Throughout the last 15 years, we’ve all become familiar with travel security procedures–from full-body airport scanners to putting your travel-sized liquids in a separate plastic bag. But we hear a lot less about cybersecurity for travelers, especially for those who travel internationally.
When you travel for business, do you turn off Wi-Fi, or just let it connect when available? Do you use Wi-Fi at your hotel? What happens when you’re on a plane? And how can you protect the data and communications on your phone?
In honor of National Cybersecurity Awareness Month, here are my top five data security tips for global executive travelers:
- First, always use a trusted virtual private network (VPN).
- Think about what is on your computer.
- Turn on full disk encryption.
- Take certificate error messages seriously.
- Treat your phone like a computer.
Most people just arrive at their hotel, jump on Wi-Fi and start working. By doing that, you put all of your work at risk—emails, files, logins, and passwords can all be intercepted. Whether you’re in London, Beijing or Azerbaijan, a VPN will send your data through an encrypted tunnel to a trusted site from which you can then access whatever websites or internet services you want. Privately and securely.
What if someone stole your laptop or the data on it? In some parts of the world, a laptop is a premium target for thieves. Or guards at a border crossing may ask you to logon to your computer, then take away to copy all the data. If your machine holds sensitive company information—or just all your work from the past year—this could be catastrophic.
Consider having a separate laptop just for travel, and put on it only what you will need for that trip. For example, if I’m going to make a presentation at a meeting in China, I would load just that presentation on my laptop. If you don’t have the luxury of a dedicated travel laptop, you can still do what I consider to be normal data hygiene. You probably have a cloud drive available—whether Google Drive, Box, or iCloud. Make it routine to back up all your documents to the cloud, then delete the data from your local disk while you travel. When you return from your travels, it’s easy to pull down what you need from the cloud when you need it.
Every laptop comes with this capability, and it’s as simple to enable as checking a box. Just go to the Security menu in your Systems Preferences or Control Panel and turn on “File Vault.” or “Bit-locker”. All the data on your drive will then be encrypted, and decrypted again whenever you enter your password.
Sometimes attackers will try to impersonate a trusted server, such as email or VPN. In most cases the browser will warn you if this happens, because the site’s certificate isn’t signed by a trusted source. Never proceed if you get a certificate error message. If you do, you could be sending attackers your login and other information.
Your phone is also a computer. Apply steps 1-4 to your phone as well as your laptop. I have a different phone with a different SIM card that I use for international travel. Most smartphones come with VPN capabilities, and full disk encryption is automatic when you set up a passcode.
At Uptake, we make data security our first priority. And that doesn’t stop when we travel. While new security technology continues to make it harder for attackers, human carelessness remains the weak link. Don’t be the weak link in your company’s security program.
Nick Percoco is Chief Information Security Officer at Uptake.