How to keep criminal hackers from ruining your vacation
There鈥檚 a million things to think about when planning a trip 鈥 tickets, transportation, socks. While you鈥檝e probably got a section on your packing list for electronics (don鈥檛 forget your charger!), you might not have thought about your devices鈥 security for the trip ahead.
Especially in unfamiliar environments and on public Wi-Fi, it鈥檚 important to keep your digital security in mind.
鈥淭his all kind of boils down to knowing your surroundings,鈥 said Lysa Myers, security researcher at the cybersecurity firm ESET. 鈥淵ou don鈥檛 know who鈥檚 on the network with you or what their intentions are, so it鈥檚 best to air on the side of caution.鈥
That advice is essential for people听headed to the Olympics in Brazil, which has become something of a听听according to .
In fact, US intelligence officials have urged Americans traveling to Rio de Janeiro to bring devices that don鈥檛 contain any personal information. The National Counterintelligence and Security Center Wednesday to raise awareness about the digital risk, saying the Olympics are a 鈥済reat playground鈥 for attackers because of the 鈥渟heer number of devices.鈥
But wherever you're traveling, it's not a bad idea to consider safeguarding your data. Here are eight steps for beefing up digital security both before you go.
1. Try to bring a phone without any personal information
Do some Googling before your big trip, especially if you鈥檙e hopping on a flight to China or another country known to engage in corporate espionage. Even if you鈥檙e just taking a vacation, consider deleting you work email account from your phone because your company鈥檚 communications are valuable.
In fact, mobile devices have proven to be for foreign spies, and both Russia and China prohibit travelers from visiting with encrypted devices. Scrub as many of your texts, photos and notes as possible. If that's too difficult, consider buying a pre-paid for cheap.听
2. Don鈥檛 bring extra tech or info
That includes extra USB sticks, unnecessary backup drives, and even spare business cards of your colleagues and friends that may be kicking around in your wallet. Any extra information someone has about you could be used to attempt to compromise your device or steal your information, said Garry McCracken, vice president of technology at disc encryption company WinMagic.
While you might not travel with USB sticks on vacation, you might for a business trip.
鈥淚f your bag gets stolen or somebody goes through it at an airport or at a hotel room, there鈥檚 no sense in giving them extra information. And you don鈥檛 even know what you鈥檝e lost if you鈥檝e got a two-year-old memory stick in the bottom of your bag,鈥 said Mr.听McCracken.
3. Use strong passwords
That means you need to a password in the first place. Setting a password prevents someone from gaining access to your device just by turning it on, ESET鈥檚 Ms. Myers said. Make sure, too, .
鈥淚f you have a passcode on [a device] or a biometric scan like a thumbprint,鈥 she said, 鈥渢hat makes it a lot harder for criminals to be able to do anything with it.鈥
To go a step further, Myers recommends changing passwords again once you return from your trip.
鈥淎 smart security person will change their passcode to something that they don鈥檛 use anywhere else while they鈥檙e on that network, and change it again when they get back home again,鈥 she said. This prevents someone from continuing to access the device if the password is compromised.
4. Update software
A quick way to bolster digital security is making sure you鈥檙e running the latest version of your device鈥檚 software. This prevents would-be attackers from exploiting any known vulnerabilities in older software and delivering malware through fake software updates. It鈥檚 important to do this step at home, Myers said.
鈥淭here are a lot of scams that are already out there where they will try to target people on hotel networks with what look like software updates,鈥 she said. 鈥淚f you鈥檝e updated them at home, you can just ignore whether that鈥檚 real or not until you鈥檙e back home again.鈥
As a bonus incentive for doing this at home, Myers noted that the often-crowded public networks make downloading updates slower. Updating at home can make the process less painful.
5. Encryption is your friend
Encrypting your devices helps protect your information from being compromised if someone steals your device or has direct access to it without your knowledge. Even if they were to make off with your machine, any data they pull off of it would be unreadable because they don鈥檛 have the encryption password that you set.
鈥淓ncryption is always a good idea,鈥 Myers said. 鈥淚f you lose your device and it鈥檚 encrypted, that leaves much less useful info for the thief to get a hold of.鈥
For your computer, that can mean , where all of the information stored on a hard drive is coded so that only the person with the encryption password can read it. Or, you can opt to encrypt select files. Learn more about encryption for your computer . Your phone might already have encryption by default enabled . Otherwise, you鈥檒l need to enable full-disc encryption or older iPhone.
6. Keep devices with you听
WinMagic鈥檚 McCracken recommends keeping your devices with you as often as possible to avoid what is known as According to McCracken, the attack can happen if someone has access to your device without your knowledge, loading keystroke-logging software onto your device to track what your encryption password is as you type it when you boot your machine back up.
The attacker can collect your password later by gaining access to your device again. It鈥檚 called an 鈥渆vil maid鈥 attack because someone could pose as a housekeeper in a hotel and pretend to clean your room while instead compromising your device.
鈥淚f you鈥檙e careful, then you can even thwart an evil maid attack,鈥 McCracken said.
One way, he said, is to use . This limits the available space on a hard drive to prevent an attacker from downloading software onto the computer. Another option is to use two-factor authentication.
Cryptographer Bruce Schneier that secondary authentication to verify your identity creates an added layer of complexity. While this won鈥檛 entirely thwart this kind of attack, 鈥渋t鈥檚 more work than just storing the password for later use,鈥 he wrote.
7. Avoid public Wi-Fi
Public Wi-Fi is an easy place , where a third-party eavesdrops or changes your Internet traffic. It鈥檚 especially a concern on public internet because anyone can connect to it. Myers recommends staying away from public Wi-Fi if possible, but if you must use it, make sure you鈥檙e connecting to the real network. That means enabling the 鈥渁sk before connecting鈥 setting on your device so you don鈥檛 automatically connect to an open network.
鈥淎lways select the option of having it ask you first,鈥 she said, 鈥渂ecause you don鈥檛 really know who鈥檚 going to be in charge of that Wi-Fi, if it鈥檚 an official Wi-Fi network or if it鈥檚 a rogue network that someone鈥檚 set up to look like an official network.鈥
What's the best way to tell the difference between a real network and a fake one?
鈥淎sk,鈥 she said. 鈥淚f you鈥檙e not sure, there鈥檚 someone nearby like an information desk where they will know what the real network name is.鈥
8. Beware of Bluetooth connections
Finally, disable your device鈥檚 Bluetooth connection when you aren鈥檛 using it. Attackers can exploit an active Bluetooth connection to听. Especially when renting a car with wireless connectivity, your device could automatically pair with the vehicle, exposing your contact information, Myers said.
鈥淚f you can turn that off, it鈥檒l save you a lot of potential heartache,鈥 Myers said.
For more tips on upping your digital security, check out privacy nonprofit the Electronic Frontier Foundation鈥檚 鈥溾 and ProPublica reporter Julia Angwin鈥檚 .
听
