Beef up your security and avoid being a victim on vacation this summer

It's summer, so chances are good that you're planning on taking a trip sometime in the next couple of months. While the prospect is exciting, it can also be daunting for those who aren't sufficiently prepared to protect themselves and their assets while they're traveling.

"When people go away on vacation, it's more likely that they'll be the target of an attack," says Ryan Jones, a managing consultant for Lares. "Is it a guarantee? Of course not. But it's more likely."

[Phishing, football and frauds: 15 ways to safeguard yourself during the World Cup]

The likelihood of an attack increases both as a result of the fact that people are away from home and because of risky behavior on the vacation itself. It doesn't help that in this day and age, people also have a tendency to overshare on social media, says Jerry Irvine, CIO of Prescient Solutions.

"A number of people today are breached, physically or electronically, as a result of placing their vacation plans or info online," he says.

Jones concurs, stressing that using social media to announce your vacation plans is especially detrimental to the safety of the home you're leaving behind. "Their house is empty for a while and they talk about it on social networks, so if someone is paying attention, they know what house is empty and when," he says.

Aside from not getting carried away on Facebook, Jones says that there are plenty of measures people can take to protect their homes in their absence, ranging from the basic to more involved techniques. Simple measures, like having somebody pick up your mail and newspaper or placing your lights on timers, go a long way.

But for the more technologically savvy crowd, there are also a number of home camera and alarm systems that people can equip their homes with, and those systems will in turn alert their phones in the event of a break in. Many of these security options also allow users to turn lights on and off, as well as lock and unlock doors (which can also be used to create the illusion that people are home).

"These systems have motion trackers so if a door opens, it sends a message or a video to your phone saying, 'Hey, this just happened, here's a picture of it, do we alert your friends, call the police, etc.,'" says Jones. "I'm at the point that that I prefer those over [traditional] home monitor alarms."

That being said, such systems can, in their own way, introduce even more risk to the equation.

"The problem is, if someone steals your phone or PC and has access, now they can turn off the alarm and go in there," says Irvine. "Internet-connected protection measures like that are great if you protect the devices you control them with. If you don't, they're just another vulnerability."

Jones adds, "Your phone is now just as important, if not moreso, than your wallet. Phones are opening cars, storing cards, and controlling home automation systems for your security. You can't just leave it lying around, like I've seen people do on a daily basis."

[Slideshow: 21 more crazy things the TSA has found on travelers]

Jones goes on to tell a story about one victim that he was familiar with who had their phone stolen, but the thief was clever enough to disable the cellular network and keep it off Wi-Fi at all times. This effectively crippled the victim's ability to remotely wipe all of the important and sensitive data that was kept on the phone (and that it had access to).

"Phones are easy enough to get replaced, but not the easiest thing to track down, remotely wipe, and make sure it isn't used against you," he says. "So if you do lose your phone, and you're sure it's gone, you need to take those steps to make sure you wipe it quick."

On the road

Common sense prevails when considering security and safety while choosing vacation destinations. Going to certain areas, as far as the experts are concerned, is just asking for trouble.

"It's no secret that if you're going to somewhere in the Baltic states -- or even Brazil with the World Cup right now -- you're going to be a bigger target," says Irvine. "During the [Winter] Olympics in Russia, there was a statistic that said that people using a publicly accessible network would be hacked in something like 10 seconds."

He went on to say that, aside from specific geographical locations, there are also certain types of areas that should be avoided if possible, at least in terms of establishing an internet connection there. Open areas like coffee shops, airports, and train stations are all high risk areas. People also need to be cautious of automatically connecting to public networks; Irvine says that attackers have taken to setting up their own Wi-Fi networks and naming them after the location (e.g. the name of a local coffee shop), thereby giving them access to your machine when it connects.

Regardless of where you choose to go, at least make sure that you know the area well. When it comes to protecting your possessions, Jones says that awareness and knowledge of your surroundings are key.

"People lose their phones and get their pockets picked when they're in areas they don't know and they don't think about it and they're relaxed," he says. "People often don't pay attention to their surroundings or what part of the neighborhood they're in."

Part of the reason awareness is important is because you're less likely to draw attention to yourself as a tourist. Attackers can single you out as an easy target if it's immediately apparent that you're from out of town.

"Making yourself stand out as a tourist will leave you susceptible to an attack," says Jones. "Blend in, and be aware of your surroundings. Standing there with a physical map or with your phone out to make sure you're going the right way, wearing a fanny pack or a camera, dressing out of place, being in a neighborhood and asking a lot of questions...all of these things make you stand out."

[Experts warn of Russian spying, hackers at Sochi Olympics]

That's not to say that you can't ask questions or go somewhere that you've never been. It's just that there are safe ways to do so. If you are lost or have any inquiries, pick somewhere you can trust, like a store or a police station. If you don't know how to get from point A to point B, take a cab. As Jones says, it's "cheaper than getting mugged."

"You're not at home, so stop acting like you're at home," says Jones. "You can have fun, but you can be safe at the same time."

There are a number of options to secure yourself on the road from both a physical and cyber perspective. Some of the ways travelers can steer clear of attackers are fairly obvious. Keeping your wallet in your front pocket and locking up valuables like passports, jewelry, and computers in hotels safes is a convenient way to protect your valuables while you're on vacation. Plus, it makes you more conspicuous to potential criminals.

"Cellphones, cameras, watches...all those things that people wear and don't pay attention to the fact that they're wearing, they attract attention," says Jones. "If you're in a bad part of town with your laptop in a bag and watch on and a cell phone on you, people are going to notice that sort of thing."

Locking up electronics can go a long way in preventing cyberattacks too, says Irvine, who points out that people should be sure to use complex codes ("Not '1234,'" he says) when locking up valuables in safes.

"People think that hacking is just an issue with what you can do on computers and cellphones," says Irvine. "It's not. It's just a matter of access. People who leave their computers [unprotected] in their room or in their bags while at the beach, these things are going to be easily accessible.

Protecting yourself from more traditional forms of cyberattacks is just as important, though. Don't leave your Bluetooth or Wi-Fi on if you're not using it. If you're communicating with your company's network, only do so via VPN. Machines containing sensitive data -- both PCs and mobile devices -- should all be encrypted, as well.

"Encrypt anything mobile," says Jones. "When it comes to smartphones and microSD cards, there are built-in ways to do that. Full drive encryption on laptops and tablets is good too, it's just a safe bet."

[6 tips for smartphone privacy and security]

And it's easy, too. Irvine points out, "These measures used to be much more difficult to do just a couple of years ago; certain software didn't work well with VPN, encryption caused lots of problems on individual computers. Today, the software across all platforms is much stronger and easier to use, and cellphones can be encrypted once you put in a PIN."

The PINs (or passwords) themselves are worth setting up too, so long as they're alphanumeric and greater than 10 characters. It won't stop hackers, but it will at least slow them down. Even if it's for just the duration of your vacation, says Jones, they're worth setting up.

"Don't just have your computer turn on and login to Windows," he says. "Tablets and phones, same thing. Use facial recognition, swipe, or a number combo for entry. If you don't want to use it when you get home, that's fine. But don't just leave your stuff open while you're gone."

If you're actually using your device -- rather than just leaving it behind -- avoiding Wi-Fi or wired networks in your hotel room, can lower the odds of an attack greatly.

"They're all shared networks," says Irvine. "Everybody who gets on them can see what you do."

One might be tempted to think that an attractive alternative would be to use the hotel's business center instead, assuming that the facility is equipped with one. The reality, however, is that they may be just as risky -- if not more so -- than the internet connection in your room given that the process involves a shared machine.

"The data that you've typed into the computer, it can be saved using a keylogger," says Irvine. "And most of [the business centers] that I've seen, they don't wipe the information after a person uses it. Anybody who wants to can go back into the PC and look at user IDs, passwords...they can grab that info and use it."

Instead, Irvine proposes that people use their own network instead of somebody else's. People can tether their PCs to their phones and use their mobile data connection to gain internet access so other people can't eavesdrop on their activity. If they don't have that option, he says, they should at the very least ensure that all communications are done using HTTPS.

[Culture clash: How physical security is impacted by social norms]

The best way to protect yourself, however, is to simply abstain from taking risks in the first place.

"You should always avoid using any kind of personally identifiable information when on any public network," says Irvine, reiterating that people should use their own networks. "You just shouldn't do it."

Jones expresses similar sentiments, stressing prevention over damage control.

"I'd rather people protect their assets and valuables the right way rather than try to monitor it," he says, adding that travelers should notify banks of their travel plans and minimize the number of banking cards they bring with them. "People won't remember to do that when they're on vacation. You don't want to have to worry about that kind of stuff, so just lock it up."

Join the CSO newsletter!

Error: Please check your email address.

Tags summertravelapplicationssecurityphysical securitysoftwarePrescient Solutionsdata protectionvaluablesasset protectioncyberattacks

More about Facebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Hatchimonji

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place