Smartphone, tablet, laptop. Chances are you carry at least two of these devices on the road. I’ve been known to pack all three, along with a BlackBerry, for good measure. (Yes, I know: overkill.)
In many ways, our gadgets have become invaluable travel companions. But with their proliferation come new opportunities for cybersecurity breaches—whether it’s using an insecure Wi-Fi hot spot to check your e-mail or losing a device as you move from place to place. Unless you are carrying state or trade secrets, you are probably not a target for major espionage. But even the most leisurely of leisure travelers is still vulnerable. The risks run the gamut from having your credit card information stolen to full-on identity theft. Here are the major threats you should be aware of—and how to avoid them.
The shared computer.
Experts agree: don’t use them. That goes for the ones you find in scruffy cafés as well as those in business centers, even at reputable hotels. James Lyne, an expert on cybercrime and global head of security research at software developer Sophos, says that he routinely scopes out the computers at his hotels—and invariably finds them riddled with some sort of malware. At best, you may leave a trail of revealing crumbs from not logging out of websites or fully deleting files. At worst, someone could be recording your every keystroke and capturing your passwords and other sensitive information. Just printing out boarding passes can leave you exposed, Lyne says, as many airlines ask you to enter your name, birth date, and even passport number.
The fake hot spot.
Here’s the scenario: you’re traveling abroad and don’t want to rack up data roaming charges, so you’re relying on Wi-Fi. You pop into a café or a park and see that you’re within range of a network. Too good to be true? Unfortunately, the answer is all too frequently yes. According to Lyne, fake hot-spot registration pages, which entice you to hand over your credit card information, are a favorite scheme for hackers. Free networks are just as suspect. They can be used to lure you onto malicious websites or to track your movement online. Your best bet is to travel with a personal Mi-Fi hot spot, which uses the cellular network to provide Wi-Fi to several of your devices. Or buy an annual subscription to a service such as Boingo, which offers access to more than 1 million verified hot spots around the world. (Global plans start at $7.95 a month.) It’s also worth noting that cellular networks are (more or less) immune to hacking. Most service providers have reduced their data-roaming rates in recent years.
The unsecured network.
Even when you are logging onto a known network, including those provided by hotels and airports, don’t let your guard down. In 2012, the FBI warned that hackers were specifically targeting hotel Wi-Fi networks. According to the cybersecurity experts I spoke with recently, that threat remains. Check that the network offers some level of protection. It should require a username and password and, according to Stephen Cobb, senior security researcher at antivirus-software maker ESET, employ WPA2 encryption, instead of the less-secure WEP. (In Windows, hover your mouse over the network name to see which encryption it’s using; on Apple devices, look under “network preferences.”) But if you truly want to keep your online actions private, use a virtual private network (VPN) service, which basically creates a separate channel within the larger network. Many companies use them for employees, but they’re becoming popular with individuals, too. Boingo subscriptions include VPN service; Norton sells day passes for just $2.99.
The missing device.
Whether it’s lost or stolen, a missing smartphone can be more than just a major inconvenience. These days, our phones contain reams of information about us in the form of calendars, e-mails, and apps. Make sure you have some sort of “find my phone” service installed and activated on your mobile devices. If your phone or tablet goes missing, lock it, track it, and change all your passwords immediately. You also have the option of remotely wiping the device of all your data.
The social snoop.
Beware of oversharing on social media. You may have heard of thieves targeting houses whose owners publicize their absences online. Now there’s a new threat: “social engineering” attacks that use the information you share to gain your confidence, says Emilian Papadopoulous, chief of staff at Good Harbor Security Risk Management in Washington, D.C. One example: A person contacts you posing as an employee of a hotel you recently visited. She asks for your credit card information to take care of some incidentals. You hand it over without a second thought. Remember this before you Instagram your way through your next trip.
Four more ways to keep yourself cybersecure:
UPDATE YOUR SOFTWARE
This includes your operating system, antivirus protection, and Web browser—and applies to both laptops and mobile devices. Those app updates you’ve been ignoring could have security fixes.
BACK IT UP
Use external storage to keep copies of your most valuable data in case your mobile device or laptop goes missing. And erase from your hard drive any sensitive files that you don’t need while traveling.
WATCH WHERE YOU SURF
Only enter personal information on websites that have the prefix “https,” which signals deeper encryption.
MAKE PASSWORDS LONG AND STRONG
And take advantage of the two-step verification measures that an increasing number of sites are offering. You enter one password online; another, temporary one is sent to you via SMS.