5 online privacy and security tips for travelers

Checking email, looking stuff up online, and keeping track of things while on the road is pretty simple these days, with our smartphones and laptops in tow.

In fact, with Wi-Fi connected cars, trains and planes, and internet access everywhere, you can leave your business or home and arrive somewhere else without missing a beat.

Wherever you’re going – whether you’re traveling for a business conference, or going to a vacation spot far away from work – you’ll still want to be secure when you go online, use mobile devices and buy stuff with credit cards.

You don’t have to “go dark” when you travel, but you do have to take extra precautions. So here are five simple security tips.

1. Lock your computer and your phone when you aren’t using them

Do you know how many laptops and mobile devices are lost every day?

Around 100 smartphones are lost or stolen in the US every minute. About 12,000 laptops are lost in US airports every week. In Chicago alone, people lose 120,000 phones in cabs every year. Most of those people never see their devices again.

It could happen to you too – so make sure you lock your devices to keep all your contacts and content private.

Set your devices to auto-lock after the shortest delay you can live with: try two minutes, for example.

Pick the longest and most complex unlock passcode or password you can manage.

On your phone, don’t go for a four-digit PIN just because that’s what everyone else is doing.

Going from four to eight digits means that typing in your PIN takes twice as long; but it also takes a whopping 10,000 times longer for a crook to guess it.

→ Each extra digit in a PIN means 10x as many choices, and 10x10x10x10 = 10,000.

On your phone, also consider enabling “wipe device after 10 wrong guesses” if possible.

That means even a relatively short and convenient PIN will probably trip up a crook who tries to figure it out, because he’ll quickly run out of guesses.

You can also use Find My iPhone on iDevices or Device Manager on Androids to find the device’s location. You might even get it back by sending a message on the lockscreen to whoever has it.

If you have an iOS 8 device like an iPhone 6, it is automatically encrypted when you lock it with a passcode (some Android phones require you to set up encryption manually).

Full-device encryption means that everything gets encrypted automatically, so you don’t have to worry if you encrypted your text messages as well as your tax return.

Additionally, if a crook tries to bypass the lock code by extracting the disk or flash memory from your laptop or phone and reading it in another device, all he’ll see is encrypted data that’s makes no more sense than shredded cabbage.

2. All that public Wi-Fi? Don’t count on it being safe

Airports and hotels all offer public Wi-Fi, but not all of them are doing security right.

Security bugs are common in Wi-Fi routers, even some commercial-grade brands that are widely used in the hospitality industry.

Anyway, when you connect to that legitimate-looking hotspot, how can you be sure it really belongs to the hotel, or the conference venue?

Someone could hack the hotel Wi-Fi, or set up a trap by using a fake network name that you might innocently connect to, and then use it to snoop on, and even manipulate, your network traffic.

It’s better to use your cellphone network to connect instead of Wi-Fi.

In many countries, it’s easy enough to buy a prepaid SIM card when you arrive, and use pay-as-you-go data as you need it.

That way, you can avoid untrusted Wi-Fi networks without being stung by roaming charges when you travel abroad.

And try using a VPN (Virtual Private Network) – a lot of businesses support this for creating a secure internet connection from wherever you are back into your office network.

Once you’ve connected to the VPN, everything you do online happens just as though you were back at the office.

A crook who’s on the same Wi-Fi network as you, or who’s in control of the rogue access point you just connected to, can tell you’ve connected to the VPN, but nothing more.

You can get more Wi-Fi security tips over on the Sophos website.

3. Turn off as many geo-tagging and geolocation features as you can

Apps such as Facebook, Twitter and Instagram use geo-tagging, which is where the app asks your phone for your location, and includes it in your post.

Even if you have GPS turned off, your phone can still work out where you are by keeping track of all the Wi-Fi access points it can see around you.

Most access points stay in one spot for years at a time, so once Facebook (or Google, or Apple, or any other service provider) knows where they are, they act as a sort of location beacon for anyone who’s nearby.

So, before you post, think about whether everyone needs to know that you’re away from home.

Also, lots of apps are tracking your location all the time and whenever your phone is on, even ones that really don’t need to know your location – except as a way to push more advertising on you.

If you can, try turning location services off altogether on your phone, so that apps can’t access your current location at all.

The next step is to turn off your Wi-Fi connection and Bluetooth too, as these can give away your location.

But the only way to really avoid be tracked by your phone is to turn your phone off altogether, or at least turn on Airplane Mode, which stops the device from transmitting, including to cellular networks, making it “travel safe” for a plane.

So if you’re trying to hide out from anyone (boss? spouse?), don’t use your phone.

→ Be careful. On many devices (iPhones, for example), turning on Airplane mode will turn off all wireless components, including GSM, 3G, Bluetooth and Wi-Fi. But Wi-Fi is allowed on many flights, so you can then (perhaps accidentally) turn Wi-Fi back on, even though your phone will still show an “Airplane” icon.

4. Be careful when using public computers and ATMs

Public computers, like those at internet cafes or business centers at hotels, could be infected with malware, which might spy on you when you go online.

One such type of malware, called a keylogger, can record everything you type on a keyboard – very useful for stealing things like passwords to your email or the login for your online bank account.

Spies and cybercrooks can and do attach spy hardware to public computers – this has happened at hotels in Texas and public libraries in England – to steal private information.

Crooks can also attach a card reader to an ATM or a sales register to skim the account numbers off your credit card.

Sometimes it pays to be more conservative than usual, especially when you’re traveling in unfamiliar territory. So, depending on how confident you are in the security of where you are, you might want to use cash or travelers checks.

You don’t have to be low-tech – you could also consider using a secure mobile payment app like PayPal, Google Wallet or Apple Pay, because they don’t use your actual account number for making a transaction.

5. Wrap yourself in layers of protection

If you’re going somewhere cold, you add extra layers of clothing.

Why not do the same for your security?

Instead of ignoring prompts to update your laptops and devices (plenty of people do), turn on auto-updating for your computers, software and devices.

If you don’t keep your devices up to date, you’ll be unprotected even against attacks that exploit already-known security holes, so you’re turning yourself into low-hanging fruit for cybercriminals.

For added protection, use an anti-virus on your PCs and Macs, and think about using anti-virus on your smartphones and tablets, too.

Fortify your accounts wherever possible, by using two-factor authentication – which adds another layer to the login process, such as entering a one-time code sent to your phone.

A lot of websites and apps like Gmail and Facebook offer two-factor authentication, so even if someone steals your password they need to go through another step before accessing your account.

It’s a good idea to have multiple layers of protection, so if one layer fails, you’ve got a backup.

And, finally, a bonus tip for people going to RSA Conference this week…

6. Watch out for the sneaky and/or careless

If you’re traveling to the RSA Conference 2015 in San Francisco (Sophos will be there too), remember that even security experts get tripped up sometimes.

Two real-life examples from conferences: Someone lurking behind a rogue wireless access point, or accidentally giving away “free” USB keys infected with malware.

Strange things do happen when you’re on the road.

Sophos UTM Home Edition

Want to set up a VPN at home for your laptops and mobile devices?

Try our award winning UTM.

The Home Edition includes all the Sophos UTM features: a VPN, email scanning, web filtering, web application security, and everything you need to keep up to 50 devices on your home network secure, 100% free for home use.

In you live in a shared house, or you have children to look out for online, this could be just the product you need.

Better yet, you get 12 free licences for Sophos Anti-Virus for Windows that you can install and manage throughout your household, right from the UTM web console.

Click to go to download page...

Understanding firewalls and secure gateways

Listen to our Sophos Techknow podcast, Firewalls Demystified

(Audio player above not working? Download, or listen on Soundcloud.)

Image of travelers courtesy of Shutterstock.