1. Make Sure Your Devices and Web Browsers Are Up-to-DateExploit kits are capable of leveraging vulnerabilities to install ransomware and other baddies onto unpatched devices. To protect against those threats, it's important you implement all operating system updates on your laptops, smartphones, and other devices you want to take on vacation. You should apply these fixes before you even set foot outside of your home. The patching process doesn't end there, however. Infosec analyst Yasin Soliman explains:
"Don't forget to check the browser software installed on your devices. The ever-increasing uptick of web-based services for work and play means it's vital that your web browser remains safe and secure when traveling."Soliman recommends you take a peek at our browsers' About section or Settings page to verify that everything's in order.
3. Don't Overshare on Social MediaYou shouldn't check the state of only your web browser before leaving on vacation. David Shipley, CEO of Beauceron Security, reveals it's also important to review your social media settings:
"According to aggregate data we’ve collected from numerous sites, two-thirds of all employees use social media, but nearly a third of those employees don’t review their social media security and privacy settings at least once a year. That puts their friends, family, and employer at a higher risk from business e-mail compromise (BEC) scams where criminals can use information such as trips or travel or gain insights into how you write to make their fraud attempts more realistic and plausible. It also puts friends and family at higher risk of wire transfer fraud through traveler-in-distress scams."To help protect you and your loved ones, Tripwire's Chris Morgan has some helpful social media tips for when you're away:
"When people go on vacation, they oftentimes post about their trip on their social media in real-time. It makes sense because travel can be a unique and fun experience, and people want to share it right away with their family and friends. The potential downside is that in the process of doing this, they are also telling the rest of the world they are not home. The more specific the information posted, the higher the possible risk of people trying to break into your home and steal your belongings. People may not think it’s a big deal since they’re only posting for their friends and family to see, but how many people out there have hundreds of 'friends' on Facebook? How many times do people post on Facebook about the trip they are on and make the post public for the entire world to see? Your close friends and family may be trustworthy, but how far do your posts reach? If you’re going to post on social media while on a trip, consider three things: the audience that can potentially see your posts, what information you share about your trip, and what/who you’re leaving unattended during your absence."It's important that you also enable two-factor authentication (2FA) on all social accounts that allow it. Doing so will protect your accounts even in the event a bad actor gains access to your login credentials. For general tips on how to securely navigate the world of social networking, click here.
3. Keep Your Paper Documents CloseYour whereabouts and the status of your home aren't the only things you should guard closely while you're living up summer break. You also need to keep a close eye on all paper documents so that they don't fall into the wrong hands. Morgan highlights how travelers tend to lose one paper document containing sensitive personal information in particular:
"While we may be more careful about things like public Wi-Fi, passwords, and keeping our technology devices properly updated when we travel, we may pay less attention to what may be right in our pocket when we fly – our boarding pass. Once you’re sitting on the plane, why would you still need your pass? Many of us have left our boarding pass in the seat pocket, in the taxi, or in the hotel. However, you may want to think twice before leaving your boarding pass where someone can find it. Research shows that hidden in the barcode on the boarding pass is personally identifiable information. This article by Brian Krebs expands on the topic."Are you now worried about losing your boarding pass? Not to worry! With most major airlines, you can use their mobile boarding pass app instead. Just make sure you follow these tips to keep your mobile device safe in the event something happens to it.
4. Secure Your Wi-Fi Routers – Then Shut Them Down!Once you know which devices you'll be taking with you on vacation, you should turn off all the ones you'll be leaving behind. Bob Loihl, principal software engineer at Tripwire, explains why:
"It’s harder to hack a device that isn’t available, and it saves you a few cents on your power bill! Additionally, devices that are compromised can’t participate in botnets or send out audio and video footage of your empty home."If family or friends intend to stay behind at your home, you should make sure your Wi-Fi router is secure. Unfortunately, this recommendation is more often said than done. Bob Covello, information security analyst at Security Cove, reflects on this sad state of affairs:
"Most homeowners do not practice good Wi-Fi hygiene such as SSID cloaking and MAC filtering, so that leaves the Wi-Fi wide open to anyone who can guess the password (which is usually a trivial event) and subsequently log on while you are away. This of course makes me wonder: when you are home, would you know if someone was using your Wi-Fi? Perhaps now is a good time to check that."Also, don't forget to turn off all unnecessary Internet of Things (IoT) devices. Don't worry: Alexa will be there when you get home. When you do arrive back, it might be worth looking into the extent to which virtual assistants keep your information private.
5. Don't Use GPS All the TimeWhen you officially embark on vacation, you'll no doubt want to visit lots of places you've never seen before. But don't let your excitement get the better of your security awareness. No matter where you are, you shouldn't leave your mobile device's GPS turned on indefinitely. Information security writer Kim Crawley elaborates on this point further:
"While on holiday, only turn GPS on your phone or tablet when you need to use it. Not only will you save your battery; you'll also be more difficult for an attacker to geolocate. This advice also applies to when you're not on holiday. There are a lot of websites, apps, and online services these days that'll ask for your geolocation to be enabled. Never enable it unless you absolutely must."Sure, lots of the services referenced by Crawley might just be looking to optimize web ads. But some of them could use or sell your location data for more nefarious purposes. Don't leave it to chance; turn off your GPS.
6. Avoid USB OutletsMany hotels and other organizations in the hospitality industry have installed USB outlets for travelers to charge their devices. Notwithstanding the convenience, charging your device via one of these might not be the best idea. Tracy Z. Maleeff, owner of Sherpa Intelligence LLC, gives a reason why:
"These ubiquitous ports could possibly do harm to your devices rather than just charge them. Unlike a regular outlet plug, charging via a USB plug could result in a transfer of data from the port to your device. Why risk having malware loaded onto your device when you only wanted a charge?"To make sure you're protected, you should plan your charging sessions strategically. Specifically, you should bring a phone charger and plug it into a regular wall outlet. Try to avoid those USB outlets as much as possible.
7. Follow Basic Security HygieneIn addition to following the previous steps, you should implement some important security best practices. David Jamieson, member of Tripwire's South Central mid-enterprise account team, lists a few principles to keep in mind:
"If ever there is a time to encrypt your laptop, ensure your files are backed up or stored in the cloud, turn on your firewall, confirm your anti-virus and anti-malware applications are up-to-date, and use complex passwords for your web accounts, THIS IS THE TIME. Criminals do NOT let down their guard; rather, they constantly work hard to steal from us."Information security manager Angus Macrae has a few more recommendations to add when it comes to using the Internet and public Wi-Fi:
"If using public Wi-Fi, try and seek a reputable and secured one requiring authentication but still use a personal VPN. Also, avoid using public internet terminals for anything but the most benign and non-identifiable browsing."That is to say, don't use public Wi-Fi or a public web terminal for personal finance, shopping, or anything else that could expose your personal and/or financial information. You know not to do this in your daily life. There's no reason you should make an exception for when you're on vacation.