Most people tend to be quite good about basic safety precautions when they travel. We lock our valuables in the safe at the hotel, we swing our backpacks to the front when taking a crowded metro, and we recognize tourist scams. However, very few people are aware of cybersecurity threats they might encounter on the road.
This is ironic, because, in this day and age, there are just as many online threats as there are offline threats. Here’s how to protect your data privacy and security next time you travel
1. Beware of the dangers of public Wi-Fi
Bad news for frequent travelers and digital nomads: public Wi-Fi is extremely dangerous for your devices. Open networks, such as in cafes, airports or on the bus, are generally unencrypted. That means that all the information you’re transferring between your computer and the server is available to everybody on the network. Hackers can quite easily intercept the communication between your device and the network to steal your passwords, credit card information, and anything else of value.
On top of that, touristy areas are ridden with fake Wi-Fi networks. Those are set up by hackers and masquerade as the city council Wi-Fi or something equally innocent. Connect to one of those and you can be sure that someone is spying on your online activities.
So what do you do if you need to look up directions on the road? Go back to the good old paper map? Not necessarily. One solution is always to get a SIM card when you travel abroad and rely on your own data. Alternatively, you can also protect your device with a Wi-Fi VPN. VPN, or virtual private network, re-directs all your traffic through an encrypted tunnel. That way, hackers and the internet service provider can’t spy on your browsing activity, even when you’re connected to a fake network. If you have to use public Wi-Fi, make sure to always turn on a VPN.
2. Watch out for fake apps
In preparation for your trip, you might be downloading useful travel apps. Generally, that’s a great idea but remember to think twice before you hit that “download” button. There are plenty of fake apps on the market, designed to sneak a virus onto your phone. Even though Google has stringent security testing, the Play Store isn’t entirely safe. Colouring book apps, power boosters, and flashlight apps were among the innocent-looking software that actually contained malware.
Free VPNs are often among high-risk apps. Yes, I just told you to download a VPN to encrypt your traffic, but that doesn’t mean any VPN will do. The market is flooded with fake or malicious free VPN apps that either don’t really work or sneak a virus onto your phone. Make sure to do some research beforehand and choose a quality provider!
3. Keep your files safe
Border control asking you to hand in your phone for a check-up sounds like dystopian future. Unfortunately, this is now the reality in New Zealand. As of last year, New Zealand border customs can fine you if you refuse to give them your phone and passwords. A similar law also exists in Australia.
If you care about your privacy and data security, you should backup all your sensitive information and delete it from your devices before you hit the road. And not just when traveling to Australia and New Zealand. Your devices might fall into unauthorized hands anywhere you go, and you definitely don’t want passport scans or intimate photos to be there when they do.
Cloud storage isn’t foolproof, so personally, I’d recommend buying a hard drive and uploading your files there. Whether it’s border control or a thief who stole your phone, they won’t be able to access your data if it’s safely stored away at your home.
Will other countries follow suit and force travelers to hand over their phones at the border? The US is certainly flirting with the idea. There have been reports of trvelers being asked to unlock their phones for border agents. If you want to be on the safe side, check up-to-date regulations in your destination of choice before you travel.
4. Book hotels with https encrypted sites
Want to hear something terrifying? Two in three hotel websites leak guest booking details, according to this study. The leaked information included: full name, email address, postal address, mobile phone number, last four digits of credit card, card type, and expiration date, and passport number. The researcher found that the booking data stays online even if the reservation has been canceled or after a stay has been completed. This grants the hacker a large time frame to steal personal information.
The vulnerability happened when guests received an automatic confirmation link with all their booking details. Those links were hosted at HTTP instead of HTTPS, which is the encrypted extension. If you want to check if the booking website you’re using exposes you to hacking attacks, re-visit your old booking confirmation links and check if they use HTTPS. You can also research if the site you use has been involved in a data breach before.
5. Is your e-passport secure?
E-passports sound great. The issuing, renewal, and replacement of passports are more efficient, saving costs to government. And if you own one, you already know the benefits for travelers: you can skip the lines at man-operated gates by going through the quick automatic border control. So far, so good.
However, e-passports also pose challenges to cybersecurity. Particularly in African countries, concerns have been raised about how travelers’ sensitive data will be collected and stored. A poorly-protected ecosystem of citizen data could be a prime hacking target. Just think of all those possibilities for identity theft!
We don’t have much choice in whether our country switches to e-passports or not and how they enforce cybersecurity. But it’s still good to know about the risks and educate yourself on how you can take part in your national data advocacy at home.
Next time you travel
Hopefully, this article showed you that cybersecurity isn’t just a concept for IT pros. Anyone with basic computer literacy can take easy steps to ensure their devices are safe. We’re not talking here about protecting yourself from a targeted hacker attack: not even some of the biggest corporations in the world can do that! But most cybercriminals and online scamers go for low-hanging fruit and take advantage of easy backdoors. If you follow basic cybersecurity hygene, you will be safe from most common attacks.
Big thank you to Jeff Anderson from TechWarn for this post.