Whether you’re searching for the sun or trying to escape the latest heatwave, many in the northern hemisphere will be travelling over the coming weeks. Here are some travel security tips to consider to protect your devices and your digital life while you are away from home.
First a word of warning – giving security advice to a wide audience can be misleading. This is because different people have different threat models and different constraints on their life. If you are rich or famous, you face different threats to most people. If you are a woman, a person of color, or LGBTQIA, you face much different threats than someone like me. If you are living in low-income circumstances or are disabled, a lot of advice you hear will just not work for you. Depending on the country or specific place you are travelling to, the threats you face can change.
With that in mind, and in the spirit of “first do no harm,” I will try to give you some ideas of the types of things to think about, as well as some advice that is general enough to not be harmful. A lot of this advice can be applied even when you are at home.
If you’re interested in listening to a thorough discussion of what security pros do to secure themselves while traveling, check out this episode of our Cyber Security Sauna podcast.
Prepare for loss & theft, harden your devices
On holiday, you are likely to be in unfamiliar places, more relaxed and less attentive than usual. This is a perfect combination for getting a device lost or stolen, you want to limit the damage if the worst happens. With that in mind, here are some things you should think about doing before you go:
- Backup your devices. Test that your backups work.
- Make sure your devices are all locked with a passphrase – no PINs, no fingerprints, no face identification.
- Don’t forget to set a code on your eBook reader, the longer the better.
- Make sure you have installed all the pending updates.
- Make sure you have a reliable anti-malware installed (including on mobiles and tablets).
- Turn off functionalities that you don’t need, such as Bluetooth and NFC.
The less you have to protect, the less you have to protect
For the same reasons as you harden your devices, if you can, don’t bring all your devices with you. The less you have to protect and remember, the better.
Leaving devices at home also means that if something goes wrong, you will still have a working device at home with all your accounts and data.
This goes double if you are visiting a country where basic civil rights protecting your privacy are under threat – if you don’t have your device with you, you can’t be forced to provide something you don’t have.
Border police in some countries are forcing travelers to provide access to their social media and email accounts – you are likely to be at increased risk of this kind of violation of your basic civil rights if you happen to reflect less light than the police consider acceptable, or have a name or way of dressing that identifies you with a targeted minority.
Depending on where you are going, and your personal threat profile, you may want to go a step further, and only bring “burner” devices.
A burner device is simply a device that you do not care if a malicious actor gets access to its full contents. You can create a burner very easily from an old device:
- Wipe or factory reset the device completely
- Install only the minimum needed applications
- Do the same hardening as above
- Do not install any of your email, social media, banking, or similar sensitive services
- Do not even login to these services from this device
- Do not install or sync your password manager
That’s it – you now have a holiday burner device that can be safely handed over and even opened in front of unreasonable warrant-less search requests.
Be careful with public devices
Where possible, avoid using public computers and tablets in hotels, airports, and libraries.
You don’t know where they have been, who was on them before you, or what nastiness they might have installed.
If you must use them, definitely avoid logging into any of your important accounts – email, social media, bank accounts.
If you insist on logging into your accounts, at least make sure you logout of everything before you leave, and clear all browser history.
When you get home, consider changing the passwords for the accounts you used in risky places while you were away. Your password manager will make this super easy.
While you are updating passwords, you can also take a quick look at your bank and credit card statements.
Check for any strange transactions, which might be a sign that your card details were stolen in a shop or a restaurant while you were there.
If in doubt, you can call your bank – if necessary cancel the card and order a new one. To reduce the risk of stolen card details, cover your hand while you enter your PIN and try to keep your card in sight if you need to hand it over when paying. You can also try to check ATMs and card machines for skimmers by running your hand over them and pulling a bit.
Connecting your devices can be dangerous
Be careful about what you connect your devices to and where you charge them. A simple example – if you sync your phone in a rental car, all of your phone contacts and other synced information will likely now be available to the rental company and to the next drivers to look at.
When connecting, pay attention to the warnings on your mobiles and tablets asking if you want to allow syncing of your contacts and photos – feel free to say no!
You can avoid the question altogether if you bring a few power banks.
Prepare for less internet
You never know when you won’t have access to the fast cheap internet you are used to at home – downloading maps, books, videos, and games onto your devices can help you avoid frustration.
Within the EU, your phone subscription often includes a large free roaming data package – if you have this, use it when possible.
But you will probably still need to connect to public WiFi – when you do this, use a trusted VPN so that that no one can see or manipulate your traffic.
Consider what information you make public
Holiday periods often see spikes in home burglaries, because the criminals know people are away, and so they can take their time and have less danger of being caught.
Public social media posts can be very useful for criminals. Consider only posting your holiday details and photos when you are already back home.
This includes avoiding adding your location to things you post while you are away. In fact, this is a good idea anyway – it is very easy to work out people’s home and work addresses, as well as basic schedules, from location tagged public social media.
Security is not supposed to make your life hard or remove your enjoyment.
Remember that crime is not nearly as common as media focus and our human cognitive biases make us think.
Taking a few simple steps ahead of time, and keeping a small level of awareness is enough.
Do not spoil your holiday by becoming hyper-vigilant and afraid of every shadow.