When you’re traveling, whether it’s to the next town over, or to the other side of the world, there are some important digital security tips to keep in mind. Let’s start with a few things about mobile devices, like phones and tablets. It’s a good idea to set a passcode on your devices. Ideally, one that’s longer than just four or six numbers, in case the device is lost. Setting a strong passcode helps to protect data on your device from being accessed by anyone who finds it. Some devices also allow a fingerprint, or other biometric access, and this can be a good thing to enable as well, so you don’t have to type in your passcode every time you use the device.
Be sure to backup your device before you travel, in case it’s lost and you need to restore your information to a new device. Important information should never only be in one place, at least not for very long. So be sure to make a backup of your device, either on a computer or to the cloud, before you travel, and if at all possible, backup as you go, as well. Many phones will sync photos and documents you create on them to cloud storage when they’re plugged into power and connected to WiFi. When I travel, I like to keep a copy of my itinerary, any confirmations or passes, emergency contact information, and things like that synced to a folder in a cloud storage app.
And also keep that folder marked for offline access. So, if I need to access documents without internet, they’ll be on my device. But if I lose my phone, I’ll still be able to access that information from another device, or through the cloud storage site’s webpage. Something else to keep in mind with mobile devices is how you charge them in public places. Lots of airports, restaurants, and other places offer USB ports, instead of regular power plugs to charge mobile devices. I even saw a public bench in Croatia one time, that had USB charging ports. Pretty convenient.
But USB ports are used for data in addition to power. And if the port is attached to a computer, there is a chance that it could access data on your phone. Most phone operating systems are helpful about warning you about this. If you plug your phone into a computer, you’ll see a notification. And if you plug your phone into what looks like a power port, and you see a warning about granting access, it can mean there’s a computer, not just a power adapter on the other end of that charging port. So, if you do use a public USB power port, watch carefully for how it works. Or, better yet, get one of those handy portable batteries, or a cable or adapter that’s designed to only allow the power pins and not the data pins to connect.
It’s also a good idea to avoid pairing your phone with a rental car’s Bluetooth. Some of the in-car entertainment systems try to sync contacts from the phone, which is handy if the car is yours, but who knows if they get erased when you hand your car back in. Stick with an AUX cable, or carry your own combination charger and Bluetooth audio device. That way, you don’t have to deal with pairing an unfamiliar device, and you’ll have a way to charge your phone in the car as well. Another tip to keep in mind is to avoid using free or open WiFi if you can. Publicly available WiFi generally comes in two flavors.
The kind you sign in with a password to use, and the kind that’s just available, open to everyone, just by tapping on the network name. The kind you sign into, like the kind you find at some coffee shops, airports, and hotels, often has a security indicator, and looks secure. But the security indicator you see with WiFi networks just means that the connection between your device and whatever hardware is providing the network is encrypted. It doesn’t make any guarantees about what the device does with your traffic, or even that it’s an official network device. It’s pretty easy to set up a fake wireless network with the same name as an official one.
And without a lot of technical digging, it’s pretty much impossible to tell which is which. And sometimes, even official public WiFi portals will ask for personal information, like an email address, phone number, or require Facebook, or another social login to get access. Aside from being creepy, who knows what they’ll use that information for, or who they’ll sell it to. And the kind of network that doesn’t ask for any security information to connect to it, which devices often show as insecure, are even less trustworthy. Anyone can set up an open access point, and see any traffic from any device connected to it.
Many of these networks, most of them even, are probably just fine to use, but the point here is that you can’t be sure. So I recommend that you avoid public WiFi unless you absolutely must use it. And then you should use a VPN to help protect yourself. Even a slow mobile data connection is more secure than untrusted WiFi. When I travel, I like to let my phone do it’s backup overnight, by connecting to my hotel’s WiFi, making sure my VPN software is connected, and then plugging it into power and putting the device to sleep. That way, I get my daily backup done through a secure channel while I sleep.
There are a lot of things to look out for when you’re traveling, but one I want to mention here is shared computers, like you find in a hotel, airport, or internet cafe. Some places offer publicly accessible computers in case you need to check email, do something on social media, or browse the web. And it’s a nice gesture, but these can be real security risks. In many cases, these computers are running an older operating system, and may not have the latest antivirus, anti-malware, and other best practices applied. I’m sure many do, but it also stands to reason that some don’t.
One of the risks of shared computers is the browser itself. If you do use a shared terminal, use the private browsing mode. Only use secure, trusted sites, and keep a sharp eye out for any suspicious certificate warnings, and be sure to log out of your accounts when you’re done. Also, make sure to clear the history, cache, and cookies in the browser when you’re done, just in case. Even with good browser hygiene, there’s still a risk that the system has spyware installed, or a keylogger, which could record keystrokes for your username and password. Storing them or transmitting them somewhere else to be used by someone else, to log into your accounts later.
If you do have to use a public computer, and you login to an account, it’s not a bad idea to change your password as soon as you can from a trusted device. But that’s annoying, and it’s far from perfect. So again, I’d recommend not using public computers if you can help it. Many people use mobile phones to receive security codes to login to websites. But if you’re traveling internationally, beware that you may not be able to receive these codes, and therefore not be able to login to some apps or sites. These codes are sent to your phone number, which is tied to your SIM card, and if you don’t have international cellular service, or if you’ve switched to a different SIM to access the cellular network in another location, the code won’t reach you.
Sometimes you can enroll a different hardware device or token to generate codes, but if that’s not an option for your app or site, you may actually want to consider switching off the security feature when you travel. It’s a good idea to keep a list somewhere of what sites you use that rely on this feature, but for travel, and in case you ever change your phone number and need to re-enroll to regain access. Then finally, beware of your surroundings. Be aware of where your devices are, and how visible they are, at all times. But, that’s advice that’s good even if you’re not traveling.
These tips aren’t meant to imply that the world is a dangerous place and that everyone is out to get you. In many cases, using technology while you travel is fine, and can even enhance the experience. But not everything is perfectly maintained and secured, and it can be hard to tell when it’s not. So, it’s best to control what personal information you put at risk to begin with. Stay safe out there!