Cybersecurity experts generally agree that about 20 percent of travelers are subject to cyber targeting when abroad. All agree that travel puts you at additional information security risk. While some countries are known to host far more serious and focused attacks, data and identity thieves operate across the globe. When you enter their backyard, you are a target of opportunity.
Your Value as a Target
- If you represent leading business, research, media, academic or governmental entities, there’s no doubt that you’re of interest to attackers.
- If the country you’re visiting is unfriendly to the United States, and/or if there is civil unrest, violence and crime, you’re a top target for cyber-attack, cybercrime, monitoring and surveillance.
- Even the average American tourist represents value to attackers. Their electronic devices are tools to mount attacks against others, and to increase their circles of stolen data and exploited networks.
- It may not only be the host country targeting you. Third-country criminals and governments often leverage the accessibility, deniability and reduced prosecution risk of having their target anywhere overseas.
Accessing the Internet
- Refrain from accessing sensitive data and networks when traveling.
- Limit remote access to your device. Disable Bluetooth and Wi-Fi. While all Bluetooth devices have some inherent vulnerabilities, the older versions are far more susceptible to hacking and eavesdropping.
- Use your smartphone to create a Wi-Fi “hotspot.” While suspect in some foreign countries, cellular service remains the safer alternative.
- Use a Virtual Private Network (VPN) to encrypt your data. While a VPN can slow your connection, it’s better than losing your data.
In recent years, the authorities and actions of border and immigration officials have increased both in the United States and overseas. To a far greater degree than any time before, electronic communication devices are subject to involuntary official governmental review and possible duplication of hard drive contents.
The U.S. Department of Homeland Security advised in 2008 that border agents are allowed to search through files on laptops, smartphones or other digital devices when you enter the country, even when there is no reasonable cause. They can keep data or the entire computer, copy what they want and share this data with other agencies, and force you to give the password if the data is encrypted. A good rule to follow is that a device out of your control during “secondary screening” should be assumed to have been exploited.
At the conclusion of your trip, it is best to turn over your devices to your corporate IT staff for their forensic inspection, wiping and operating system reloading.