Traveling is stressful, even when things go smoothly. Your routine is disrupted, you are in an unfamiliar place, and there is a good chance you are not as well-rested as usual. This can make you less vigilant about your cybersecurity, and if you don’t speak the local language, you may have trouble getting the information you need to make an informed decision.
These factors mean that semi-public places such as airports are also a hacker’s best friend. When you are focused on making your connecting flight, figuring out what happened to your luggage, or trying to determine where your new gate is, your usual cybersecurity best practices may no longer be top-of-mind, and hackers and other cybercriminals will try to take advantage of this.
Potential Threats & Traps
False Sense of Security
Airports, in particular, offer a false sense of security. After all, you had to be processed by security before entering, so logically an airport would be safer than other public places such as shopping malls or bus depots where just anyone can walk in.
However, while airport security is concerned about cybersecurity, their main focus is protecting the airport and airlines from external threats. As such, cybercriminals may be able to operate undetected within the secure area of the airport and take advantage of the chaos of traveling to snare unsuspecting victims. USB charging ports and free wifi are two common traps that too many travelers fall for.
Free Airport Wifi
While unlimited data plans are becoming more affordable, and more common, most of us still have some a cap in place. As such, free wifi can seem like an oasis in the desert. However, while you may be tempted to connect to that “Free Airport Wifi” network, how do you actually know that network is safe?
If you don’t know, with absolute certainty, that a publicly accessible network is safe, the best course of action is to avoid connecting to it. A good mantra to follow in this situation is “when in doubt, go without”.
If you encounter anything suspicious in an airport, including a suspicious wifi network, you should alert airport security.
USB Charging Ports
More than one traveler has realized at the most inconvenient time that their phone or laptop is about to die. Whether you need to finish that report for your boss before you land, or just want to keep your kids entertained with the iPad, a dead battery can quickly turn a smooth travel experience into a rocky one.
To help travelers top up their batteries, many airports offer USB charging stations. Though you may assume it is safe to connect to these, you should be extremely wary. Hackers can and do modify chargers to log your keystrokes and steal sensitive information (including passwords) off of your phone, tablet, or laptop while it charges. While older digital devices that rely solely on power-only connections are not at risk, owners of newer models that rely on a single USB port for both charging and data transfer should avoid public USB charging ports. After all, it would be better to have to explain to your boss why you couldn’t finish that report than explain how the sensitive company information on your laptop came to be compromised, potentially exposing the entire organization to DNS spoofing or malware such as ransomware.
What You Can Do to Protect Yourself
The best thing you can do to protect yourself against cyber threats is to remain vigilant, and follow a few easy, yet highly effective, strategies.
Create a Strong Password
A strong password is necessary whether you are traveling or not, but you should be extra vigilant while in unfamiliar territory. Choosing a password that follows the NIST (National Institute of Standards and Technology) guidelines is a good place to start: Passwords should be no shorter than eight characters, avoid sequential or repetitive characters (such as 12345 or AAAAA), avoid context-specific passwords (such as passwords that include the name of the site or your name) and avoid common passwords (such as “password”).
You may also want to consider investing in a subscription to a password manager, which can help you create and store long and complex passwords that are more difficult to crack.
Use Your Hotspot
If you really need internet access for your laptop or a tablet that does not have its own data plan you should tether to your phone instead of relying on free wifi.
Disable Auto Connect
When you are away from home or the office you should disable auto-connect on your phone. This will help prevent you from inadvertently connecting to suspicious and potentially compromised wifi networks.
Invest in Battery Powered Charger
To avoid having to rely on potentially compromised USB charging stations, you should invest in a good battery powered charger. These chargers can often charge your phone or even your laptop multiple times before they require recharging, and can help ensure your journey is safe and smooth.
Keep Your Software Up to Date
When companies discover vulnerabilities in their software, they release patches to fix them, but you can only take advantage of the fix if you download the patch. Make sure your software (including both your operating system and individual apps) is fully up to date before you leave home.
Recently patched software is also a target for cybercriminals, who know that not everyone will be vigilant about downloading the patch right away. This means that cybercriminals will specifically try and exploit recently patched cybersecurity holes in the hopes of gaining access to private and sensitive information.
Disable Unnecessary Connectivity
Your Bluetooth connection and hotspot should only be active if you are currently using them. Turning off your Bluetooth and hotspot when they aren’t in use helps ensure that your digital devices remain secure by cutting off potential paths that cybercriminals can use to gain unauthorized access.
Keep an Eye Out for Unusual Activity
Avoid using your debit card while traveling, and stick to cash for smaller purchases and credit cards for larger ones. Credit card companies provide fraud protection, which means that if you are compromised, you are much less likely to be on the hook for unauthorized purchases. While cash is ultimately the safest form of payment from a cybersecurity perspective, carrying large quantities of cash comes with its own safety hazards.
You should check your credit card statements regularly while traveling, and keep an eye out for any suspicious transactions. If you do discover something fishy, you should report the suspicious activity to your credit card company right away. Suspicious activity may necessitate freezing your card, which is why you should have enough cash on hand to cover any emergencies. Your credit card company will also be able to advise you on the next steps if you have been compromised.
Whenever you visit a website, particularly one you have not visited before you should keep an eye out for a few red flags that may indicate the site is malicious. You should always be extra vigilant when visiting your bank’s website, your email, or any other site that requires you to enter sensitive information.
Poor grammar and spelling may indicate that the site is not entirely above board, and misspelled company names (particularly in the URL) are a huge red flag. Cybercriminals know that humans make mistakes, and a transposed or missed letter could land you on a site that looks like your bank’s website but isn’t (a common form of phishing). If you don’t catch this ruse before you enter your credit card information, password, or other personal information you may have just inadvertently handed over sensitive information to cybercriminals.
When visiting a website, take a moment to look at the URL. To the left of the URL, there should be a little padlock. This padlock indicates that your connection is encrypted, meaning that any information you enter onto the website will go directly to the intended recipient. This prevents man-in-the-middle attacks, which are used by cybercriminals to exploit weaknesses in websites and intercept their traffic, including your personal information and passwords. While some web browsers may flash a warning on the screen when you attempt to go to an unsecured site, this is not always the case, so it is up to you to ensure that if you do stumble upon a suspicious site, you exit it as soon as possible.
These simple, yet effective, strategies can help you safeguard your personal information against cybercriminals both while traveling and while at home. If your line of work involves a lot of business travel, your company may want to consider talking to their MSSP (Managed Security Service Provider) about infrastructure changes (such as virtual private networks) and employee training that can help ensure sensitive information remains secure when employees need to work remotely.
By remaining vigilant and avoiding activities that could leave your digital devices exposed, you can help ensure that the only unexpected bumps on your trip come from airplane turbulence. Bon voyage!