<< Back to article Print this page Loading page, please wait...

Beef up your security and avoid being a victim on vacation this summer

Grant Hatchimonji (CSO (US))
09 July, 2014 07:39

It's summer, so chances are good that you're planning on taking a trip sometime in the next couple of months. While the prospect is exciting, it can also be daunting for those who aren't sufficiently prepared to protect themselves and their assets while they're traveling.

"When people go away on vacation, it's more likely that they'll be the target of an attack," says Ryan Jones, a managing consultant for Lares. "Is it a guarantee? Of course not. But it's more likely."

[Phishing, football and frauds: 15 ways to safeguard yourself during the World Cup]

The likelihood of an attack increases both as a result of the fact that people are away from home and because of risky behavior on the vacation itself. It doesn't help that in this day and age, people also have a tendency to overshare on social media, says Jerry Irvine, CIO of Prescient Solutions.

"A number of people today are breached, physically or electronically, as a result of placing their vacation plans or info online," he says.

Jones concurs, stressing that using social media to announce your vacation plans is especially detrimental to the safety of the home you're leaving behind. "Their house is empty for a while and they talk about it on social networks, so if someone is paying attention, they know what house is empty and when," he says.

Aside from not getting carried away on Facebook, Jones says that there are plenty of measures people can take to protect their homes in their absence, ranging from the basic to more involved techniques. Simple measures, like having somebody pick up your mail and newspaper or placing your lights on timers, go a long way.

But for the more technologically savvy crowd, there are also a number of home camera and alarm systems that people can equip their homes with, and those systems will in turn alert their phones in the event of a break in. Many of these security options also allow users to turn lights on and off, as well as lock and unlock doors (which can also be used to create the illusion that people are home).

"These systems have motion trackers so if a door opens, it sends a message or a video to your phone saying, 'Hey, this just happened, here's a picture of it, do we alert your friends, call the police, etc.,'" says Jones. "I'm at the point that that I prefer those over [traditional] home monitor alarms."

That being said, such systems can, in their own way, introduce even more risk to the equation.

"The problem is, if someone steals your phone or PC and has access, now they can turn off the alarm and go in there," says Irvine. "Internet-connected protection measures like that are great if you protect the devices you control them with. If you don't, they're just another vulnerability."

Jones adds, "Your phone is now just as important, if not moreso, than your wallet. Phones are opening cars, storing cards, and controlling home automation systems for your security. You can't just leave it lying around, like I've seen people do on a daily basis."

[Slideshow: 21 more crazy things the TSA has found on travelers]

Jones goes on to tell a story about one victim that he was familiar with who had their phone stolen, but the thief was clever enough to disable the cellular network and keep it off Wi-Fi at all times. This effectively crippled the victim's ability to remotely wipe all of the important and sensitive data that was kept on the phone (and that it had access to).

"Phones are easy enough to get replaced, but not the easiest thing to track down, remotely wipe, and make sure it isn't used against you," he says. "So if you do lose your phone, and you're sure it's gone, you need to take those steps to make sure you wipe it quick."

On the road

Common sense prevails when considering security and safety while choosing vacation destinations. Going to certain areas, as far as the experts are concerned, is just asking for trouble.

"It's no secret that if you're going to somewhere in the Baltic states -- or even Brazil with the World Cup right now -- you're going to be a bigger target," says Irvine. "During the [Winter] Olympics in Russia, there was a statistic that said that people using a publicly accessible network would be hacked in something like 10 seconds."

He went on to say that, aside from specific geographical locations, there are also certain types of areas that should be avoided if possible, at least in terms of establishing an internet connection there. Open areas like coffee shops, airports, and train stations are all high risk areas. People also need to be cautious of automatically connecting to public networks; Irvine says that attackers have taken to setting up their own Wi-Fi networks and naming them after the location (e.g. the name of a local coffee shop), thereby giving them access to your machine when it connects.

Regardless of where you choose to go, at least make sure that you know the area well. When it comes to protecting your possessions, Jones says that awareness and knowledge of your surroundings are key.

"People lose their phones and get their pockets picked when they're in areas they don't know and they don't think about it and they're relaxed," he says. "People often don't pay attention to their surroundings or what part of the neighborhood they're in."

Part of the reason awareness is important is because you're less likely to draw attention to yourself as a tourist. Attackers can single you out as an easy target if it's immediately apparent that you're from out of town.

"Making yourself stand out as a tourist will leave you susceptible to an attack," says Jones. "Blend in, and be aware of your surroundings. Standing there with a physical map or with your phone out to make sure you're going the right way, wearing a fanny pack or a camera, dressing out of place, being in a neighborhood and asking a lot of questions...all of these things make you stand out."

[Experts warn of Russian spying, hackers at Sochi Olympics]

That's not to say that you can't ask questions or go somewhere that you've never been. It's just that there are safe ways to do so. If you are lost or have any inquiries, pick somewhere you can trust, like a store or a police station. If you don't know how to get from point A to point B, take a cab. As Jones says, it's "cheaper than getting mugged."

"You're not at home, so stop acting like you're at home," says Jones. "You can have fun, but you can be safe at the same time."

There are a number of options to secure yourself on the road from both a physical and cyber perspective. Some of the ways travelers can steer clear of attackers are fairly obvious. Keeping your wallet in your front pocket and locking up valuables like passports, jewelry, and computers in hotels safes is a convenient way to protect your valuables while you're on vacation. Plus, it makes you more conspicuous to potential criminals.

"Cellphones, cameras, watches...all those things that people wear and don't pay attention to the fact that they're wearing, they attract attention," says Jones. "If you're in a bad part of town with your laptop in a bag and watch on and a cell phone on you, people are going to notice that sort of thing."

Locking up electronics can go a long way in preventing cyberattacks too, says Irvine, who points out that people should be sure to use complex codes ("Not '1234,'" he says) when locking up valuables in safes.

"People think that hacking is just an issue with what you can do on computers and cellphones," says Irvine. "It's not. It's just a matter of access. People who leave their computers [unprotected] in their room or in their bags while at the beach, these things are going to be easily accessible.

Protecting yourself from more traditional forms of cyberattacks is just as important, though. Don't leave your Bluetooth or Wi-Fi on if you're not using it. If you're communicating with your company's network, only do so via VPN. Machines containing sensitive data -- both PCs and mobile devices -- should all be encrypted, as well.

"Encrypt anything mobile," says Jones. "When it comes to smartphones and microSD cards, there are built-in ways to do that. Full drive encryption on laptops and tablets is good too, it's just a safe bet."

[6 tips for smartphone privacy and security]

And it's easy, too. Irvine points out, "These measures used to be much more difficult to do just a couple of years ago; certain software didn't work well with VPN, encryption caused lots of problems on individual computers. Today, the software across all platforms is much stronger and easier to use, and cellphones can be encrypted once you put in a PIN."

The PINs (or passwords) themselves are worth setting up too, so long as they're alphanumeric and greater than 10 characters. It won't stop hackers, but it will at least slow them down. Even if it's for just the duration of your vacation, says Jones, they're worth setting up.

"Don't just have your computer turn on and login to Windows," he says. "Tablets and phones, same thing. Use facial recognition, swipe, or a number combo for entry. If you don't want to use it when you get home, that's fine. But don't just leave your stuff open while you're gone."

If you're actually using your device -- rather than just leaving it behind -- avoiding Wi-Fi or wired networks in your hotel room, can lower the odds of an attack greatly.

"They're all shared networks," says Irvine. "Everybody who gets on them can see what you do."

One might be tempted to think that an attractive alternative would be to use the hotel's business center instead, assuming that the facility is equipped with one. The reality, however, is that they may be just as risky -- if not more so -- than the internet connection in your room given that the process involves a shared machine.

"The data that you've typed into the computer, it can be saved using a keylogger," says Irvine. "And most of [the business centers] that I've seen, they don't wipe the information after a person uses it. Anybody who wants to can go back into the PC and look at user IDs, passwords...they can grab that info and use it."

Instead, Irvine proposes that people use their own network instead of somebody else's. People can tether their PCs to their phones and use their mobile data connection to gain internet access so other people can't eavesdrop on their activity. If they don't have that option, he says, they should at the very least ensure that all communications are done using HTTPS.

[Culture clash: How physical security is impacted by social norms]

The best way to protect yourself, however, is to simply abstain from taking risks in the first place.

"You should always avoid using any kind of personally identifiable information when on any public network," says Irvine, reiterating that people should use their own networks. "You just shouldn't do it."

Jones expresses similar sentiments, stressing prevention over damage control.

"I'd rather people protect their assets and valuables the right way rather than try to monitor it," he says, adding that travelers should notify banks of their travel plans and minimize the number of banking cards they bring with them. "People won't remember to do that when they're on vacation. You don't want to have to worry about that kind of stuff, so just lock it up."