It’s prime vacation season in the Northern Hemisphere, and in some countries, August isn’t just a month when some people take some days off, but a period of extended family holidays, often involving weeks away from home or on the road.
The good news, of course, is that if you’ve had to work from home over the past two years, you’re probably better informed about outside-the-office cybersecurity than ever.
The bad news, however, is that although working from home generally offers less “IT shelter” than working from work, and has therefore taught a lot of us plenty about cybersecurity that we didn’t know before…
…your home network almost certainly provides much more IT shelter than you’ll get while you’re on the road, especially if you’re bursting to set off on a vacation you’ve been waiting nearly three years to enjoy!
So, we decided to answer the most common travel questions that people either [a] worry about instead of informing themselves before they set off, or [b] don’t think about at all until it’s too late.
Here you are – have fun, but travel safely!
Q1. Should I make a backup before I set off?
A1. Yes. We suspect that you’re more likely to lose or damage a phone or laptop (or, worse, have it stolen) while traveling than while working from home or in the office.
Remember the simple but effective Sophos Naked Security saying: “The only backup you will ever regret is the one you didn’t make.”
Backing everything up reliably before you set off also means you are free to strip down the amount of digital content you keep loaded on your devices, and thus to reduce the quantity of data you might have to declare or reveal at a border crossing. (See Q3.)
Q2. Should I encrypt my laptop and my mobile phone?
A2. Yes. Most modern mobile phones come pre-encrypted, but the encryption depends on having a decent lock code, which is used to access the underlying encryption and decryption keys.
Don’t settle for an easy lock code for traveling, just in case you get into a crisis and think you might forget it.
Pick a nice, long lock code (we recommend 10 digits or more, and we don’t mean
00000 00000 or
12345 12345), and practice using it regularly for a few days before you leave, until you can remember it easily.
Q3. Should I be worried about crossing national borders?
A3. Worrying will get you nowhere. Don’t be worried, be prepared.
Many countries with border checks reserve the right to ask you to unlock your electronic devices as a condition of entry, and to let them have a look. Some countries may even ask to make what’s called a forensic copy, meaning they copy every sector off the device, even disk sectors containing data you previously deleted. (This can take quite a while, so it could turn a 10-minute border crossing into a multi-hour delay.)
Some countries ask you to state not merely your home address and your phone number, but also to hand over your email and social media addresses, too.
You’re almost certainly entitled to refuse to provide that sort of detail, but in return you should assume that the country you’re trying to enter will refuse to admit you – it’s very much a case of “My Kitchen, My Rules.”
So, prepare yourself before you go by checking up on the entry requirements of anywhere you’re planning to visit. If you don’t like the conditions, then either don’t go there, or don’t take all your electronic devices or all your data with you.
Q4. Should I use public Wi-Fi when I’m on the road?
A4. If you want. The dangers of public Wi-Fi are often over-exaggerated, and can largely be avoided if you stick to apps with proper encryption, and if you only use websites with URLs that start
https://, short for “secure HTTP”. This scrambles the data before it leaves your laptop or phone, and (in theory) only unscrambles it after it reaches the other end. Computers in between can’t easily snoop on or sneakily alter the data going back and forth.
However, if you access services in the country you are visiting that demand you to install a special digital certificate (for example, “for security or regulatory reasons”), this means your browsing almost certainly can be spied upon while you’re there, and even after you get back home.
If you don’t like using public Wi-Fi, consider buying a local SIM card with a pre-paid data plan for the duration of your visit. But remember that most countries require their telephone providers to have so-called lawful interception facilities, so a mobile data plan isn’t anonymous just because you bought a “burner” SIM card at a convenience store.
Q5. Should I use kiosk PCs in airports or hotels?
A5. No. We strongly suggest that you don’t, unless you can’t avoid it. (If it’s unavoidable, limit your logins and how much data you expose as much as you can. For example, if you need to use a hotel kiosk PC to print off a boarding card before leaving for the airport, don’t check your Facebook account at the same time!)
The problem with kiosks is not just that you have to trust the company that runs them, e.g. the hotel or the airport operator, and every techie who services them, but also everyone else who’s used those kiosk computers before you and could have meddled with them.
Unlike a hacked Wi-Fi access point, which can only sniff out data (hopefully encrypted) between you and its destination, a hacked kiosk PC may have unfettered access to all the data you send and receive during the period that it’s unencrypted, could be tracking every keystroke you type, could take screenshots of everything you do, and could retain an exact copy of everything you print.
Q6. What about spycams in hotel rooms and Airbnbs?
A6. We can answer that partially, but not with the simplicity and the precision you would probably like.
Unfortunately, spycams hidden in guest quarters are a real thing, and in the pre-pandemic year of 2019, we wrote about three different incidents where guests found “peeping Tom” cameras in their rooms: at a farm work hostel in Australia; at an Airbnb house in Ireland; and in a South Korean hotel. (In the first and last of those cases, we’re pleased to say, the perpetrators were arrested and charged.)
Sometimes, hidden cameras are fairly easy to spot if you search your room or rooms carefully. But spycams can be tiny enough to hide almost anywhere, and they won’t always show up on the property’s public Wi-Fi network.
Sadly, this means that not finding a spy camera doesn’t mean there isn’t one.
All we can advise is this:
To reduce the risk of being recorded while typing in passwords or lock codes, shield your keyboard or phone when entering critical data whenever you are in locations you don’t trust fully, just as you do (or should do) when using a bank ATM (cash machine) or a payment terminal in a shop.
Q7. What if I want to take my work laptop along?
A7. We can’t answer that. Only your work can, so the simple answer is, “Ask.”
If they say “No”, that’s that. Leave it behind, perhaps even locked up at work.
If they say “Yes”, they are likely to ask you where you’re going and then hand out advice (or specific requirements) for your chosen destination.
Take their advice. After all, if the company thinks its data might be at extra risk in the country you’re visiting, then your personal data will almost certainly be at extra risk too. So, treat work’s advice as a benefit, not a hindrance!
The bottom line:
In short, have fun, but don’t take more devices or data than you need, read up on any privacy and surveillance rules at your destination before you set off, and be aware of your surroundings when entering personal data.
Remember: If in doubt/Don’t give it out.
And: If your life’s on your phone/Why not leave it at home?
Buying a cheap phone that’s good enough for your vacation may end up costing less than the first round of beachfront cocktails you’re looking forward when you get there…
This content was originally published here.