As a security professional who travels a great deal for work, I can tell you a lot about the best practices to follow when you’re on the road with electronic devices in tow. Right now, though, I’m on vacation — I’m in paradise, as a matter of fact, in the form of the Garden Island of Kauai — so maybe I should be able to let down my guard.
Just about everyone around me seems to be doing it. Unlocked doors. Open cars. Beach bags that hold phones, money and identification left behind while their owners run over to greet a sea turtle. Both natives and tourists are pretty relaxed about such things.
I’m the stick in the mud who’s always grimacing at these sights and saying to my party, “Hey, I’m not so sure it’s a good idea to leave that stuff sitting there unattended.” After working for years to develop a security-first mindset, you don’t shed it so simply when you’re in paradise. Besides, hard experience has taught me that, as wonderful a place as Hawaii is, it’s no more a utopia than anywhere else on the planet. Twice on trips to the Big Island of Hawaii, we have been burgled. In one case, someone broke into our hotel room while we were at dinner. We came back to a ransacked room and a knife stuck into the middle of the bed. That sort of thing has a way of putting a damper on your holiday and convincing you that it’s never a good idea to put your guard down fully.
Of course, my real security interest is in the cyber world, and since I usually travel with some electronic gear, I’ve had to think about how to safeguard my digital assets when I’m on vacation. Here’s my advice.
- First, always do a thorough backup before you hit the road. Just over a year ago, my laptop died just as I was leaving for a business trip. I was able to buy a new laptop on my way to the airport, and I was able to access an up-to-date backup that got me back in business quickly. Do a full backup the day before you leave. External USB drives are pretty cheap these days, folks. Make a full backup on one, and leave that locked up at home. Make another full backup on an encrypted USB drive and bring that one along. (It’s always good to have a Plan B, after all.)
- Never neglect the security of your electronic communications. I’m pretty meticulous about using VPNs to connect to my office environment, but as I look around me in this island paradise, I see I’m the exception.
- Don’t bring what you don’t need. If you don’t need a laptop, leave it at home. If you do, you’re better off bringing an older one configured with just the stuff you’ll need for your trip, such as software for syncing vacation photos (or writing columns about security, if that’s your thing).
- Use the cloud. If, like me, you would hate to lose your holiday photos, back them up daily. Push them out to the cloud as quickly as you can and off your traveling systems.
- Lock it up. Although hotel safes are far from secure (there are many videos that demonstrate how hotel safes can be hacked in just a few moments), they are still a line of defense. Every time you go out, put your laptop, tablet, etc. in the hotel safe, and be sure to lock it with a PIN only you know. If you don’t have a hotel safe, or your laptop is too big for it, just hide the computer in plain sight. Laptops can be tucked away in closets among spare bed linen, for example. I know that sounds like security through obscurity, but unless you want to be the guy who carries his computer bag everywhere he goes, it’s better than nothing. Remember, anyone who breaks into your room is going to want to get in and out fast. It will be a quick rummage through your stuff and then out. Thieves can’t steal what they can’t find.
- Hide the evidence. Leaving your power supply plugged in while the laptop is in the safe is a pretty sure sign that there’s a laptop nearby.
I certainly hope you all have fun and carefree holiday trips this summer. But if you’re anything like me, you can’t be truly carefree if you feel as if you have dropped your guard too much.
Aloha nui loa, y’all.
With more than 20 years in the information security field, Kenneth van Wyk has worked at Carnegie Mellon University's CERT/CC, the U.S. Deptartment of Defense, Para-Protect and others. He has published two books on information security and is working on a third. He is the president and principal consultant at KRvW Associates LLC in Alexandria, Va.