Even paradise needs backups

Holiday travel is no time to drop your guard, especially if you take any electronic devices along

As a security professional who travels a great deal for work, I can tell you a lot about the best practices to follow when you’re on the road with electronic devices in tow. Right now, though, I’m on vacation — I’m in paradise, as a matter of fact, in the form of the Garden Island of Kauai — so maybe I should be able to let down my guard.

Just about everyone around me seems to be doing it. Unlocked doors. Open cars. Beach bags that hold phones, money and identification left behind while their owners run over to greet a sea turtle. Both natives and tourists are pretty relaxed about such things.

I’m the stick in the mud who’s always grimacing at these sights and saying to my party, “Hey, I’m not so sure it’s a good idea to leave that stuff sitting there unattended.” After working for years to develop a security-first mindset, you don’t shed it so simply when you’re in paradise. Besides, hard experience has taught me that, as wonderful a place as Hawaii is, it’s no more a utopia than anywhere else on the planet. Twice on trips to the Big Island of Hawaii, we have been burgled. In one case, someone broke into our hotel room while we were at dinner. We came back to a ransacked room and a knife stuck into the middle of the bed. That sort of thing has a way of putting a damper on your holiday and convincing you that it’s never a good idea to put your guard down fully.

Of course, my real security interest is in the cyber world, and since I usually travel with some electronic gear, I’ve had to think about how to safeguard my digital assets when I’m on vacation. Here’s my advice.

  • First, always do a thorough backup before you hit the road. Just over a year ago, my laptop died just as I was leaving for a business trip. I was able to buy a new laptop on my way to the airport, and I was able to access an up-to-date backup that got me back in business quickly. Do a full backup the day before you leave. External USB drives are pretty cheap these days, folks. Make a full backup on one, and leave that locked up at home. Make another full backup on an encrypted USB drive and bring that one along. (It’s always good to have a Plan B, after all.)
  • Never neglect the security of your electronic communications. I’m pretty meticulous about using VPNs to connect to my office environment, but as I look around me in this island paradise, I see I’m the exception.
  • Don’t bring what you don’t need. If you don’t need a laptop, leave it at home. If you do, you’re better off bringing an older one configured with just the stuff you’ll need for your trip, such as software for syncing vacation photos (or writing columns about security, if that’s your thing).
  • Use the cloud. If, like me, you would hate to lose your holiday photos, back them up daily. Push them out to the cloud as quickly as you can and off your traveling systems.
  • Lock it up. Although hotel safes are far from secure (there are many videos that demonstrate how hotel safes can be hacked in just a few moments), they are still a line of defense. Every time you go out, put your laptop, tablet, etc. in the hotel safe, and be sure to lock it with a PIN only you know. If you don’t have a hotel safe, or your laptop is too big for it, just hide the computer in plain sight. Laptops can be tucked away in closets among spare bed linen, for example. I know that sounds like security through obscurity, but unless you want to be the guy who carries his computer bag everywhere he goes, it’s better than nothing. Remember, anyone who breaks into your room is going to want to get in and out fast. It will be a quick rummage through your stuff and then out. Thieves can’t steal what they can’t find.
  • Hide the evidence. Leaving your power supply plugged in while the laptop is in the safe is a pretty sure sign that there’s a laptop nearby.

I certainly hope you all have fun and carefree holiday trips this summer. But if you’re anything like me, you can’t be truly carefree if you feel as if you have dropped your guard too much.

Aloha nui loa, y’all.

With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University's CERT/CC, the U.S. Deptartment of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC in Alexandria, Va.

Join the CSO newsletter!

Error: Please check your email address.

More about IslandMellonPara-ProtectPlan B

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by By Kenneth van Wyk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place