January 9, 2019

CSG Law Alert: Ten Cybersecurity Tips for Safer Travels

From a cybersecurity and data protection perspective, traveling safely on business or pleasure is not an easy task. But if you are mindful of what you do, and where you do it, you and your information can travel more securely.

Here are ten practical cybersecurity and data protection tips to keep in mind:

1. Devices that you will be working on should be encrypted and up to date with security patches.  Even if your device is compromised (and this can happen any number of ways), the data stolen is unintelligible to anyone without the decryption key.
2. While working on a plane, train or automobile, at the terminal or any other public venue using your laptop, use a privacy screen so the nosy traveler next to you, or walking down the center aisle, does not see your screen or your work.
3. Consider traveling with your own cellphone charger or power bank.  The charging towers in some airports and terminals (particularly outside the US) have been found to have been tampered with so that when you plug in your device to charge, you are unwittingly sharing your data through malware installed in the charging tower!
4. If you need to use the hotel or other third party computer to print out your boarding pass, (i) remember to log off the computer when you are done, (ii) do not ask to be remembered, and (iii) be mindful of who may be around you as you enter your credentials.
5. If you are working at a hotel or third party location, do not assume that the Wi-Fi network you log into is the actual hotel network.  Hackers can easily spoof hotel Wi-Fi addresses to trick you into using their network – all the while, capturing your activities as you unsuspectingly work or shop online.  Best practice is to use your own hotspot.
6. Confirm whether your company can remotely wipe your device – whether it is a laptop, phone or otherwise.  Then, if the device goes missing or is stolen, sensitive data can be wiped remotely. This obviously assumes that you have either memorized, or traveled with a hardcopy of, your office’s contact numbers to report lost devices as you will no longer have access to the stolen or misplaced device.
7. Remember that devices used to print documents store images of those documents.  As such, before you have your office fax you documents or email information to a third party’s computer while you are traveling, be mindful that the third party printer or fax machine is retaining your data long after you are gone.  Better practice would be to read the document on your device or have your office overnight the materials, where possible.
8. While traveling, if you are working on a printed, sensitive document (cover page reads, the “Merger of ABC into 123”), consider first printing a sanitized cover page, or replacing parties’ names with numbers in the document, so that your paper version does not reveal sensitive information to a third party.
9. Do not check your bag with devices inside – whether as checked luggage, at the hotel or at the courtesy club for your airline.  You cannot assume that persons holding your items and/or having access to the holding area could not, or would not, access or steal your devices.
10. Train your team to know that nothing is so critical that it cannot be confirmed by a phone call when you are traveling. There is not a wire transfer that must be made and there is not data that must be transmitted just as you are boarding a plane without first verifying with you by telephone.

Enjoy the trip and be smart so that someone else does not take you or your data for a ride.