Top cybersecurity travel tips for 2020
It’s a new year and that means new goals and new destinations. At Rubica, we’ve noticed recently how digital security and physical security are now symbiotic. One depends on and reinforces the other. Before Rubica team members go out into the wide world, we’re lucky to have the advice of our Information Security team and we like to pass good advice to our friends. Here are Rubica’s top six cybersecurity travel tips to keep you globe-trotting happily in 2020.
Take your own AC charging cable
It’s not hysteria; juice jacking is a known tactic that’s starting to appear, particularly in airports. Plugging your device into an unknown USB port is joining it to the unknown. The malware enabling juice jacking has been found in many airports, so our InfoSec experts advise staying ahead of this emerging tactic by traveling with your own cable and AC adapter or buying them new.
Just say no to free wifi
We all know free wifi is habit-forming. We also know the dangers of free wifi. With cyberattacks in airports and large corporations becoming more prevalent, make sure you either tether to your phone or use a secure VPN when you connect to the free stuff. It’s worth making sure that your VPN provider isn’t selling your data, too.
Deny access to your location data
Start with a strict as-needed policy for your location data. Apps that can’t work without it include navigation apps like Waze or Google Maps. Pro Tip: there should be only a few of these.
Add a second tier for apps that can sometimes have your data, like only when you’re using the app itself. This list includes location-based apps like Pokemon Go or Harry Potter. Even then, be very picky; we often forget to exit apps and instead close windows, which leaks your location data the whole time you’re using the forgotten app. Your bank or your grocer do not need to know your week’s whereabouts, which are then potentially for sale to hackers or marketers.
The last tier is for apps that don’t need your location data ever, at all. Aim for around 75% of your apps to fall into this category. Be particularly careful around social media apps. You can always tag your location manually on your departure (and preferably after you return home to be safest). Using a VPN is a great tool to mask your location—but don’t skip the app-specific permissions.
Save the share for 5 minutes
It’s not cool advice for those of us on social media, but it’s advice that will keep us safer later. Post your photo and tag your location just after you go somewhere, and if you’re a regular there, assume you can be found in the future by anyone who’s ever seen you tag that location (even in a story).
Assume hotel connections are unsafe
Like the Darkhotel threat that first targeted travelers for their data in 2014 and later cousins like Revengehotel, many malicious networks are set up to mimic hotel networks and target travelers just arriving in hotel rooms. Hoping a tired traveler won’t use a VPN and won’t recognize a funny URL, it’s easy to lure users with a fake network and then mine their devices for personal and corporate secrets. Malicious networks can easily be run from a laptop in a hotel bar, allowing an attacker to vanish without a trace, or worse, poison traffic in several hotels in a single afternoon.
Disable auto-connect and Bluetooth
Think of it this way: you shouldn’t auto-connect your devices to anything other than a trusted network, ever. Found under your phone or laptop settings, it should take less than a minute per device to prevent your wifi and Bluetooth from reaching out for random connections. Wifi and Bluetooth signals can come from anywhere or anyone’s device.
Worse, your phone or laptop aren’t the only point of vulnerability. Your Bluetooth input device (like a mouse) is also an easy target. At a recent security event the Rubica team saw a hacker demonstrate infiltration of a network through a Bluetooth mouse, so do yourself a favor and power down your mouse and other Bluetooth devices when you’re going from place to place.
Stay safe as you surf the skies and the internet…