Solo traveling is one of life's most enriching experiences, offering the opportunity to explore new places and cultures, and nourish your soul with more than just the local cuisine. We speak frequently about how to stay safe personally while on trips, but when it comes to cybersecurity and solo travel, we defer to the experts.
As October is internationally recognized as Cybersecurity Awareness Month, it seems like a good time to make sure we're all up to date on the most current best practices. We asked Zachary Kinder, President, Net-Tech Consulting, an I.T. and cybersecurity firm based in Texas; and Justin Leger, Chief Operating Officer of Cybeats, a Toronto-based cybersecurity firm, to answer five questions on how solo travelers can protect themselves and their data while they’re on the road and what to do should problems arise.
- Cybersecurity and Solo Travel: What Are the Primary Risks We Face?
- How Can We Protect Our Devices and Data from Theft or Intrusion?
- What Should You Do If You Suspect You've Been Hacked?
- Local Authorities and Cybersecurity Laws When Traveling Solo in Different Countries
- What Resources Can Help in the Event of a Cybersecurity Incident while Traveling?
Cybersecurity and Solo Travel: What Are the Primary Risks We Face?
Zachary: The cyber security risks that solo travelers face are usually physical/social engineering in nature. When we travel it is easy to get social with people we don't know, and give away certain information, like our kids names, our city, state, etc. It is essential to keep conversations as vague as possible when discussing personal matters, so you don't open yourself up to attacks. The other aspect is compromised physical access. Never leave your computer unlocked and not in your possession, and never accept any peripherals from individuals you don't know or trust. This includes, but is not limited to, cables and thumb drives.
Justin: In my view, the biggest risks for people traveling alone are:
- unsecured Wi-Fi networks. Travelers often rely on public WiFi, which can be unsecured and expose them to the risk of data interception and unauthorized access.
- physical theft of devices. The risk of theft is heightened when traveling alone, as there’s no one else to help watch over personal belongings.
- using public computers and USB charging stations. Public computers may have malicious software installed that can track your keystrokes or steal your data. USB charging stations could be compromised to install malware on your device or steal data.
- targeted scams. Solo travelers may be more susceptible to phishing scams or fraudulent communications, especially if they’re publishing details of their trips publicly (e.g., social media).
How Can We Protect Our Devices and Data from Theft or Intrusion?
Zachary: Solo travelers should keep their device count to the minimum needed to function. The more devices carried creates unnecessary risk and leaves the user open to making mistakes. If possible keep a low profile and don't brandish your gear especially when you're traveling somewhere you're not familiar with.
Justin: Luckily, there are several precautions you can take to protect yourself from cybersecurity incidents while traveling solo.
- Use a VPN. This helps protect data transmission, especially when connected to public Wi-Fi. *Note that VPNs may be restricted or even illegal in some countries.
- Enable full disk encryption. This protects the data on your device in case it gets lost or stolen.
- Set strong passwords and use biometrics. Ensure all devices are protected with strong, unique passcodes and enable biometric authentication where possible.
- Keep devices updated. Regularly update the operating system and applications to patch known vulnerabilities. Ensure to do this before you leave on your trip.
- Back up data. Regularly backup important data to a secure cloud service. Consider leaving a backup copy of your important data at home.
- Be discreet. Avoid displaying expensive devices in public and be mindful of your surroundings.
- Use MFA. Multi-factor authentication (MFA) can make it harder for cyber criminals to access your data, but be aware that if you have MFA enabled, you may not have access to one or all those methods (e.g., text message) while traveling.
- Avoid unknown devices. Don’t connect to unknown devices like USB storage media or even USB charging ports in places like airports and coffee shops.
What Should You Do If You Suspect You've Been Hacked?
Zachary: If a hack is suspected, change your password immediately. In the world of cybersecurity it's not if, it's when you get hacked. It is my recommendation that you sign up with a password manager and keep a separate password for each individual website account you have with the master password that you don't use on any other account. If the account that got hacked has the same password as one of your other accounts, change that one too.
Justin: Immediate actions include:
- change passwords. Immediately change the passwords for any potentially compromised accounts.
- contact financial institutions. If any financial accounts are at risk, contact the respective institutions to notify them of the potential breach. Have these phone numbers ready before you travel.
- run antivirus scans. Conduct a full antivirus scan on potentially compromised devices.
- enable account monitoring. If possible, enable monitoring on affected accounts to receive alerts for any suspicious activity.
- contact local authorities if necessary. If the situation involves theft or other criminal activity, contact the local authorities. Note that their ability to help may be limited unless it involves a physical crime.
Local Authorities and Cybersecurity Laws When Traveling Solo in Different Countries
Zachary: Interacting with local authorities and respecting cybersecurity laws in different countries requires thorough research, legal compliance, and cultural awareness. To navigate this complex landscape successfully, it's crucial to stay informed about local regulations, seek local legal expertise, and implement robust cybersecurity measures while maintaining transparency and cooperation with authorities.
Justin: As travelers, it’s vital to:
- research local laws. Before traveling, familiarize yourself with the local laws and regulations related to cybersecurity and digital privacy in the destination country. VPNs for example are restricted or illegal in some countries.
- cooperate with authorities. If you need to interact with local authorities, be cooperative and provide any required information.
- be aware of your rights. At the same time, be aware of your rights, especially in terms of privacy and due process.
- seek consular assistance if necessary. If you’re unsure about how to proceed or feel your rights are being violated, contact your embassy or consulate for assistance.
What Resources Can Help in the Event of a Cybersecurity Incident while Traveling?
Zachary: Solo travelers can prepare for emergencies and cybersecurity incidents abroad by using a combination of resources and tools. These include comprehensive travel insurance, travel apps for safety and communication, embassy and consulate contacts, cybersecurity tools, and offline maps. Additionally, having local emergency numbers, an emergency contact list, and language translation apps can enhance your preparedness and security while traveling alone.
Justin: Preparation and good digital hygiene are always recommended. VPN services, password managers, travel insurance, and personal vigilance will all help you avoid and minimize the impact of cybersecurity incidents while traveling. Travelers may also want to consider Remote Device Management Software. Some devices can be remotely locked or wiped if stolen. These services are sometimes included with the device or available for aftermarket purchase, but they need to be installed and/or configured beforehand.
Justin also recommends the site www.getcybersafe.gc.ca as a great resource about cybersecurity for solo travel which also has lots of useful information that can help you prepare your devices and accounts prior to leaving home.