Top 10 cyber safety tips for trips

HackerCould someone be stealing your work-related  or personal data while you travel?

If you have recently traveled outside the U.S., particularly to China or Russia, I have bad news for you because you may have already been hacked.

Check out this article in the NY Times about how dangerous it is now to travel with data and the steps that smart companies are taking to be safe, especially when traveling in China, Russia, or some other countries.

Want to protect your data from being stolen and your personal info from being used for identity theft?

Check out my tips below.

TOP 10 DATA SAFETY TIPS FOR TRIPS

1) Use the “travel laptop” approach. If you must take a laptop with you on your travels, it should be literally empty except for the OS and crucial applications that you plan to use on the trip. When you return back home, format the HD before using it again. Many major corporations mandate that their employees traveling abroad, particularly to China or Russia or other certain countries take this approach. If you bring a laptop with you while traveling and that laptop contains unpublished data, sensitive “sent” or “received” emails, etc., you may very well be unwittingly sharing all of this with cyber thieves abroad. In addition, when you return home that laptop may have a nasty hitchhiker onboard to do more damage or compromise your data further.

hermit crab2) Turn your laptop into a safe “hermit”. If you, like me, must take your laptop with you on trips and you don’t have a spare to use as a “travel” laptop, then most of the time on the trip isolate it from the world by switching off Bluetooth, Wireless (Airport on Mac), the microphone, and the camera. Do not assume that these devices are secure and under your control. Imagine someone watching and listening to you via your computers video camera and microphone or reading your emails over Bluetooth? Creepy, huh? But also very dangerous for privacy of data.

3) Avoid connecting to the Internet through wireless connections at airports. Wireless networks are so convenient for us traveling scientists, but they are hackers’ best friends. Some airports offer wireless  (in some cases for free), while others charge a nominal fee for connecting. Using such networks while traveling is fraught with danger for anyone who cares about privacy. If you’ve traveled recently you might have noticed that when you open your laptop and look for wireless, there are multiple networks that show up even at an airport. Some are computer-to-computer ones, while others seem to be general wireless networks, for example sponsored by the airport, which you might connect to and use. Hackers are now more and more setting up pseudo wireless networks at airports, hoping you will connect and give them unlimited access to your computer. In certain countries even the official airport wireless network may be itself be compromised.

4) Leave your phone at home and use a disposable. Bring a disposable phone with you or buy one in the country you are visiting. Smartphones are basically small computers that can also be used as phones. Private emails and other files on your iPhone or Android phone may contain not just sensitive personal information, but also large amounts of data. A remarkable percentage of electronic devices contain computers these days ranging from cars to thermostats. In fact the U.S. Chamber of Commerce was hacked by people in China, which remarkably used the Chamber’s thermostat as a portal to steal data.

pirate

Even if you “clean” your smart phone by removing any data files that are on it from emails, etc., before you leave, you might get emails on the phone with sensitive attachments during your trip that could be intercepted.

Frankly, I myself would have a hard time not bringing my personal cell phone with me when I travel, but I realize it is risky if I go to certain countries. A key factor is awareness. One simple step that makes your smart phone much safer to use is to simply turn off its wireless connection with only rare exceptions on the trip.

5) Be extra careful with those thumb/flash drives, consider them disposable. Thumb drives are an enormous security risk as the Pentagon has found out the hard way. If you bring your presentation or other data with you on your trip on one of these drives, you can protect yourself  by considering it disposable even it isn’t marketed that way. Flash drives are relatively cheap these days so when you return from your trip, smash

that drive and throw it away. Otherwise you may well be exposing you and your data to long distance hacking.

If you plug your flash drive into a shared “host” computer say at a conference, it is nearly impossible for you to be sure that when you pop out that drive and take it with you that there isn’t a nasty hitchhiker on there. In addition, you should make these “travel” minidrives such that there are no files you care about on them. If you do not observe this practice, when you plug your flash drive into a host computer, at the same time your presentation is being copied onto that computer, the contents of your flash drive may well be being copied onto the host computer.

6) Use care when using your hotel’s  network. Even at your hotel, using the wireless network may not be safe depending on what country you are in. There could be fake networks setup by hackers staying at the hotel. Any given hotel’s own wireless network can easily be compromised as well. Of course even the hotel’s wired network does not guarantee privacy either (hence the suggestions above about travel laptops and flash drives).

7) Never access personal financial accounts while traveling. It may be tempting while killing time at an airport or at your hotel between meetings to check your bank account balance or pay bills over the Internet. Don’t do it. By doing so you may be putting your financial security at great risk.

8 ) Do not conduct sensitive email correspondence on shared computers at conferences or airports or other public places. You may think that by using your password or by using “official” computers that you are safe, but you aren’t. Such computers may contain software to monitor your emails amongst other dangers.

And two more steps for the very worried, semi-paranoid amongst us:

9 ) Use “disposable” passwords on your trip.  Often times the only thing standing between your data and a hacker are your passwords that you use for various things that may range from the one for your laptop to your email password.  A good rule of thumb is to change your passwords before you leave on your trip to one-time passwords and when you return change them back to your original passwords. In other words, use disposable passwords while traveling.

10) Copy & paste passwords from flash drives rather than typing them. It may sound odd and even paranoid, but when you type something on your computer you are especially at risk for being eavesdropped on. Sadly, whether you use disposable passwords or not, it is generally a good rule not to actually type them on your electronic device as it is a simple matter for hackers to install keyboard readers without your knowledge. If you are super worried about having your passwords stolen by keyboard readers, there are some simply but creative tips to avoid this problem. The best seems to be the “cut and paste” approach. For this, bring disposable flash drives with pages of text files hidden in which are specific passwords. Copy and cut the password (this relies upon you remembering what and where they are) from these text files on the flash drive, and then paste them into the password entry area.

Of course you may not do all of these things as that would be extreme and some might interfere with you working while traveling, but even taking a few of these tips may make your data safe as you travel and give you extra piece of mind.

It’s also likely true that if a talented hacker is intent upon getting information from you, they might succeed despite your best efforts. However, why make their lives easier?

Note: Protecting your data can be extremely tricky when traveling abroad because some countries, including Russia and China, prohibit you from entering with an encrypted device without government permission.

1 Comment

Comments are closed.