When you go on vacation, you take out travel insurance, place your jewelry and valuables in a safe, make sure you lock the house, and turn on the alarm. We take precautions necessary to protect our things while we are away. In a connected world, where we share information online and work in organizations that incorporate Bring Your Own Device (BYOD) policies and enable access to corporate emails from personal devices, we should do the same because cybersecurity doesn’t take time off. It’s important to remain diligent and protect your sensitive information even when you’re away from the office. As summer is in full throttle, we compiled a list of cybersecurity risks that you should be aware of when you plan and go on vacation. And since vacation time is supposed to be downtime, we also set out a list of tips and advice to ease your worries.
When planning a vacation
- Use reputable websites. While you’re at the planning and dreaming stage, make sure that you book your flights and hotels on official and legitimate websites that have the proper cybersecurity measures to handle payments, passwords, and personal information securely.
- Avoid using websites that advertise through spam or clicking on links from “spammy” emails or unknown senders. This way you will avoid falling prey to malicious advertisements that spread malware or to phishing schemes that attempt to acquire sensitive information, such as personal and corporate passwords, or even ransomware attacks.
- Browse in HTTPS secure mode. This way communication between your browser and the website is encrypted, enabling you to type personal information such as credit cards, passport numbers, etc., and preventing hackers from intercepting.
Before Leaving on vacation
- Update your applications and antivirus software. This includes operating systems and browsers, on all your devices, in order to make sure that any known exploits are patched by the latest security fixes.
- Back up your data. By backing up your files and apps, if your information gets lost because of loss or theft or even physical damage to your device (a spilled cocktail or rough ride), your information will not be lost. Also, clean up the data saved on your device and erase any sensitive or redundant files that aren’t necessary while you’re away.
- Pack your chargers. Charging your smartphone by plugging it into a public kiosk puts you at risk of having your information retrieved or downloaded without your consent – a cyber-attack called “Juice Jacking”. Also, by merely plugging your device into an unknown USB port, and not even clicking on anything, you are susceptible to malicious software downloads. On this note, never insert or upload any foreign media –USB sticks, flash drives, CDs or DVDs, to avoid risk of malware infection.
- Ensure your devices are password protected. Use personalized passwords and two-step verification measures to protect your devices and any access to sensitive information that is stored on websites and apps. Also, consider setting a limit on the password attempts on your devices.
When in transit in the airport
- Avoid using unsecure Wi-Fi. This includes free networks in airports because a seemingly legitimate open network with the airport’s name or “Airport Wi-Fi” can turn out to be a rogue network set up by a hacker. Once you connect to such a network, the hacker can carry out a Man-in-the-Middle (MitM) attack and intercept all of your communications, extracting passwords and accessing your email and social media accounts, as well as any other personal information you might be revealing while online.
- Disable your automatic check-in to places and location tracking. Refrain from publishing on your social media accounts that you are in an airport or heading to your holiday destination. This information might be noticed by robbers, not just your friends.
While on vacation
- Avoid open Wi-Fi networks. Opt to purchase a data plan from your cellphone carrier or use a personal hotspot rather than using open Wi-Fi networks. Otherwise, many hotels offer secure Wi-Fi, so opt to use their hotspots. However, check with an employee before you access an open Wi-Fi network. It is best to disable the option to connect to Wi-Fi when you’re on not on your home turf.
- Use HTTPS mode. If you check emails, social media and any other websites that require a login and password, use HTTPS mode for the reasons mentioned above. Try to avoid doing online banking and other sensitive activities. If you access corporate information, use a virtual private network (VPN) to protect your data, so that even if the Wi-Fi network gets compromised, the data will still be protected in the absence of access to the decryption key.
- Be cautious of physical loss or damage. With all the virtual aspects, your devices are equally exposed to getting lost or stolen so practice caution. Don’t leave them out of sight when charging or unattended; lock them in your room’s safety box (using a password that is not a generic 1234, or 1111). Additionally, install apps, such as “Find My iPhone” that can locate them if they are out of your sight and wipe their data remotely in the event of theft. You can also download apps such as “iGotYa” and “Lockwatch” that catch the thief on camera and upload the criminal’s photo to the cloud.
- Be careful about Bluetooth connections. If you use Bluetooth connections, for example when you rent a car or use the hotel’s amenities, make sure you delete the data when you disconnect because sometimes information from your smartphone remains stored on the connected device even after the connection has been terminated. Also, if your mobile device is set so that any Bluetooth network can connect to your device without requiring confirmation, a hacker can connect to your device unbeknownst to you and install malware or steal information. Check your connectivity settings to require confirmation, or disable the Bluetooth connection if you do not need it.
- Use public computers with diligence. If you have to check-in and can’t do so from your own device, or need to print something out, assume that anything you do can be traced. Make sure to log out of websites and delete the history and any downloads. Also, do not log on to websites that require usernames and passwords in case the computer has been hacked and has a keylogger installed that can capture your passwords and other sensitive information.
- Don’t be lax with checking emails. It might be downtime for you, but not for cyber criminals, who are constantly looking for cracks in security to get into corporate networks. To avoid becoming a victim of a phishing attack, be aware of suspicious emails, unknown and shady email addresses, unusual requests for passwords, etc. Also, be extra diligent when clicking on links and downloading attachments to avoid becoming victim to cyber extortion through ransomware.
Summertime is a great time to go on vacation and enjoy the long days and great weather. Make sure your data is added to the list of things you keep an eye on and follow our tips, so that you can have fun in the sun and re-energize.