“A smart security person will change their passcode to something that they don’t use anywhere else while they’re on that network, and change it again when they get back home again,” she said. This prevents someone from continuing to access the device if the password is compromised.

4. Update software

A quick way to bolster digital security is making sure you’re running the latest version of your device’s software. This prevents would-be attackers from exploiting any known vulnerabilities in older software and delivering malware through fake software updates. It’s important to do this step at home, Myers said.

“There are a lot of scams that are already out there where they will try to target people on hotel networks with what look like software updates,” she said. “If you’ve updated them at home, you can just ignore whether that’s real or not until you’re back home again.”

As a bonus incentive for doing this at home, Myers noted that the often-crowded public networks make downloading updates slower. Updating at home can make the process less painful.

5. Encryption is your friend

Encrypting your devices helps protect your information from being compromised if someone steals your device or has direct access to it without your knowledge. Even if they were to make off with your machine, any data they pull off of it would be unreadable because they don’t have the encryption password that you set.

“Encryption is always a good idea,” Myers said. “If you lose your device and it’s encrypted, that leaves much less useful info for the thief to get a hold of.”

For your computer, that can mean full-disk encryption, where all of the information stored on a hard drive is coded so that only the person with the encryption password can read it. Or, you can opt to encrypt select files. Learn more about encryption for your computer here. Your phone might already have encryption by default enabled if it’s a new iPhone. Otherwise, you’ll need to enable full-disc encryption on your Android or older iPhone.

6. Keep devices with you 

WinMagic’s McCracken recommends keeping your devices with you as often as possible to avoid what is known as an “evil maid” attack. According to McCracken, the attack can happen if someone has access to your device without your knowledge, loading keystroke-logging software onto your device to track what your encryption password is as you type it when you boot your machine back up.

The attacker can collect your password later by gaining access to your device again. It’s called an “evil maid” attack because someone could pose as a housekeeper in a hotel and pretend to clean your room while instead compromising your device.

“If you’re careful, then you can even thwart an evil maid attack,” McCracken said.

One way, he said, is to use self-encrypting drive software. This limits the available space on a hard drive to prevent an attacker from downloading software onto the computer. Another option is to use two-factor authentication.

Cryptographer Bruce Schneier wrote on his blog that secondary authentication to verify your identity creates an added layer of complexity. While this won’t entirely thwart this kind of attack, “it’s more work than just storing the password for later use,” he wrote.

7. Avoid public Wi-Fi

Public Wi-Fi is an easy place to carry out man-in-the-middle attacks, where a third-party eavesdrops or changes your Internet traffic. It’s especially a concern on public internet because anyone can connect to it. Myers recommends staying away from public Wi-Fi if possible, but if you must use it, make sure you’re connecting to the real network. That means enabling the “ask before connecting” setting on your device so you don’t automatically connect to an open network.

“Always select the option of having it ask you first,” she said, “because you don’t really know who’s going to be in charge of that Wi-Fi, if it’s an official Wi-Fi network or if it’s a rogue network that someone’s set up to look like an official network.”

What's the best way to tell the difference between a real network and a fake one?

“Ask,” she said. “If you’re not sure, there’s someone nearby like an information desk where they will know what the real network name is.”

8. Beware of Bluetooth connections

Finally, disable your device’s Bluetooth connection when you aren’t using it. Attackers can exploit an active Bluetooth connection to steal your contacts, listen in on your calls, and remotely access your phone. Especially when renting a car with wireless connectivity, your device could automatically pair with the vehicle, exposing your contact information, Myers said.

“If you can turn that off, it’ll save you a lot of potential heartache,” Myers said.

For more tips on upping your digital security, check out privacy nonprofit the Electronic Frontier Foundation’s “Surveillance Self Defense” and ProPublica reporter Julia Angwin’s tips for increasing your Internet security.

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to How to keep criminal hackers from ruining your vacation
Read this article in
https://www.csmonitor.com/World/Passcode/Security-culture/2016/0629/How-to-keep-criminal-hackers-from-ruining-your-vacation
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe