spirent.com

Best Practices for the Cyber-Security Aware Traveler

Cybersecurity aware traveling

As a regular international traveler for both leisure and business, I am often amazed at the lack of attention travelers pay to network security, and the information that is exchanged over ‘free, unsecured networks’.

It is not uncommon for us to connect to Wi-Fi wherever we go, in-fact today, we have almost come to expect there will be Wi-Fi connections everywhere—coffee shops, restaurants, airports, and even on some flights! While this is certainly very convenient, it has also opened tremendous possibilities for hackers to access our personal information.

The Spirent SecurityLabs™ team often travels internationally to demonstrate their products and services to sales representatives across the globe, and often set up a little experiment to prove just how easy it is for hackers to phish for information by luring people to join a ‘Free network.’

The SecurityLabs experts start by setting up a Wi-Fi access point at the training site, and naming the network the same as the network in their office. Funnily enough, a large majority of the guests join the network—mind you, these guests are advanced cyber-security experts, selling millions of dollars of cyber-security services to customers globally.

Once the guests joined this network, our security experts proceeded to track (very basic) usage such as time spent online, number of websites accessed, emails sent etc. No personal or identifiable data is collected (even though it would have been easy to do so!). The reason why this is so easy to do is because once you are accessing the internet through an access point I have set, you are technically on my network, I am the internet, I am the middle man, and can see everything that goes on.

Through the course of the training, the SecurityLabs experts presented their findings to the guests and everybody was shocked at how easy it is for the ‘dark-side’ to potentially access extremely personal and valuable information. Thankfully, in the USA, there are very specific laws that govern how Wi-Fi is offered at various places around the country, so while we are relatively safer here, nothing is 100% foolproof!

This brings me to precautions that should be taken while traveling internationally.

Turn off Wi-Fi—When you are not intending to use Wi-Fi on your device, simply turn it off. This will stop the device from automatically connecting to any Wi-Fi in the area, and if it is a mobile device, this will also help in preserving the battery life as the device is not going to be constantly searching for an available Wi-Fi connection.

Only connect to encrypted websites—When you are on a free network, try and connect to sites that are encrypted. There is something called an ‘HTTPS everywhere’ browser, that can help with this—what it does is redirects you to an encrypted page when available. If you are someone who needs to frequently connect to free Wi-Fi, consider paying for a VPN and browse through that. While anyone on the free network will see that you’re on a VPN, they will not be able to see what you are doing on it.

Do NOT access confidential information—While traveling, we are often tempted to check our bank accounts and credit card balances to see how our pockets are doing. This is a BIG NO-NO especially on an unsecured, free network! By accessing your bank account (especially through an app), you are exposing yourself to being hacked. This is because researchers have found that many mobile apps do not encrypt information properly. It is very possible, that in real time, someone who is watching what you are doing on the unsecured network can intercept your logon information and immediately log into your bank account.  If you have teenagers you are traveling with, it is best to have a conversation with them prior to travel, and delete any apps that may compromise security for the duration of your travel.

If you really have to access your bank information, do it by going to the bank website, and ensuring that it is encrypted (HTTPS). Clicking on hyperlinks is also not advisable, as hackers can set up pages that may look and feel like your banks site in every way.

Phishing is real—Encryption (passwords, log on information etc.), help with protecting your network traffic from evil, prying eyes. When you are on an unsecured, free network, your traffic is visible to everyone in range. What this means is that they may be able to see what you are typing into web-forms and even see which encrypted sites you are connected to (although they will not be able to see what you were doing). The ability for people to view what you are doing and being able to siphon off that information (as our security experts demonstrated) is called Phishing, and it is important that you are aware of this and reduce all chances of this happening to you.

Be alert—We all HATE those pop-ups that tell us that the website certificate is invalid, or the website is malicious. More so when it is for a website that we visit frequently. If you are traveling and notice these alerts, pay attention to them. While they may appear to be a nuisance, they may be telling you that something is not right (perhaps the webpage you are trying to access is a replica set up by a hacker). Secondly, try not to access too many different websites all at the same time—email account, bank account, work email, etc. Research shows that most people use the same passwords for different accounts, therefore if a hacker gains access to one of your passwords, chances that you are vulnerable increase greatly.  Lastly, when you are back from travel, it is always a good idea to reset your passwords from a safe and secure network (such as your home or work). 

As you probably realize, there are plenty of threats out there, and reducing your cyber risk to zero is virtually impossible, however, being proactive, being aware and using preventative tools and measures can aid in greatly reducing your risk to a level that is manageable and comfortable for you.

If you would like this level of security expertise for your company, visit SecurityLabs. Not every person has access to ethical hackers, but enterprises do. The time to start leveraging experts to aid in managing your security arsenal is now and Spirent is positioned to be your partner in your fight against cyber-crime.

 

comments powered by Disqus
× Spirent.com uses cookies to enhance and streamline your experience. By continuing to browse our site, you are agreeing to the use of cookies.