Your personal safety is important when you travel, but how much do you think about your personal identifiers? Those need protection as much as you do, says Richard McKee, a cyber security professional with several decades of experience including law enforcement, national security, and the private sector. No matter what country you’re in, or even on domestic travel, you have to think beyond pickpockets and purse-snatching…because your phone can be a gold mine for thieves. IMG GlobalSecur, a leading provider of corporate travel security services, interviewed McKee about travel safety.
We hear all kinds of cybersecurity horror stories that occur when people are on the road.
What do we really need to know about mobile device security?
Well, we love our smart phones…which often contain a litany of personal data and for a lot of us, stored credentials. When we travel, that smart phone is often the only camera we take on our vacation. So for anyone who is reluctant to use a cheap “burner” phone, there are some things to consider. First, don’t plug your phone into any charging device you don’t own. Don’t use the stand at the airport, or the port in the base of the lamp in your hotel room. Use your own AC to USB charger. And if you have to use that USB port in the kiosk at the airport, make sure you use a USB data blocker. They are available online for about ten bucks…they attach to the end of your USB cable, and they block any attempts to read from or write to your device. You see that pop-up on your phone that says “Trust this computer?” Well, it’s because what you’ve plugged your phone into wants to exchange data with your phone. Do you really want all of your contact data downloaded into that rental car? You can prevent quite a bit by being careful about sharing…and that means guarding that connection carefully. In a worst-case scenario, if you’re traveling to any countries that are notorious for spying on visitors, I would say go ahead and get that cheap “burner” phone. The key is to understand the risk and take appropriate measures to safeguard your data.
So we’re in a foreign country, out seeing the sights, protecting our data, stopping for a beverage…are cyber cafes safe?
While in foreign countries it can be tempting to use cyber cafes to check your email, social media accounts, etc. Think about it – you’re typing in your username and password on a computer that you don’t own…one that dozens or even hundreds of people have used…they may have visited potentially malicious sites, or even installed malware. It’s a risk, so think carefully before you do it. If you absolutely have to use a shared computer like that for communications, I suggest creating a new, separate throwaway email account just for use while on travel…one that can’t connect anyone with the emails you got from your bank, your credit card company or anyone sending you any other sensitive information.
Why are cybersecurity experts wary of public WiFi? What do you know that we don’t?
Wherever you are, at home, in an airport or hotel, think about how you know what network you are really connected to. How do you know that is the coffee shop or hotel access point? Do you know if it’s encrypted? Most people don’t, which is why it’s a good idea to be cautious. Here’s what we know: there are a variety of attacks and exploits that hackers can use on WiFi. People who randomly connect to public networks can inadvertently make themselves vulnerable.
One of the best ways to make things more difficult for those bad guys is to use a VPN (Virtual Private Network). It can be used with your mobile device or with a laptop…The key is that let’s say you attach to your hotel’s WiFi. It builds an encrypted tunnel with the VPN that gets used before you go to your email, social media, or other sites. If you ever get the message “The name on the security certificate is invalid or does not match the name of the site” there is a possibility that your attempt to get at your email or other web site is being redirected through another server. That could be a proxy server, or it could be a somebody trying to perform a man-in-the-middle attack, and steal your credentials.
What else can we do to help protect our data from thieves?
If you have to use a public WiFi, be wary of the “always connect to” option. This will cause your device to remember name of that WiFi network. If it is not connected to any network, it will automatically attempt to call out to all of the stored network names in its memory. The bad guys can see that and then configure their malicious server to respond using that network name. Your device will automatically connect. When it does, all of your apps running in the background start trying to check in with the service.
Any tips for our travelers about safe social media usage?
Facebook, Twitter, Instagram, take your pick. People tend to want to post everything for the world to see. I say wait until you get home to post all those pics of your travels to that exotic place. Also, your social media account should not be visible to anybody that you don’t specifically authorize. A common scam we’ve seen is that when you are abroad, posting online, the bad guys will contact your friends. They’ll say there’s been a terrible accident, or you are in jail in whatever country you’re in. Many people actually fall for it. Most of us are not celebrities with a million followers on any given social media site, so don’t make your information visible to people you don’t know. Make sure that you enable multi-factor authentication on all your online accounts – email, social media, etc. If your credentials get compromised, it will at least try to require a code sent as a text message to your phone. If you use a burner phone, make sure you print out a temporary list of access codes. Also I suggest you use a different password for each social media account. I know that can be a pain, but ask yourself this: If your username for everything is your email address and then you use the same password, how much of your life can the bad guys take control of just through access to one account?
GlobalSecur Corporate Travel Security Services
IMG GlobalSecur has decades of experience in the security industry. Our team of safety experts stands ready to help you alleviate travel fears with our corporate travel security services including executive travel security expertise, employee travel security advice and employee medical assistance. In addition, our FoneTrac safety app backed with 24/7 on-call security professionals can assist you in staying safe while away from home or office. Contact us today!