Marie White, Founder, CEO & President, Security Mentor.
Are you planning your first vacation since the pandemic started -- maybe for spring break or a summer vacation? Make sure to include cybersecurity as part of your vacation preparations, as well as on your trip. Let our two-part vacation blog series be a guide to help you get started. In "How to Keep Your Vacation Cyber Safe and Stress Free - Part I, we cover 10 cyber security actions to take before you travel or go on vacation. Follow these cybersecurity travel tips not only for yourself, but for your spouse and children.
Your Vacation Cybersecurity Checklist – 10 Tips Before You Go
- Check Your Device Cybersecurity. Cyber attacks are often made against unprotected or out-of-date systems. Run anti-malware software and turn on the firewall. Update your laptop, tablet, and mobile phone operating systems to the latest version. Likewise, update your application software to the latest version including office suites, security software and browsers. Finally, be sure that you have turned off file and network sharing.
- Encrypt Your Devices. Encryption protects your information if your device is lost or stolen. Enable full disk encryption (e.g., BitLocker for Windows and FileVault for Macs or using a custom encryption application like VeraCrypt). For iPhones and iPads, turn on the passcode to enable device encryption. For Android your devices, check with the specific manufacturer for that model.
- Use a VPN. Virtual Private Networks (VPNs) provide end-to-end encryption on public networks enabling using to securely send and receive information. However, choose your VPN wisely. Some VPNs have poor privacy and security Free VPNs have even found to contain malware. My best advice is to use a VPN from a reputable provider that also is open about its security and privacy practices. Once your VPN is installed use it all the time.
- Prepare Your Mobile Device. For mobile phones and tablets, be sure to update all your apps before leaving. Turn on the feature to be able to track your mobile device (“Find My” on Apple and "Find My Device" on Android) if it is lost or stolen, and remember to test that it works before you leave.
- Use Strong Passwords. Ensure that you have a unique, strong password to authenticate to each device you use. If you don't, change it before you travel. For added convenience and security, use biometric authentication (e.g., fingerprint or facial authentication) when available. Store your passwords in an encrypted password manager from a reputable vendor. Not all passwords managers are equal so do your research, a vulnerable password manager could put your information at risk instead of protecting it. A final reminder, never write down passwords and carry them, either on your person or in your luggage.
- Protect Web Accounts with 2FA. As with personal devices, use unique, strong passwords for each website that you will log in to while traveling. Enable 2FA (two-factor authentication) whenever it is an option. 2FA makes it much harder for hackers to steal passwords. However, using SMS 2FA can be risky. A better alternative is to use an authenticator app such as Twilio Authy, LastPass Authenticator, Microsoft Authenticator, Duo, or Google Authenticator.
- Disable WiFi Automatically Connecting. Your devices can put you at risk by auto-connecting to malicious or insecure WiFi hotspots, which can even be made to look like the legitimate ones you trust. Instead, turn off auto-connect to WiFi on your devices. When you travel, manually choose the networks that you will connect to.
- Watch Out for Phishing and Other Social Engineering Attacks. Phishers know that people are traveling so they craft convincing phishing messages to scam you into exposing private information. Carefully look at the sender of message. Avoid clicking on links and attachments. Instead, go directly to the airlines, hotel, or other travel provider. Another way to avoid social engineering attacks is to keep your travel plans off social media until you return. Criminals look at social media to stake out potential places to burglarize.
- Turn Off Unnecessarily Exposing Your Location. A 2021 study found that 40% of apps ask to monitor your location. Instead, for privacy and personal security, only enable location tracking in apps that require it and then only if you deem it is a legitimate reason. Otherwise, don't use that app, choose an alternative app. If you do allow location monitoring, set it to only be enabled when you are using the app.
- Backup data. Finally, before you leave, backup your data to an external storage device or the cloud. If the data is sensitive, be sure to encrypt your backups. Leave backups at home so they don't get stolen or damaged. Always test your backups to be sure they are recoverable.
If you follow these tips, you will be ready to start your vacation securely. Best to do them well in advance, you'll be rushed just before you leave and will likely decide that they can be left undone, which could be a huge mistake.
In Part II of How to Keep Your Vacation Cyber Safe and Stress Free, we'll share cybersecurity tips on what you can do while you're on vacation.