With summer in full swing, many of us are traveling to the mainland and foreign destinations for vacations and business. Along with our toothbrushes, clothes and other traveling essentials, we are bringing our internet-enabled mobile devices such as smartphones and laptops. These devices have become essential for maintaining communications while away, enabling business on the go and making it possible to share every moment of your traveling experience in real time. At the same time, these electronic devices are at the highest risk of being compromised or even stolen while you travel. This risk is elevated when traveling outside of the U.S.
Most other countries do not have the same legal restrictions against technical surveillance that the U.S. has enacted, and many countries do not observe the same expectation of privacy when it comes to electronic communications. Therefore, generally assume that your internet communications are not private. In addition, assume that the internet Wi-Fi access points you are connecting to while traveling are less secure than your home or work network. Adopt this security posture before, during and after your international trip and follow these security tips to protect your information online while traveling:
Before your trip
>> Back up the information on the devices you intend to travel with. You should assume that you might need to fully restore your device from scratch. Therefore, back up the necessary system files as well.
>> Remove sensitive information (and even applications) from the devices that are not needed for your trip in case you lose the device. For example, you likely do not need your retirement account information or electronic tax returns while traveling.
>> Update the software on the devices to ensure the latest security patches have been applied. Install anti-malware software and lock your device with a password.
>> If you must carry sensitive information with you, enable disk/storage encryption. This will render the information unreadable without the password or key.
>> Consider enabling geolocation features on the device so you can find it in case it is lost.
>> Consider subscribing to a mobile hotspot service, which is essentially a portable Wi-Fi device and internet service that you can bring with you while you travel.
During your trip
>> Disable the features that automatically connect your devices to Wi-Fi or Bluetooth networks. While traveling, you want to have full control over which network to connect to and when.
>> Connect only to the legitimate Wi-Fi hotspots of trusted vendors. If you brought a mobile Wi-Fi hotspot with you, use that exclusively during your trip to limit your exposure.
>> Only use your own devices and avoid using publicly provided computer terminals, especially if you need to conduct a sensitive transaction (for example, online banking).
>> Utilize secure connections (for example, “https”) and virtual private networking (VPN) technology for any sensitive connections.
>> Lock your device with a password when it’s not in use, and never leave it unattended in a public place.
>> Be especially aware of phishing by email and text messages. We tend to let our guard down and are most vulnerable when traveling.
>> Periodically run anti-malware scans to remove any malware that may have reached your device without your knowledge.
After your trip
>> Run a full anti-malware scan.
>> Copy any new data and photos from your trip to a USB drive. Copy it back to your device after restoring from backup.
>> Restore your remaining data from the backup you made before your trip. Depending on how much you exposed your computer to public networks while traveling, consider fully restoring your device data, including system files, from the backup to ensure any malware that reached the device while traveling is removed.
>> Change all passwords to services you used while traveling in case they were compromised.
In essence, when traveling internationally treat your devices and the data in them just like your suitcases. Bring only the data you need, get a lock for it, secure it at all times during your trip, clean it out when you return and make sure you brought back only what you intended.
Michael Miranda, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), a Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at michael.miranda@hawaiiantel.com.