The time has come….finally. Travel restrictions are lifting and more people have received the COVID-19 vaccine. Vacation plans are becoming reality and in-person conferences and events are taking shape. According to recent reports, more than 70% of Americans plan to travel in 2021. Whether for business or pleasure, it’s important to keep cybersecurity measures top of mind while planning your first post-pandemic journey.
Cyber threats don’t take a vacation, and security risks actually rise for travelers. You see, cyber criminals usually take aim at the easiest targets. Inevitably, personal travelers are prone to letting down their guard when the brain switches to vacation mode. But personal and business travelers alike are susceptible to travel stress, as normal routines are upended and quick decisions are often required. Out of their comfort zones, travelers are more vulnerable to malicious attacks.
Being aware of potential security risks and taking action to avoid them are key to assuring your travels are not troubled by a stolen device, compromised credit card, or a business data breach.
Don't let cyber risks derail your travels
Understanding where security risks lie is the first step in becoming a cyber-savvy traveler. There are three main risk areas: compromised travel sites, physical threats, and connectivity interference.
In 2018, 82% of travel bookings were made online using a mobile app or website. This includes travel reservations, accommodations, excursions and experiences, opening up a huge opportunity for cyber criminals. They post fake travel and tour websites that look very convincing to unsuspecting travelers. These infected sites deceive visitors into entering their credit card and other personal information.
Another cyber threat affects actual legitimate websites with an ad or link that is compromised with malware. The visitor clicks on the ad or link assuming it’s trusted due to its association with the legitimate site, and are led to a compromised website ready to scrape sensitive data.
Physical threats are probably the most common travel security risks that come to mind. Lost or stolen devices are a serious cyber threat. When navigating through airports, train stations, or bus terminals with multiple bags and other companions – even children – with their bags, it is tough to keep track of everything. Misplacing a phone or leaving a device unattended in a bag even for just a moment can be enough time for an opportunistic cyber thief.
And, just like at home, it’s important to consider how you carry devices securely while sightseeing and enjoying your location. A friend of mine had her iPhone pick pocketed while on vacation in Paris. Although she didn’t let it ruin her trip, she lost a lot of photos, had to wipe her phone, and deal with the nuisance of replacing it.
Connectivity interference is the last major cyber threat group. It is also one of the hardest to combat because it is in direct opposition to a competing value proposition – convenience. Connectivity risks happen when a hacker interferes with a device or connection path.
Public Wi-Fi networks, shared public devices, and even public charging ports are all susceptible to connectivity interference. Connecting to a compromised network can load malicious code onto your personal phone or tablet or business laptop and may lead to stolen credentials or financial data. Likewise, accessing sensitive business data from the shared devices in your hotel business center may also put you at risk of a data breach if that public computer was previously compromised.
Virtually every piece of mobile technology that we own carries some sort of information valuable to cyber criminals. Credit card information, financial data, logins, secure business data are all common data points hackers are targeting. Even if your device doesn’t store this information, you may use it to access that data. And once hackers have found a way onto your device, they can load malicious software to capture sensitive logins and data the next time you access it.
Cyber security measures before you even leave home
Protecting your digital footprint while traveling should begin before you even leave home. The more steps you take to avoid risks ahead of time, the better prepared you will be.
- Be a Cyber-Savvy Travel Shopper
When booking travel arrangements online, or any associated excursions or event reservations, thoroughly examine the website you are registering through. Even if the site is legitimate, if it leads you to another page for registration, inspect that page as well before entering any personal or financial information. If something seems off, contact the company directly and book over the telephone. Better to go old-school than to be a victim of a cyber attack.
If a site accepts online booking, be sure they are using a secure connection. One way to confirm this is by looking at the website address. Legitimate sites should display “https://” at the beginning of the URL address. This signifies that the website used Hypertext Transfer Protocol (HTTP) coupled with Secure Socket Layer (S) protocol to encrypt data over a secure connection. If there is no “s” at the end of the “http”, steer clear.
- Update Devices and Software
As cybersecurity threats change, software and hardware providers like Microsoft, Apple, and Dell issue security patches and updates to protect your technology from modern security attacks. Before you even pack your bags, confirm that your devices and software are up-to-date and, if not, run those updates before you leave. This ensures your systems have the most recent security updates and protection.
- Review/Set Device Security Features
Review your devices’ security features and make any appropriate changes. Be sure to turn on phone tracking with Find My Device or Find My iPhone. Also, consider in advance any posts you might make on social channels like Facebook, Instagram, or LinkedIN. Consider waiting until your return to post photos and memories. If you need to post while on vacation, set up a separate group of trusted family and friends and only post to that group. If your work expects you to post updates during a conference, you might ask to post directly on the company’s social channel rather than your own.
- Enable Multifactor Authentication (MFA)
MFA has quickly become a standard security practice due to its effectiveness in securing access to devices and systems. Even the State of NH’s vaccination website required MFA to book a COVID-19 vaccine appointment.
MFA is a verification method that requires a person to present two or more pieces of evidence that validates their access to a system. The first is usually some sort of password or PIN (something the user knows.) Other pieces might include something only the user has, like a security token or code sent to their personal phone via text or app like Google Authenticator. And yet another evidentiary piece might be something the user is, like biometric measures of fingerprints and facial recognition.
- Encrypt Your Data
Encryption software jumbles up the data on your device making it virtually unreadable without the encryption key (password). Many modern Android phones and iPhones encrypt data by default, but you should also consider encrypting your laptop. Should a laptop be lost or stolen, it is much easier to access unencrypted data. If you are traveling for business and your company laptop is not currently encrypted, talk to your manager about the possibility of adding encryption prior to your trip.
- Use Secure Travel Passwords
Think about the devices and applications you may need to access while traveling. Consider changing passwords for devices and any sensitive apps to a temporary “travel” password that is something you will use just for that trip. This will ensure it is completely different from any other passwords or passcodes you use. Should any of those logins become compromised, it will also allow you to track the breach to the trip as well.
- Disable Auto-connect for Wi-Fi and Bluetooth
Many people are not aware that their devices’ Wi-Fi and Bluetooth settings are commonly set to "On" by default. This means that your device is constantly actively searching for open connections. Should you walk into a coffee shop or a hotel lobby, and the Wi-Fi is open without a password, your device will automatically connect to it, even without your knowledge.
This puts you at risk to becoming exposed to compromised public networks without even knowing the risk existed. By turning off auto-connect on both Wi-Fi and Bluetooth, you remove the ability for your phone to connect automatically.
Cyber security measures while traveling
The first trips after the pandemic lock-down will, of course, generate excitement and enthusiasm for the next normal. Still, by taking a few measures to remain cyber vigilant, you’ll ensure your travels go smoothly.
- Lock, Close, and Store Devices
When not using your phones, tablets, and laptops, make sure they are locked and closed. This makes it impossible for anyone to view your screen or access your system without your knowledge.
Likewise, make sure you store devices securely. Use the hotel safe or lock electronics in your bags if you are leaving them behind. If you are carrying them with you, make sure they are secure on your person. Don’t stick your phone in your back pocket while sightseeing or leave a device out on a café table where you could leave behind more than just left-overs.
- Only Connect to Trusted Connections
Be extremely wary of public Wi-Fi. If possible, use your own wireless hotspot via your smartphone. If you must use a public Wi-Fi connection, always use a virtual private network (VPN). A VPN creates a secure connection for you so others can’t see what you are doing and what data you are accessing. Although a VPN may be a bit slower, it’s worth it. If you do connect to Wi-Fi without a VPN, avoid accessing any sensitive financial data or business networks. And always make sure you disconnect from the Wi-Fi as soon as you are finished.
- Use Only Personal Charging Devices
Public charging stations have popped up in airports, hotels, cafes, and other common travel areas. “Juice jacking” occurs when a hacker compromises a public USB port with malware. When an unsuspecting traveler plugs their phone into the port, the malware is loaded onto the device.
Although it is very tempting when your battery is near empty, it is best to avoid plugging into public charging stations. Use your own portable charger or your own power cord and a regular electrical outlet to restore your battery. If you absolutely must recharge via a public USB port, power off the device before plugging in.
- Never Access Business Networks on a Public Device
If you must use a shared device in the hotel or conference business center, do not log into your business network or access sensitive data. Although these centers are set up for the convenience of attendees, you cannot be assured of the security of their configuration or have any control over who accessed the device before you. Limit activity to non-sensitive actions like checking the news and weather or looking for local restaurants.
Cyber security measures when you return
As you return home having followed the first eleven steps, you can rest assured that you have hit the home stretch in the best and most secure position possible. Still, there are two more actions you should take to remain a cyber-savvy traveler.
- Reset Passwords
Whether you used travel credentials or not, we recommend changing passwords on any accounts you accessed over public Wi-Fi without a VPN connection. If you did use travel passwords, change them now regardless of how you connected so you can retain tracking on the off-chance that you were compromised by some other means.
- Monitor Accounts for Unusual Activity
No matter how cyber secure you believe you were in your travels, there is always the chance that you were compromised in some manner. Cyber hackers are always changing the game. Therefore, it’s a good idea to monitor email, financial accounts, and your business data for any unusual activity following a trip. By intentionally looking out for suspicious activity, you can catch a problem more quickly and take steps to close any breach as soon as possible.
With the recent news about phishing scams and ransomware attacks, cybersecurity has become increasingly, and rightfully, top-of-mind. However, planning trips and travel itineraries is an area where excitement, anticipation, and convenience can trump what might be considered mundane security tasks. Following the thirteen steps above will ensure that you have successful and safe travels!