Top ten tips for cyber security when travelling
Being conscious of the security of your devices whilst travelling is paramount, particularly with mobile devices which are now full of personal information, even more so than a traditional computer desktop. Crime within the “cyber” realm is growing each day as criminals take advantage of unaware victims. Not everyone is computer savvy, but computer literacy is essential in modern times, and how to protect yourself whilst you browse online or check emails is a necessary skill everyone should have – not only to protect yourself but the others you interact with. Attacks coming in via third parties are commonplace and you do not want to be that third party. Save yourself the embarrassment and risk by educating yourself around the threat landscape and minimise your attack surface whilst travelling.
Please take into consideration some of the tips detailed below when you next travel. It is not extensive list and it is unlikely you will be 100% secure as attackers find innovative ways to surpass security controls. Having good cyber hygiene and awareness is something which can beimproved upon by keeping up to date with the latest threats and knowing what you can do about them.
Top Ten Cyber Security Travel Tips
- Backup your Device
- Wipe device of sensitive data
- Turn on ‘Find my device’ and ‘Remote wipe’
- Turn off unused features
- Disable visibility on features
- Be aware of end of life support
- Turn off Wifi when not in use
- Be wary of untrusted networks
- Be careful where you are charging devices
Further details on travel security for mobile devices:
1. Backup your device
Backing up your devices before travelling gives you the resilience you may need if you misplace your device or it is stolen.
2. Wipe device of sensitive data
Prior to heading to your destination it would be wise to set off with a clean phone. It is sensible to get into a good routine of doing this to maintain a good security posture for your device. Over time devices can build up a lot of sensitive data, not just your data but other people’s data, you may care about, or have a professional duty to protect.
3. Turn on ‘Find my device’ & ‘Remote wipe’
In the event of you becoming separated from your device you will want to have a remote wipe functionality. If you have backed up your device previously this prevents substantial loss of information. In addition to this, most modern phones now come with a ‘Find my device’ feature which can help reunite you with your device.
4. Turn off unused features
When you are travelling, your devices can act like a beacon connecting through to access points and connections which beacon back. For example it is strongly advised that you turn off your Bluetooth when not in use. Not only does this save your battery but gives a level of privacy and security.
5. Disable visibility on features
If you have the option to turn off visibility for features, for example Bluetooth or device name, it will give you added privacy.
If you are able to change the name of your device please do so as this is advertised when you are using certain features on your phone. For example when you are hot-spotting, the people nearby can see it’s “X Persons name iPhone”.
Do not leave it until last minute to apply updates. Sometimes these can take time and you do not want to be caught off guard whilst abroad incurring expensive data roaming charges because you didn’t apply the latest patches before travelling. This is particularly important in the use of burner phones or new phones, which may not have of been turned on for a significant amount of time.
7. End of life support
Be aware that some phone operating systems come to the end of life after a certain period of time, normally around five years. An example of this is the iPhone 6 which will no longer be supported and be able to get the latest iOS 13 update. Due to this, these phones will no longer receive important security patches. Other examples of this are operating systems such as Microsoft Windows 7. Support will cease in January 2020. Operating systems outside of the support period do not get the important patches required and start having weak spots for attackers to take advantage of. Please be mindful of this if you are considering using an older product for a “burner”.
8. Turn off Wi-Fi when not in use
With most phones now providing 4G and soon to be 5G data speeds, it isn’t always necessary to join to Wi-Fi which is outside of your home or office. I would recommend hot spotting from your mobile for your laptop use when away from a trusted Wi-Fi point. Leaving your laptop / mobile Wi-Fi on at all times heightens the chance that you will connect to a rouge access point.
9. Be wary of untrusted networks
It is possible to spoof Wi-Fi Access points where a victim can join and be tricked into thinking their traffic is safe and secure, when it is not and the attacker is monitoring and recording data. The portal you login to looks very legitimate and would be a cloned copy of the original. If you really need to join a Wi-Fi point, be sure to connect to a secure Wi-Fi point which is trusted and password protected. Even then be cautious around what you are doing on your device. If possible use a VPN which will add a layer of encryption to your traffic and give you added privacy and security.
10. Be careful of where you are charging your devices
Firstly do not leave your devices unattended, the lure of having a quick boost to your devices can sometimes take away the common sense required around its security. It has been known for charging ports and even the chargers themselves to be able to launch attacks on devices by hosting malicious payloads that enact when the device is plugged in. When travelling it is always wise to invest in a battery pack, so if you are caught short you can get a charge on the go.
If you are interested in educating yourself further about online and technical security, please take a look at our training courses. Courses can be adapted to business needs in our Cyber Security Awareness Training. Our Cyber security courses are delivered by our own in house award winning security researcher. She is unique and the first to deliver training focused for Operational Cyber Security Awareness to operatives who serve on the front lines and need to have the skills to better protect themselves and their clients.