Practical tips for protecting your data while traveling
When you’re away from home, the settings can be unfamiliar and your routines are disrupted. It’s hard enough to manage that vulnerability while navigating security checks, arriving at the right gate, or meeting up with your group on time.
When you add cybersecurity concerns, it can be overwhelming. The good news is a little planning can do a lot to protect travelers, according to Randy Rose, Senior Director of Operations and Intelligence at the Center for Internet Security.
“You have to be proactive,” he says. “Anyone asking how to prepare before travel is already ahead of most people.”
The FBI and FCC recently warned travelers about juice jacking, a new and surprising threat to many. They warned not to use public charging stations as bad actors could use them to load your phone and other devices with malware.
Though technically possible, the FCC said they have not received any reported instances of juice jacking. The risk was higher years ago when phones immediately attempted to download content after someone plugged it in—today’s phones essentially eliminate the risk, according to James E. Lee, the COO of The Identity Theft Resource Center.
Other cybersecurity threats happen much more regularly, and those dangers can be heightened during travel—from exposure via public wifi to “shoulder surfing,” when all a bad actor needs to do is peek at your screen to obtain your sensitive information.
While threats constantly evolve, some simple steps can help protect you from the most common dangers. Here are ways travelers can keep their digital lives safer and still enjoy their trip.
Update and prepare your devices before you go
Making sure your phone, computer, and tablets are ready to travel is one of the best ways to protect yourself, according to Rose. Start with checking that you have installed every software update available, and consider setting your devices to auto-update so you won’t have to do this manually in the future. These updates often have critical security patches that can safeguard your devices from recently discovered threats.
“You want to do this all from home,” he says. “You don’t want to be downloading updates on the flight.”
Then go through the settings and disable auto-connecting to wifi so you don’t accidentally connect to a suspicious network, turn off location services, which bad actors could use in multiple ways to track or attack your devices. You can still use these features, but it’s best to be intentional instead of allowing your phone to automatically decide.
If you don’t already have login security set up, make sure access to your phone requires a passcode or facial recognition. Set up the Find My Device feature on anything you bring, which will let you find something that has been misplaced or delete everything if someone steals it.
While you’re safeguarding your devices, it’s not a bad time to back up all your important data. It doesn’t just protect you in the case of theft—this could save you from a headache if you lose your phone.
Get a VPN (and use it)
From the danger of man-in-the-middle attacks to malware, connecting to public WiFi can leave you vulnerable to cybercriminals looking to steal your data.
To avoid this situation, invest in a VPN, or a virtual private network, before you leave home. This creates a secure connection between your device and the internet.
“They’ve gotten a lot more accessible and affordable,” says Lisa Plaggemier, the Interim Executive Director at the National Cybersecurity Alliance.
If you don’t have one already through work, VPNs typically cost under 10 dollars a month, with many under five. The downside of VPNs is they slow down data speed, but it is a small price to pay to make public wifi safer to use, according to Plaggemier.
Some digital security comes from paying attention to your physical surroundings. “You have to be situationally aware,” Plaggemier says.
That means keeping your devices with you or left in a secure place like a safe in a hotel room. If you have them out and are typing anything sensitive, ensure no one is sitting behind you or use a protective screen that makes it harder for others to peek.
When you are not actively using your phone, keep it locked. Logging out of apps after you’re done using this creates another step for you later, but it could be worth it.
“We have this tendency to stay logged into apps,” she says. “It’s harder for bad guys to get in when you’re logged out.”
Bring your own gear
Though the risk of juice jacking is low, to be safeLee suggests skipping plugging into random USBs and sticking to wall outlets or the type of USBs built-in into furniture at a hotel or towers at the airport. Pack a spare cord so you don’t have to buy one, putting you at risk of getting one pre-loaded with malware.
“Your data is safe if you’re using your own cord,” Lee says. He also recommends not charging your devices in a rideshare like Uber, even if you’re using your own cord—“plugging in can trigger an option to connect your phone to the vehicle’s system, which the driver may be able to accept without you knowing.”
Packing a portable power source so you don’t have to do that is also an option and has the added bonus of giving you a power boost even in areas without outlets.
While plenty of stores sell wallets or sleeves that claim to protect you from scams that access Radio Frequency Identification (RFID), the chips being built into credit cards that allow you to tap and pay. There’s no need for RFID shields, according to Lee.
“RFID might be newer for Americans,” he says. “But other parts of the world have been using it for years without a major surge in theft.”
AI-created scams are not a problem (yet)
Criminals are beginning to experiment with deep fakes, a synthetic media created with AI that mimics a person’s likeness.
Most cases so far have targeted businesses, but at least one family received a faked voicemail pretending to be their daughter, who was away on a ski trip. It could be a scary call to receive, but it’s essential to slow down and not let the emotionally-charged scam trick you.
Fortunately, Lee says you can check by simply hanging up and calling the person back to double-check. Another option would be to ask the person supposedly calling you a couple of questions that only they would know or create a code phrase to use in such a circumstance ahead of time.
AI is advancing at lightning speed and new threats of every kind are developing every day. Still, today, as it was 100 years ago, remembering to be cautious and suspicious is the key first step in keeping yourself safe abroad.