PRACTICE SAFE INTERNET WHILE TRAVELING Here are a few ways you can lower your risk for cyberattacks
“Never trust open Wi-Fi networks that require no passwords.” Michael Canavan, Kaspersky
Somewhere along the Kenya-Tanzania border, 8,000 miles and eight time zones from home, I got the news no traveler wants to hear: My email account had been compromised.
The evidence? One of those English-as-a-second-language messages in which I appeared to beg my friends to wire money overseas. It looked like someone had stolen my password.
Perfect timing, I thought, as my computer strained to download the rest of my emails over a faint wireless connection.
I’ve written about this topic several times and use a long list of precautions, so if it can happen to me, it can happen to anyone. Before you take that August vacation, let’s talk about the rules for practicing safe Internet — and where I went wrong.
Kaspersky Lab, a global cybersecurity company, says one in five travelers has been hit by cyber crime while traveling abroad. In other words, it’s open season on the jet set, particularly those who use open, public wireless networks.
“Never trust open Wi-Fi networks that require no passwords,” says Michael Canavan, a Kaspersky senior vice president.
I reviewed the places where I’d logged into an open network. At the airport in Orlando. In Dubai. At the InterContinental in Nairobi. Impossible to tell where it happened.
What’s wrong with an open network? It may be run by bad guys, according to David Balaban, an expert on ransomware.
“Hackers may set up fake WiFi spots masquerading as a genuine hotel network,” he says.
“They create duplicate Wi-Fi networks using the hotel’s branded online materials. They use stronger signals and so lure users to connect to them instead of the genuine hotel network.”
Another common error: hitting the road with obsolete operating systems or software. Emmanuel Schalit, the CEO of the password manager Dashlane, says securing a laptop or cellphone is easy.
“Before you go, make sure your devices are updated with the latest versions of your applications, anti-virus, anti-malware and other software updates,” he says. “To protect your devices while on vacation, secure all of your devices with a lengthy PIN number or strong password, and encrypt any data locally stored on those devices.” I’d done all of that, too. Ah, but did I use a Virtual Private Network (VPN), which encrypts your data through a server, to access the Internet?
I hadn’t, mostly because a VPN can make a slow Internet connec- tion even slower.
“Always use VPN while connected on any public Wi-Fi network,” scolds cyber-security expert Sanjay Deo. “This will encrypt your communications and help reduce chances of being hacked.”
In all fairness, once I spotted the apparent hack, I immediately fired up my Buffered.com VPN and used it for the rest of my time in Africa. A slow connection is better than a dangerous one.
Anything else? Yes, says Internet safety expert Darren Guccione. I need to set my smartphone so it self-erases after multiple incorrect log-ins. I need to activate anti-theft applications such as “find my phone” that allow you to lock the phone if it’s stolen. “So if your phone or tablet is stolen, you can track it, disable it and change all the passwords,” he says. Done, too. So what happened? This was no computer security breach at the hands of a careless traveler. It was a lesson in being discreet about your travel plans. I’d told a lot of people about my plans to visit Kenya, and one of them decided it would be the perfect time to scam my co-workers.
You want to scam a consumer advocate? Good luck with that.
WHAT NOT TO DO ON A TRIP Don’t post lots of geotagged photos or location up
dates on social media. They can reveal your current and future travel plans in sufficient detail to give criminals an opening.
The latest threat: virtual kidnappings, which are becoming more common in Latin America. When you go camping or to locations where you may be off the grid, cyber-stalkers contact your family, claiming you are their hostage. “They will demand immediately a sum of money, usually affordable and easily wired,” says Mark Deane, CEO of ETS Risk Management. Don’t browse unsecured. Only use “https” when you’re online, especially when you’re on the road. “It’s a more secure option set up by a website that knows security is essential,” says Robert Siciliano CEO of IDTheftSecurity.com. Look for https:// in the address bar, signifying it’s a secure page. Don’t leave your device unattended. Put your name on your device, in case someone returns it to lost and found.