When you travel with your digital devices, you need to be aware that your data can be compromised, even if you aren’t going to a high-risk country. Keeping a high travel security profile means you have to be constantly vigilant and understand the places and circumstances where you will be most at risk.

Here are some specific strategies you can use to protect yourself no matter where in the world you are.

Travel Security Best Practices

Switch Your Laptop

Instead of bringing your usual work laptop, consider using a burner or stripped-down laptop that doesn’t have any user information on it, or possibly a Chromebook or some other device that has a limited attack surface. Other ideal options include some type of sterile device such as throwaway mobile phones, especially if you’re heading to high-risk locations.

If you must bring your laptop, limit the amount of corporate and personal, confidential information that will be on its hard drive. Clear your cookies and disable the auto-login features of your browser. Delete any software that isn’t going to be used for your trip. If you use a cloud-based file-sharing service, make sure that your connections are over SSL. You can even take this one step further by encrypting your files on the cloud service, too.

Don’t forget to bring a cable lock to physically secure the computer, as well. Better yet, don’t leave it alone in your hotel room at all. And don’t forget to disinfect any equipment when you return home.

Don’t Bring Your Phone

If you do bring your phone when traveling abroad, keep it turned off. Consider purchasing prepaid SIM cards or temporary phones when you arrive to the destination country. Your IT department should consider having a supply of travel-ready phones for this purpose. This will likely also save costs since many international cell plans are quite expensive, and local phone plans in many countries include free calls to the U.S.

Anticipate Your Authentication Woes

If you’ve enabled two-factor or multifactor authentication for your key application services, review what you have done. If these services send your phone a one-time password as a text message, you will have to make other arrangements since your phone won’t be operating on your home network when you travel. This happened to me when I went abroad, and I couldn’t log into my accounts without a lot of work.

Think About Security Before Reaching Your Destination

There are two aspects at play here: your network security and your surroundings. For the former, consider establishing programs such as full-disk encryption for your hard drive, using some form of mobile device management (MDM) software and using a virtual private network (VPN).

But it is also important that you remain aware of where you are and what you are discussing, either on the phone or in person. I almost never work on planes because they are so crowded that it’s easy for someone to snoop on what I have open on my screen (not to mention that with the shorter seat pitch, you barely have enough room to type). Yes, there are laptop filters that can limit the viewing angle of your screen, but your seatmate or person sitting behind you can still see something.

Don’t Use Any Wi-Fi Networks

Hotel Wi-Fi is probably not secure. If possible, avoid using any public network, including those at local Internet cafes. Limit your data connections to wired and trusted networks whenever possible. Don’t download anything to your laptop, even if it looks benign — it probably isn’t. If you need a connection, tether your laptop to your mobile phone and use the broadband phone data network.

Always Remain Alert

There are a few other measures you can take to keep your data, possessions and person secure. For example, don’t trust any USB thumb drives. Blindly using these devices is an easy way to get infected.

You should also pay careful attention to how and when you use a VPN. Some business users inadvertently download malware before they bring up their VPN software, which could compromise these networks.

Paranoia is key. Be aware of what you are doing at all times and you will be able to travel more securely.

More from Advanced Threats

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

4 min read

Top-Ranking Banking Trojan Ramnit Out to Steal Payment Card Data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

4 min read

Detections That Can Help You Identify Ransomware

12 min read - One of the benefits of being part of a global research-driven incident response firm like X-Force Incidence Response (IR) is that the team has the ability to take a step back and analyze incidents, identifying trends and commonalities that span geographies, industries and affiliations. Leveraging that access and knowledge against the ransomware threat has revealed tools, techniques and procedures that can often be detected through the default Windows event logs (WELs). In particular, the X-Force IR team has identified several…

12 min read

How to Report Scam Calls and Phishing Attacks

5 min read - With incidents such as the Colonial Pipeline infection and the Kaseya supply chain attack making so many headlines these days, it can be easy to forget that malicious actors are still preying on individual users. They're not using ransomware to do that so much anymore, though. Not since the rise of big game hunting, anyway. This term marks ransomware actors' shift away from attacks against individual users and towards operations targeting large enterprises, noted CNBC. But attacks like phishing and…

5 min read