Cyber Security When Travelling

These days, it is practically a necessity to have electronic devices such as phones, tablets and laptops, even when travelling. Technology helps us to stay connected while we are away from home and the office. Unfortunately, when you are travelling you can be more at risk of cyber-based threats, and your devices can easily be compromised or stolen.

Travelling can expose one to potential cybersecurity threats that can compromise your electronic devices and data. Just as one protects their passport, it is crucial to safeguard one's digital assets while travelling. This article will explore why cybersecurity is essential when travelling, and how to protect one’s devices and data before, during, and after your journey.

Why Cybersecurity Matters When Travelling

In today's digital age, information is a valuable commodity. Travellers are increasingly targeted for digital identity theft, making cybersecurity a top priority. Additionally, personal cybersecurity can also impact one’s physical safety, especially when travelling to regions with political or social unrest. Cybercriminals can exploit information on devices, potentially putting one at risk even if you are unaware of it.

Before Taking Off 🚫

The best way to safeguard devices and data is to minimise what you bring. Consider using a disposable "burner" phone with a local SIM card for the trip, if travelling abroad. If that is not an option, follow these steps to secure your devices:

Update Device Software: Treat your electronic devices like your home or work computer. Keep your operating system software and apps updated, including up-to-date antivirus, anti-malware, and anti-spyware protections. This will improve your device’s ability to defend against threats.
Leave Unnecessary Items: Do not bring information or devices you do not need. Back up essential data and leave it at home.
Keep it Locked: Get into the habit of locking your device when you are not using it. Even if you only step away for a few minutes, that is enough time for someone to steal or destroy your information. Use strong PINs and passwords for devices, applications, and social media accounts. Enable multi-factor authentication wherever possible, and never store passwords on your device.
Encrypt Sensitive Data: Encrypt any sensitive information stored on your devices.
Consider Tamper Seals: If carrying a laptop with sensitive data, use tamper seals over hard drive access points or USB port locks.
Disable Auto-Connect: Disable remote connectivity and Bluetooth. Some devices will automatically seek and connect to available wireless networks. Bluetooth enables your device to connect wirelessly with other devices, such as headphones or automobile infotainment systems. Disable these features so that you only connect to wireless and Bluetooth networks when needed.
Disable Printer & File Sharing: Protect your digital security by deactivating printer and file-sharing applications on your devices. This action effectively prevents unauthorised access to your files and sensitive data, significantly reducing the risk of your information ending up in the wrong hands and ensuring the safeguarding of your privacy.
Enable "Find My Device”: Activate the "Find My Device" feature on your mobile device. This functionality helps you locate your device. Additionally, activate remote wipe capabilities and familiarise yourself with the process in case the need arises.

During Your Trip 🏖️

Opt for Mobile Data or an eSim: When travelling within your own country, it is recommended to utilise your data connection, which can include setting up your mobile phone as a hotspot. For international travel, consider options like activating roaming, purchasing a standard SIM card, or, if compatible, using an eSIM on your device. In general, relying on a mobile network connection is a more secure choice compared to public wireless networks.

What is an eSIM?

Also referred to as embedded SIMs, eSIMs are SIM cards physically integrated into a device, offering a modern and convenient alternative to traditional physical SIM cards. With eSIMs, there is no need to carry and swap physical cards, and they even enable the use of a second SIM, simplifying the management of dual plans on a single device.

Essentially, an eSIM, or digital SIM, is a chip built into your device, digitally connecting you to a mobile network without the need for a physical SIM card. If your phone supports eSIM technology, you can download an eSIM data plan, install it on your device, and instantly establish a connection to a mobile network.

Think Before Connecting: When connecting to a public wireless hotspot, be it on a flight, at an airport, or in a hotel, it is vital to confirm the network's name and login procedures with authorised personnel to verify its legitimacy. Refrain from engaging in sensitive activities such as online shopping, banking, or work-related tasks on public wireless networks. Opt for websites that start with 'https://' for added security.

Unsecured Wireless Networks

Although public Wi-Fi networks offer significant convenience by enabling internet access from nearly any location, they lack security and typically lack encryption. This deficiency can potentially grant cybercriminals access to your internet-connected devices. Attackers can exploit public connections to execute a man-in-the-middle attack, redirecting browser requests to a malicious website of their choice. Subsequently, through the browser, they can deploy malware on the device.

Strengthened Connection: Utilise a Virtual Private Network (VPN) to establish an encrypted connection while accessing the internet during your travels, even on public Wi-Fi networks.

While the use of a VPN is legal in many countries, it is important to note that in some nations, VPNs are restricted or banned as part of broader efforts to control internet access and suppress dissenting voices. The following is a list, although not exhaustive, of countries that have implemented such restrictions on VPN usage: North Korea, Belarus, Oman, UAE, India, Iran, Egypt, China, and Russia.

Caution Before Clicking: Prioritise safety by exercising caution when downloading or clicking on unfamiliar links. Eliminate suspicious emails from unknown sources and thoroughly examine an application's details before installation.
Device Security: If your device is taken out of your sight for security screening or you suspect it has been accessed during a room search, assume that your device might have been compromised, possibly with your hard drive copied. Keep all your devices with you at all times, even in your hotel room, and secure them. If necessary, use a hotel safe to lock them away to prevent unauthorised access. Exercise extra caution when attending conferences or trade shows, as these venues offer criminals a wider selection of devices containing sensitive information. The conference sessions may also provide more opportunities for thieves to access guest rooms.

Border Control and Device Searches

When crossing international borders, it is important to be aware that border control authorities may conduct searches of your electronic devices, including mobiles, laptops, and tablets. These searches are conducted for security and customs purposes. To safeguard your privacy and data, consider backing up your device before travelling and removing any sensitive or confidential information that you would rather not disclose during these inspections. Familiarise yourself with the laws and regulations of the specific country you are visiting to understand your rights and obligations when it comes to device searches at border crossings.

Securely Recharge. Never plug your device, into a USB public charging station, such as those in the airport or hotel room, as these cannot be trusted. Malicious individuals can access information on your devices or install malware through the USB cable since it has two wires - one for power and the other for data transfer. Always connect using your power adapter connected to a power outlet.
Staying Secure on Public Computers: If you need to log in on a public computer (e.g. hotel business centre), consider opening an “Incognito” or “Private Browsing” window for added security. Before signing in, ensure that options like “stay signed in” or “remember me” are unchecked to prevent unauthorised access. Always log out of your accounts when finished. After logging out, clear the Internet browser's cache, cookies, and history before leaving the computer for enhanced privacy and security.
Delete Data from the Rental Car. If you connect your device to a rental car for navigation or other purpose, be sure to securely remove the device so that other individuals do not have access to your address book, device name, text messages (hands-free calling), or other sensitive information.

Back Home 🏘️

Comprehensive AntiVisus Scans: Before connecting to your home or work network, it is crucial to perform thorough antivirus scans on any devices you used or acquired during your travels. This step helps ensure that the devices are free from malware or potential threats.
Change Passwords: Change the passwords you used while travelling to maintain security for your online accounts.
Remove Apps & Data: Remove any applications and related data you may have downloaded onto your devices specifically for your trip that you no longer need.
Securely Dispose of Boarding Passes & Luggage Tags. Scannable codes on boarding passes and luggage tags include full name, date of birth, and passenger name record. These can also contain sensitive data from your airline record like passport number, phone number, email address, and other information that you would not want to share publicly.
⚠️ For this same reason, never post boarding passes on social media.
Check Your Statements: Review your financial statements (e.g. credit card) for any suspicious or unauthorised charges that may have occurred during your trip.

Resources

For additional information and resources on traveller cybersecurity, please visit the following websites. It is advisable to consult your government's official travel advisory website, where available, for specific guidance related to this topic.

To find more information and resources on traveller cybersecurity, please explore the following websites. Whenever possible, we recommend checking your government's official travel advisory website for specific guidance on this topic.

🇦🇺 Australia

🇨🇦 Canada

🇺🇸 United States - The National Counterintelligence and Security Center (NCSC)

🇺🇸 United States - Federal Communications Commission (FCC)

🌐 Center for Internet Security (CIS)

🌐 2 SEC Consulting

🌐 Global Tech Council

Disclaimer

All travel advice presented by Kudos Travel Technology (Kudos) has been prepared for general information purposes only. While we endeavour to provide up-to-date and accurate advice, no person should act, fail to act, or otherwise rely on the basis of its content. It is not intended to be relied on as a substitute for expert advice by government authorities, travel risk management experts and medical professionals.

If your company has policies on this specific topic, they always take precedence over the general advice provided by Kudos.

In cases where there is suspicion of device or data compromise, we strongly recommend seeking professional guidance, particularly from a cybersecurity or IT expert.

Kudos cannot guarantee the accuracy, reliability, currency or completeness of its information or any linked site. No legal liability arising from or connected to any material on this website or on any linked site will be accepted. Material may include views or advice of third parties and links to external websites. These do not necessarily reflect the views of Kudos. External website links are chosen carefully, however, Kudos has no direct control over an external website’s content.