Cyber Security for Travelers – Business and Vacations
The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) released a bulletin about cyber security while traveling. This includes tips for internet and electronic device safety for vacationers and business travelers. Commercial airline passengers are especially hurried to reconnect with their office or loved ones upon reaching their destination. Using public non-secure WiFi connections like those found in airports puts their login credentials and devices at risk for identity theft.
Keep Laptops and Devices Patched
Hardware and software continually receive security updates over their lifespans. This is true for everything from laptops, to smart TVs and other IoT devices, for routers, software, smartphones, and mobile apps. Social media apps receive periodic updates as well. Sometimes an update only improves usability features, but many times it patches a security flaw so that it cannot be used by hackers to gain access to your information.
Hackers exploit known vulnerabilities and zero-day security flaws within out-of-date hardware and software to gain access to a device or computer network. When you don’t accept an update, then you are leaving your phone, computer, and money open to hackers. An unpatched device can spread malware to other devices once it connects to WiFi.
In 2017, the entire British National Health Service (NIHS) was halted when unpatched Windows computers used by NHS were infected with WannaCry ransomware. WannaCry spread to Taiwan and parts of Europe. Patched Windows machines were not affected by the malware.
Do Not Use Public Wi-Fi
Connecting to public WiFi is one of the most common cyber security mistakes travelers make. Your home and office WiFi, if set up properly, are secured with a strong password and a firewall. When you don’t protect your internet connection with security measures, then you are leaving all data transmitted on your network open to hackers. That means if you visit a website and enter credit card information, hackers can read, or sniff, your network for your financial information.
The same goes for using public WiFi connections like those found in hotels, shopping centers, coffee shops, airports, or anywhere else except your trusted home or corporate network. Hackers use software called packet sniffers to intercept and record WiFi traffic sent over publicly accessible internet connections. Hackers decode the web traffic to glean credit card numbers, bank accounts, and other personal information they can use for identity theft.
You are transmitting sensitive information any time you use a shared WiFi network. This includes logging into social media accounts or reading your email. Social media accounts contain answers to common password reset questions like, “Where were you born?” If a hacker can sniff the login credentials to your email and get the answers to password reset questions, they can use that information to reset bank account and credit card online passwords.
Use a Virtual Private Network Instead
A Virtual Private Network (VPN) uses encryption technology on top of public WiFi to tunnel out of a shared network and create a secure internet connection. There are many good VPNs on the market – some free and some carry a small fee. Better VPNs can be used to tunnel traffic where government censorship is common.
IPVanish is a good VPN to use when traveling to Mainland China. It can be used to access walled-off social media accounts, news, and Google when the government has access shut down. Tunnel Bear is a good free VPN that works well on Android devices.
Download Mobile Apps from Trusted Sources
Software and hardware all need to be updated from time-to-time. Sometimes an update brings better (or sometimes worse) user features. Many times, an update serves to patch a security flaw. It is important to accept security updates as soon as possible. Hackers know about security vulnerabilities when cyber security researchers do, if not before. Unpatched devices give hackers a chance to launch large scale malware attacks like WannaCry, Ryuk ransomware, Petya, Silex Malware. If you are concerned about data usage, then set your devices to automatically accept updates but only when connected to WiFi.
Do not use USB charging ports in hotels, airports, shopping centers, or otherwise
USB charging ports can steal data. The best way to charge a device is by using a standard wall two-prong wall receptacle that connects directly and only to electricity. USB charging stations and wall outlets can steal information from a device. Even legitimate USB charging ports track devices’ MAC addresses to follow user behavior and frequency of use. Be especially aware of any sponsored “free” charging ports.
Hackers can attach readers to USB charging ports to steal data from the device, like browsing history and stored payment information. The only USB charging ports that are safe to use are the ones in your own home.
Don’t Leave Electronic Devices with Hotel Staff or Anyone Else
Leaving your laptop and other valuables with hotel or conference center staff is convenient but it’s also a good way to have information taken from your device or have it stolen altogether. Luggage, laptop bags, and other possessions are stored out of sight. Often checked bags are not guarded at all and left in unlocked rooms while the bellhop is attending to other customers at a busy hotel lobby. This leaves plenty of opportunities for a hacker to breach your laptop or take it all together.
Thinking of checking your laptop in your checked baggage when you fly? You checked bags are underneath an airport riding conveyor belts and in holding areas for hours before they are loaded into your airplane in the last minutes before your flight takes off. There is a lot of time and dark corners for a thief to steal your data or your device.
When You Get Home
Electronics, devices, and operating systems can be hacked while traveling, even if it was only a day trip. When you arrive at your destination, take time to download antivirus software and scan your devices for malware or other unwanted apps. Change passwords on your accounts especially financial accounts. Don’t use the same password everywhere and avoid the most common hacked passwords.
Michelle writes about cyber security, data privacy focusing on social media privacy as well as how to protect your IoT devices. She has worked in internet technology for over 20 years and owns METRONY, LLC. Michelle earned a B.S. in Engineering from Rensselaer Polytechnic Institute. Michelle published a guide to Cyber Security for Business Travelers