Fraudsters successfully affected a record 15.4 million Americans in 2016, up 16% from the year prior, according to the new 2017 Identity Fraud Study from Javelin Strategy & Research. Bringing “smart” objects with you in public can provide opportunities for criminals to attack.
Staying Secure on the Road
While your network at home or at work may be secure, you should assume that any network you connect to when traveling cannot be trusted. You never know who else is on it and what they may be doing. Here are some simple steps that go a long way to protecting you and your data before you travel
- The safest information is information you don’t have. Identify what data you do not need on any devices you are bringing with you and then remove that information. This can significantly reduce the impact if your devices are lost, stolen, or impounded by customs or border security. If your trip is work related, ask your supervisor if ARHS is cool with you using your device abroad.
- Lock your mobile devices with a strong password or passcode. That way if its stolen or lost, its harder for people to access your information on it. In addition, all ARHS devices that are taken offsite are to have full disk encryption enabled. For most mobile devices, this is automatically enabled when you use a screen lock.
- Install or enable software on your device so you can remotely track where your device is, even wiping it, if it has been lost or stolen. These services have the unfortunate side effect of only working when they’re turned on.
- Update your devices, applications, and anti-virus software before leaving so that you are running the latest versions. Many attacks focus on systems with outdated software.
- Do a complete backup of your devices. This way, if something does happen to them while traveling, you’ll still have all of your original data in a secured location.
2. Lost / Stolen Devices
Once you begin your travel, ensure the physical security of your devices. For example, never leave them in your car where people can easily see them, as criminals can simply smash your car’s window and grab anything of value they can see. While crime is definitely a risk, according to a recent Verizon study, people are 100 times more likely to lose a device than have it stolen. This means always double-check you still have your things as you change locations.
3. Wi-fi Access
Accessing the Internet while traveling often means using public Wi-Fi access points, such as ones you find at a hotel, a local coffee shop, or the airport. There are two problems with public Wi-Fi: you are never sure who set them up and you never know who is connected to them. As such, they should be considered untrusted. In fact, this is why you took all the steps to secure your devices before you left. In addition, Wi-Fi uses radio waves, which means anyone physically near you can potentially intercept and monitor those communications. For these reasons, if you do use public Wi-Fi, you need to ensure all of your online activity is encrypted. For example, when connecting online using your browser, make sure that the websites you are visiting are encrypted. You can confirm this by looking for ‘HTTPS://’ and/or an image of a closed padlock in your address or URL bar. In addition, you may have what is called a VPN (Virtual Private Network), which can encrypt all of your online activity when enabled. This may be issued to you by work, or you can purchase VPN capabilities for your own personal use. If you are concerned that there is no Wi-Fi you can trust, consider tethering to your smartphone. Warning: as we mentioned earlier, this can be expensive when traveling internationally. Check with your service provider first.
4. Public Resources
Do not use public computers, such as those in hotel lobbies or at cyber cafes, to log in to any accounts or access sensitive information. You have no idea who used that computer before you, and they may have infected that public computer accidentally or deliberately. Whenever possible, use only devices you control and trust. At best, public computers are good for public information, such as checking the weather or catching up on the news. Signing in to any accounts, such as your Google account, could be an invitation to hackers who might be watching.
5. Remember to lock your devices
Just like here at ARHS, you need to remember to lock your device whenever you leave it. If they didn’t physically take the device, they could still have time to install software that would allow them to remote control your machine, capture all your keystrokes, or even worse… set your desktop background to a picture of David Hasselhoff. The WindowsKey + L is a keyboard shortcut to lock your computer.
Remember, no one in IT will ever ask you for your password. Do not ever give someone in IT your password. That puts both of you at risk and in violation of HIPAA compliance.