Recommendations for travelers to protect their personal information, accounts and devices in a world of insecure services
That users of internet-based technologies are at risk is news to no one; but these risks are not constant. They rise and fall with almost every step you take. One category of users of technology who are most exposed to vulnerabilities and malicious campaigns are travelers. Constantly moving from one place to another without a secure and private connection makes it quite a challenge to ensure the integrity and confidentiality of your personal data and online accounts.
We collected some key advice to keep in mind whenever you are about to go on your weekend getaway, or on any occasion, where you connect outside the security of your home.
1. Restrict physical access to your devices
Given that you do not know with certainty who will get near your devices, always remember to configure a PIN, password or unlock pattern on all your electronic devices. Be mindful, however, that an unlock pattern can be easily guessed, so a secure password is always the best option. Try, if possible, to have a security solution installed, like ESET Mobile Security for Android, which allows you to remotely manage your device, and, in the case of theft or loss, to find your device, activate its alarms, and lock or remotely wipe it.
If you are taking smaller portable devices or (data) storage, remember, in many cases, it is the data on the devices that hold the most value. During your transport from one accommodation to another, always try to keep all your electronic equipment on your person. Make the extra effort to encrypt storage units like external discs, pen drives, and even the hard disc on your laptop, because this will protect the confidentiality of your data if you should lose these devices.
Use USB Shield protectors when connecting pen drives to your computer or mobile device, and, more critically, when you have lent your storage drive to other people and you can’t confirm with whom and where it has been. This is a common method for spreading malware. Likewise, be careful at USB charging stations, which you can usually find in airports and other public places. They can be altered to execute malware onto your device. Therefore, always use a USB shield protector whenever possible.
2. Secure your data transfer
One of the great disadvantages of traveling is not having a secure means of accessing your data online. Unless they have roaming plans and unlimited budgets for consuming data, most travelers use open networks in public places, restaurants, cafes, and other places of accommodation. Although these are better than completely open networks, they can be quite insecure. Since you do not know who else is connected to the network, nor how well configured it is, there are quite a range of different attacks that could be attempted against your device that will intercept your traffic, such as ARP spoofing or Man in the Middle attacks.
To counter this problem, you can use a VPN service; some of these are free, while others require payment. This can increase the level of security of your data at the moment of data transfer, despite these untrustworthy connections.
Remember to delete the networks to which you have connected, once you have finished using them, in order to prevent attacks from false hotspots. Also remember to deactivate your devices’ Bluetooth and WiFi protocols if you are not using them. Furthermore, be careful in areas where only 2G services are available, since this protocol is outdated and insecure. If possible, bring along your own 4G modem.
On the device side, remember to update operating systems and the applications that you use to protect against vulnerability exploits that can target you on public networks. Check the certificates of the sites you access to avoid homograph attacks, as well as other types of phishing. In addition, be attentive when creating your personal WiFi hotspot with your mobile data plan, making sure to use secure passwords, and remember to turn off your personal hotspot when you are no longer using it.
3. Strengthen the authentication of your online accounts
Unfortunate events can happen, which could even include your username and password being compromised. Even so, you can stop an attacker from hijacking your account by enabling two-factor authentication (2FA). Always use this option. Given that it is possible to lose your mobile or laptop, or that someone can steal it, try to use authentication codes available without the need for a mobile.
Check on the activity of your banking accounts and social networks regularly, to ensure that there is no unusual behavior. Stay attentive to security alerts and change your login credentials if you suspect you have been compromised. The best way to manage your credentials is with a tool like ESET Password Manager, which can create strong and unique passwords for all your accounts.
4. Monitor your privacy both before and during your trip
Many public Wi-Fi networks require that you share your personal data via a gated portal, before letting you connect to the Internet. Usually, this consists of your email address, but some can even ask you to create an account with your personal data in the system. Try not to share your real data, and keep an account with an email address especially for these situations. In this way, you will minimize risks to your real accounts, and avoid putting your data in danger.
These services often include a privacy policy concerning the use of data that will be transferred while you are connected. If you have time, try to take a look at the policy and always use a VPN whenever possible. Some hotels also permit declining the use of your personal data for marketing purposes, which is why it can be a good idea to ask the reception manager for what purposes they will use your data and then share an email address that is not associated with your most important platforms.
While we understand that you are excited for your trip, be careful with the information you publish on social media, since it can be manipulated for malicious ends. When a cybercriminal knows where you are at every moment, that information could be used to contact your family and fake a kidnapping, or to enter your house while it is empty. Publishing photos of airplane tickets with all your information and bar codes is a much worse idea.
5. Protect your purchases online
Online purchases are an inevitable reality while you travel. Plane tickets, bus tickets, hotel reservations and tour packages are just some of the services that you utilize on your itinerary. For greater security, try to use your credit card when you make online purchases, instead of a debit card, because if your credit card is stolen, it is much easier to report and revert the situation than with a debit card. Furthermore, if your debit card is stolen, then you run the risk of finding yourself in the middle of your trip with an empty bank account and no funds to continue your itinerary.
Also be careful when taking money out of an ATM, and check that there are no loose or easily removable parts in the card reader strips where you insert your bank card. You can use a tool like Hunter Cat to detect for a malicious card reader before inserting your card and allowing your information to be skimmed away. In addition, you can also protect your card if it has an RFID chip with a special cover that inhibits the signal, in order to avoid unauthorized purchases or stealing of your data.
If you wish to purchase an electronic device outside of your country, try to find a trustworthy manufacturer that does not have a history of vulnerabilities or of distributing devices with malware.
6. Avoid scams for travelers
Many hurried travelers tend to fall for tempting travel offers that arrive in their inboxes or in their social media feeds, but be careful, because you could become the victim of a trap.
Cyber fraud are scams that try to trick you into giving up your personal information over the internet. You might never come to realize that social engineering techniques are being tried out on you, since these scams can morph with surprising speed, being able to appear, compromise thousands of users, and then disappear very quickly.
Travelers are common targets for these types of scams, as they are accustomed to looking for better offers online. To protect yourself, always use a robust security solution like ESET Smart Security Premium, which can detect attempts to execute malware on your computer. For a bit of extra security, try to reach your desired website by writing the URL directly in the address bar, instead of using the Google search results, in order to limit the possibility of falling victim to black hat SEO.
Check that the link you are visiting belongs to the official organization. If you are sending confidential information, verify that the connection is encrypted with HTTPS – which you can usually observe as a padlock symbol in front of the URL – and that the certificate is signed by a trustworthy organization. Moreover, contact the entity to whom the promotion supposedly belongs via other channels of communication (in person, by telephone or via verified social media profiles) to verify that the message is true.
Remember to follow this advice to keep yourself secure, and we hope you have a great Thanksgiving getaway!