Safe travels: Tips to keep your data protected when you’re far from home
Welcome to Threat Intel’s #WednesdayWisdom column, a weekly read to help improve your cybersecurity knowledge and keep you informed on important developments.
As the dark days of January creep by, the thoughts of many of us are turning to summer, holidays, and escaping to the sun.
However, when our guard drops on holidays and we relax into that sun lounger, we should all be careful that we don’t let our guard down when it comes to our cybersecurity.
A recent Security Response blog revealed how data displayed at airport boarding gates could leak passenger data, potentially allowing attackers to access passenger data, gain full control over their booking, and even cancel future flights and steal sensitive information.
The data leak revealed the passenger’s booking reference, or passenger name record (PNR) code, and last name, usually the only details needed to access a flight booking — and potentially cause havoc.
This is far from the first time a vulnerability like this has been outlined and, while the case above is no fault of the consumer but rather a system flaw, our penchant for oversharing smug holiday snaps on social media could also get us into trouble.
Brian Krebs previously blogged about a reader who was able to glean a lot of information from a photo of a boarding pass a friend of his posted on Facebook.
Taking a screenshot of the boarding pass, the reader, Cory, quickly found a website that could read the bar code on the boarding pass and reveal information including his friend’s name, frequent flyer number, and other personally identifiable information (PII).
The information provided allowed Cory to access his friend’s record locator for the Lufthansa flight he was taking. With this locator and his friend’s last name he was able to log into his friend’s frequent flyer account — allowing him to make changes to any future flights booked to that account, as well as revealing more PII, including his friend’s phone number.
Of course, your boarding pass isn’t the only way you could leak personal information while jaunting overseas.
7 things to keep in mind to protect your cybersecurity on your travels
Beware of public Wi-Fi networks
To post that ill-advised Instagram pic of your boarding pass, you will need Wi-Fi — and as you are away, chances are you will be using an unsecured, public Wi-Fi network in an airport or coffee shop. While they are convenient, unsecured networks make it very easy for anyone else on that network with the sufficient know-how to access the information you’re sending through the air. This is something you need to be very cognizant of if you are logging into accounts such as your email or social networks. It is certainly advisable to avoid accessing your bank account or carrying out financial transactions while using an unsecured Wi-Fi network.
So, two reasons not to post that Instagram pic of your boarding pass.
Make sure you’re not being tricked
Always make sure you are connecting to a legitimate network. Worse still than connecting to an unsecured network is connecting to a phony network set up by hackers with the express purpose of stealing your information. If connecting to a network in a public place like a hotel or coffee shop, double check with a member of staff what the exact name of the network is, to ensure you do not connect to a phony network hidden behind a legitimate sounding name.
Shared computers in the lobby of hotels or public libraries also carry risks. You do not know what security is installed on these devices or what sort of malware you may be exposed to when using them. It’s also possible your browsing history could be available to other users of the computer — potentially giving a stranger access to your social media, email or other accounts. One way to avoid this is to use ‘privacy’ or ‘incognito’ mode on your browser. This disables browsing history and the storage of cookies, so future users of the computer will not be able to see what sites you have been visiting. Just make sure you close all your browser windows when you are finished using the computer.
Still, when using publicly shared computers, always keep in mind that any information you enter or access could be seen by a third party.
Bluetooth could leave you blue
Shut down that Bluetooth connection. If you have Bluetooth enabled on your device, other devices could connect to yours and potentially access personal information, such as user names, passwords and bank details.
Back it up
If you are taking a laptop or other device on holiday, make sure you have made back-ups of all your data, photos, music, etc, so that if you do lose your device on holiday (or it falls into the pool) you will be able to recover your data when you get home.
Protect your devices
Password-protect your devices. This is good advice for everyday life, but as your guard may be down in an unfamiliar place and you may be more vulnerable to being robbed, it is particularly important before you go on holiday to ensure your devices are all password-protected. At least, this way, if your devices are stolen, it will be more difficult for the thief to get any use out of them. Just make sure you choose good passwords.
Don’t tell everyone where you won’t be
Finally, be aware in general of the information you are sharing on social media. Letting everyone on your social network and much of the internet know your home is going to be empty for two weeks may not be the best idea, and could lead to you arriving home from your holiday to a nasty surprise.