10 Cybersecurity Tips for Summer Travel
Your vacation is about to start. You’re going through your checklist to ensure you have everything ready: flight, hotel, swimwear, flip-flops, a good list of places to visit, restaurants where you want to go for dinner, endless plans with family and friends...
At WatchGuard, we want you to enjoy this valuable time of relaxing with your family and friends, so we have 10 Summer Travel Tips you should follow before, during, and after your vacation.
Follow these tips so you can enjoy a #CyberSafeSummer:
1. Personally secure your essential files:
At most workplaces, your IT or security department should already be handling some secure backup for you, whether via a secure share that they maintain, or products that automate computer backup. That said, if you don’t know their backup policy, you may feel better by creating a personal backup of your important files for yourself. While there are tools that can automate this, you can do a one-time backup by copying all your files and documents you’ve stored in specific folders on your computer to another place. Backups should exist remotely, not locally, so one easy way to accomplish this is just transferring a copy of these files to a USB storage device. This will ensure that you can return all your files to the exact state you left them when you return, in case anything goes awry while you are gone. That said, be sure to check with IT first, as it’s a waste of time to do this if they are already backing up for you, and they may have policies around moving files off your corporate computer.
2. Shut down all your computers and devices that aren’t in use during your vacation:
Nowadays, many of us leave our work and home computers, as well as many IoT devices, on at all times, since we use them every day while at work or home. It’s quicker and easier to just have them up and ready. However, if you will not need to remotely connect to them during your vacation, turn them off! When a device is on, it’s also online, leaving it open to attack (depending on protections you have). If it’s off, it can’t get hacked. If you aren’t going to be using it for many days or weeks, why not just shut it off to avoid any chance of an attack?. Obviously, for IoT monitoring devices like cameras, you should leave those on so they can do their job while you are gone, but if you don’t need it, turn it off.
3. Update before leaving the office:
Not updating software as recommended can leave an open door to vulnerabilities. Before leaving for vacation, perform all pending system updates, and be sure to review any pending updates and apply them as soon as you return. Again, your IT department usually has processes or tools in place that force and automate updates. If that is the case, you may not have to do anything. However, sometimes these automated solutions still ask the local user if they can update and reboot now. So be sure to approve the updates before leaving.
4. Don't get caught in a phishing attack:
Even though it's summer, cybercriminals are still on the prowl and you could receive a phishing attack at any time. If you receive a suspicious email about an urgent password change or a payment to a supplier that can't wait, or anything else strange and suspicious, beware! Even if it comes from a known contact, it could be phishing. Verify the sender's address and, if in doubt, do not open or reply to the message.
5. Avoid accessing your corporate email from public networks without the right protection:
Your hotel or holiday apartment probably has a public Wi-Fi network. If you need to access your corporate email or company documents during your vacation, avoid using a public network if you can. Try to at least use a Wi-Fi network that has a password so that it offers some basic protection from the general public. Nowadays, with increased remote work, IT and security departments do not totally ban the use of public networks; however, they do impose requirements to use them. Whether you are joining a public or private Wi-Fi network that you or your company doesn’t control, you must have a suite of endpoint protections on your device, including things like anti-malware, host firewalling and more. Then, always use a VPN to provide an extra layer of encryption to your connection, so others on this public network can’t intercept your email and more. Public Wi-Fi networks have become a reality for many traveling workers, but you need to make sure you employ protections on your computer when using them.
6. Download only reliable apps:
During your free time, you may want to download a game or an app to edit your vacation photos and videos. Be very careful if you use the same device for leisure as for accessing email or corporate applications. Malicious apps can access all the data on your phone, including your company's data, and suffer a cyberattack. If you want to download an application, only do it from known 1st-party sources and repositories. For instance, only get apps from the official Apple or Google stores on mobile devices. Or only download through the Microsoft or Apple App stores for computers. People run into the most trouble with malicious apps when they download things from non-official sources. Also, don’t pirate. Besides being illegal in most countries, few things are truly free and a lot of pirated apps come with malware.
7. Protect your identity:
Provide the least required information to achieve the task, nothing more. Don’t be afraid to ask what the information requested will be used for. Is it necessary to provide a scan of your passport or credit card? Do they need to write down your credit card number, expiry date, and security code (CVV number) after making a successful payment? Consider the outcomes before disclosing any personal information you want to keep secure.
8. Resist posting detailed information on social media...
... Such as where you are going or where you are. Although it is not directly a cybersecurity measure, the fewer details we give out about our vacations the better, knowing that any information uploaded can be turned against us in very unexpected ways. Physical burglars may use this information to attack your house, but social engineers could use this knowledge to craft an even better spear phishing email to you that does result in a cyberattack.
9. Be careful with what you connect to your computer:
USB infections are still common despite being an old hacking technique. Avoid plugging in a USB that has been found at all costs.
10. Enable two-factor or multi-factor authentication (2FA/MFA) whenever you can:
Attackers have many ways to steal your passwords. Perhaps they acquired it by phishing you. Maybe they hacked a site you visit and got your password from there, and if you use the same password in other places this is a problem. Malware can steal passwords too. However, MFA can save you even when an attacker knows your password. This feature means that every time someone tries to log in to your account, they also need some second factor of authentication, such as the approval of a notification on your cell phone, in order to log in as you. This makes it much more difficult to hack into your accounts even when threat actors steal your credentials, and, best of all, you are warned that an attempt is being made to gain unauthorized access to one of your services.