Business and government executives are especially vulnerable because they bring connected devices loaded with sensitive information, providing a window into an organization’s top secrets. They also travel internationally, which exposes their data to further risk.
However, any tourist can be a target for hackers. They travel with fewer cyber defenses and can have their personal information stolen and inadvertently provide hackers with access to additional data, systems and networks.
As we learned in the Marriott/Starwood hack in late 2018, convenient connections provided by airports, hotels and other public spaces can expose valuable information if not properly cyber secured. For example, it's not only your device that can be exploited. Hotel booking systems, airline reservation apps and other digital travel conveniences create a wide-open attack surface for cybercriminals.
Even with the security risks, travel is an inescapable part of life. Here are proactive steps you can take.
Exercise good cyber hygiene before departure
One of the first actions to take is to keep your device operating systems up to date. Outdated systems might miss important security patches that could protect hardware and personal information.
Make sure to change passwords before and after traveling as well as selecting complex words or phrases that are hard to guess. A strong password should be over 12 characters, with upper and lower case letters, include numbers and symbols and not be the same as any other passwords you use. Setting up two-factor authentication is another step that adds an extra layer of protection from hackers.
Think twice before posting on social media
There's more than one way to overshare on social media. You can accidentally reveal your exact location using GPS-enabled devices like smartphones or tablets that have apps using "Location Services.”
Once you post something about your business trip or vacation on social media you're handing over information to a third party. As soon as you do that, you have little control, if any, over how they use that information. Travelers should wait until after their trip to post photos, videos or other information that malicious actors might find valuable.
Reduce access points to devices
Anyone who has to use public Wi-Fi systems, whether it be waiting for a flight or for a meeting in a hotel lobby, should invest in a Virtual Private Network. A VPN secures your data on the network so malicious actors can’t see your activities.
In that same vein, disable automatic connection to Wi-Fi networks on your devices to prevent joining public Wi-Fi networks without notification. You should only use public, no password required Wi-Fi as a last resort.
It is also worth noting that international cellular data plans do not offer any additional protections. When traveling abroad, treat cellular networks as untrusted and conduct business on them accordingly. Travelers should also turn off their Bluetooth when not in use, as hackers can connect to a device and quickly download user data through this connection, access personal information and send messages or join infected networks.
Take only what you need
The fewer devices you have with you during your travels, the lower the risk of someone physically or logically accessing your data. If on personal travel, leave your work devices at home. If you can manage your work travel without your laptop, try to do so.
In the world of cybersecurity, sensitive information is more valuable than money. Travelers need to treat data and connectivity with extreme caution.
By taking a few easy steps to strengthen personal security, travelers can defend their personal and company information and avoid serious consequences.
Tom Goodman is director of international cybersecurity at Raytheon Intelligence, Information and Services.