Since hackers won't be taking Thanksgiving off, holiday travelers cannot afford to slip into bad habits. Here are some top tips from cybersecurity experts to protect your devices and data over the holidays.
Passwords: Update before and after travel
Choose strong passwords and — as painful as it is — use different passwords for different services. The Electronic Frontier Foundation has these tips for strong passwords. Also, turn on two-factor authentication. Good practices always pay off, particularly over the holidays, say cybersecurity experts.
"If credentials do get compromised while you're traveling for the holidays, you may not realize it until too late and until someone has run up an expensive gift list with your credit card," said Symantec Security Response Director Kevin Haley.
Data: Backup before you head out
While a device is easy to replace, personal photos and messages kept on devices are not. "Backup your smartphone or tablet on a daily basis; most phones allow you to set automatic backups," said Haley. If you do not want to take a laptop on holiday, look into easy ways to backup data in the cloud from your devices, such as using services like iCloud, Dropbox or Google Drive, he said.
"This way, you won't lose everything if any of your devices are stolen or infected with malware," said Cameron Camp, Security Researcher at ESET which provides antivirus software.
Devices: Turn off Wi-Fi and Bluetooth
Many people switch on Bluetooth and Wi-Fi when then travel to save on data and get a stronger signal. The experts say not to. "This is a recipe for disaster," said Derek Manky, Fortinet's chief security strategist.
"It can lead to inadvertently compromising corporate credentials or giving away personal authentication to email, banking sites," said Manky.
"Along these lines, you should also clean up your Wi-Fi history by removing all previously 'remembered' Access Point SSID's (like attwifi, starbuckswifi, UnitedClub)," he said.
Internet access: Tether your phone or hotspot
Many public Wi-Fi networks and hotspots are operated on unsecure networks, making them vulnerable to attacks that can capture anything you type, including login credentials and credit card numbers. "To protect yourself, confirm the hotspot is legit before logging on. If you're unsure, ask its owner," said Symantec's Haley.
Manky takes it even further: "The only network you can be sure of is one you bring yourself."
Eliminate the chance of connecting to a compromised or malicious network by tethering your laptop or other devices to your phone or personal hotspot, he said. "Stick to Internet access and communications on your cellular data connection. In particular, limit usage to LTE connections. If your connection drops to 3G or 2G, this should raise a red flag."
Get tech smart: Use a Virtual Private Network
Another way to protect yourself when browsing the Web outside your home or office is by connecting to a full-tunnel VPN, a practice that is especially important in and around airports, said Electronic Frontier Foundation's Mark Jaycox.
"It's an easy way to protect your data as it's transmitted — almost like a secret code that only you and your VPN share," said Haley.
Watch out, though, said Manky — many standard corporate VPNs are split tunnel, so not all data is fully encrypted. Full-tunnel VPNs encrypt everything. "Ask your employer about full-tunnel VPN access, use a commercial VPN service, or, if you have a capable next-generation firewall in your home, you can set up your own personal VPN," he said.
You can also download VPN software before your trip, or use a Wi-Fi service aggregator like Boingo, which will secure any Wi-Fi connection.
Physical security: devices
If you're traveling, there's a good chance you will take your devices with you. Keep smartphones in front pockets, be careful of bumping into strangers and be aware of your situation. "Not letting your mobile phone get taken off the coffee table at the coffee shop is really important," said Camp.
Also, when staying away from home, be particularly mindful of pickpockets or locks that can be picked. "Have you seen Mr. Robot? Lock picking is a favorite hobby of many hackers," said Manky.
Haley has this advice for travelers. "Always use a password or PIN to protect your phone/tablet, install security software, and download an app like Find My iPhone or Android Device Manager that allows you to wipe any personal data, should your device get lost or stolen."
Social Media: No over-sharing
Criminals monitor social profiles to find out when people are going away for the weekend, on holiday or even out for the evening. "If people know you're traveling, they know you're not home," said Camp.
Advice from the experts? "Think twice before sharing when or where you're traveling or posting vacation photos, Haley said. Symantec recommends turning off geotagging when traveling so your exact location is not known.
Banking: Apps vs. online
Avoid online banking while traveling. "If you're in a bad part of town you don't take out your money, if you're in a super-crowded area with lots of Wi-Fi hotspots, that's not the time to go do your banking," Camp said. Also, said Camp, be sure to change your passwords before and after the holidays and let your bank know if you are heading overseas for the holidays.
If you do need to do some personal banking while traveling over the holiday season, "use only your bank's official mobile banking application for banking activities while travelling. Their app will take you directly to a secured site where you can manage your finances safely," said Haley.