Summer is here and for many families that means travels plans, but do your summer travel plans include taking care of your data and digital devices? Which digital devices do you plan to take on your trip and what sort of data do they contain? Perhaps more importantly: What kind of data can they access? These are important questions to think about because these days your data and devices are targets for thieves of all kinds, at all times, including when you're on vacation. In a moment I will have some tips on thwarting the bad guys, but first, think about this: What would happen if someone stole your smartphone or that company laptop you thought you needed to take along on the family sightseeing trip?
Quite frankly, if you could get hold of my iPhone and by-pass the security code you could access a lot of personal data about me. If you could also guess my passwords you could get to my bank account. On top of all that you could use my email to fake messages from me and pretend to be me on Facebook and Twitter.
Why would anyone want to do those things to me, or you, or to members of your family? The answer is simple: Money! There are underground markets in which you can sell all sorts of data, from bank account details to user names and passwords. And there are people who make a living stealing data to sell in these markets. Of course, there are also people who steal digital devices to sell, everything from smartphones to iPods and iPads, notebooks, e-readers, and tablets. Here are some tips to avoid getting stung this summer, by cybercriminals and plain old-fashioned thieves.
Physical Security Tips
We begin with the challenge of protecting the devices themselves. Bear in mind that criminals and scam artists have a long history of targeting people who are traveling or vacationing. Often when we travel we are distracted. We may be more likely to use poor judgement.
Before you leave home:
- Think twice about whether or not you need to take all those devices with you. Consider traveling light and taking a break from "always on" connectivity. It could be good for your stress levels and it means less to carry and keep track of, and less to lose.
- Check that you have the serial numbers of digital devices you are taking with you, plus support numbers to call for smarthpones and 3G/4G enabled devices like tablets and e-readers. If these devices are stolen you can call the carrier to report them missing and cancel service. You may be able to get them turned off or locked remotely (check you subscriber agreement).
- Consider purchasing software than can lock or track remote devices for you (examples include ESET Mobile Security for Android devices and LoJack for Laptops).
- You may want to invest in insurance for your digital devices, from the carrier or a third part like Safeware.
On the road:
- Don't leave digital devices in plain sight in your car. Put them in the glove box if it locks or in the trunk. But don't place items in the trunk when you are parking your car at your destination, do it before you get there.
- Place digital devices in the room safe if your hotel room has one. If not, keep them on your person so you know there are safe. Taking your laptop to dinner may be a hassle but it might be worth the piece of mind.
- Remain aware of your surroundings when using digital sevices in public places. One technique used by thieves working busy streets, malls, and events is just to grab the device out of your hands and run.
Logical Security
You might think that getting away from your office means getting away from people who want to steal your data, but the bad guys are quite happy to target travelers as well as company networks. A relatively new strategy for hacking people who are on the road was publicized in May by the FBI and an organization called the the Internet Crime Complaint Center (IC3). A warning to travelers was issued about a threat involving hotel Internet service overseas. The threat played upon the fact that people trying to use the Internet from a hotel in a foreign country are sometimes pretty desparate to get connected. So the bad guys found a way to pop up a message during the connection process that told the traveler to install a software update to complete the connection. The installation was actually a piece of malicious software. Here are some tips for protecting your data from this and other attacks:
- Make sure your operating system and antivirus software are updated before you go on the road.
- Backup your data before you head out (and store the backup in a safe place).
- Make sure you have password protection and inactivity timeout engaged on all devices including laptops, tablets, and smartphones.
- If possible, only use reputable hotel Internet service providers (ask the hotel who their provider is before you book).
- If the hotel Internet asks you to update software in order to connect, immediately disconnect and tell the front desk.
- If you use hotel Internet to connect to your company network use a VPN.
- Do not use WiFi connections that are not encrypted with WPA2 (avoid WEP encrypted connections which are easily hacked--see this post for tips on how to tell which encryption a hotspot uses).
- Consider using a 3G or 4G hotspot instead of hotel Internet or free public Wi-Fi hotspots.
- Avoid online banking and shopping while on any hotel or public Internet connection.
- Disable pop-ups in your web browser.
Finally, if you have not made any vacation plans yet this year, don't be tempted to fall for the "free, two-day cruise in the Bahamas for two" scam that is currently being perpetrated over the telephone. My colleague Aryeh Goretsky got not just one call trying this scam, but two. He describes the second one here and reveals the goal of the scam is probably to get your credit card number and charge you a non-refundable port fee.