December 17, 2015 By David Strom 3 min read

When you travel with your digital devices, you need to be aware that your data can be compromised, even if you aren’t going to a high-risk country. Keeping a high travel security profile means you have to be constantly vigilant and understand the places and circumstances where you will be most at risk.

Here are some specific strategies you can use to protect yourself no matter where in the world you are.

Travel Security Best Practices

Switch Your Laptop

Instead of bringing your usual work laptop, consider using a burner or stripped-down laptop that doesn’t have any user information on it, or possibly a Chromebook or some other device that has a limited attack surface. Other ideal options include some type of sterile device such as throwaway mobile phones, especially if you’re heading to high-risk locations.

If you must bring your laptop, limit the amount of corporate and personal, confidential information that will be on its hard drive. Clear your cookies and disable the auto-login features of your browser. Delete any software that isn’t going to be used for your trip. If you use a cloud-based file-sharing service, make sure that your connections are over SSL. You can even take this one step further by encrypting your files on the cloud service, too.

Don’t forget to bring a cable lock to physically secure the computer, as well. Better yet, don’t leave it alone in your hotel room at all. And don’t forget to disinfect any equipment when you return home.

Don’t Bring Your Phone

If you do bring your phone when traveling abroad, keep it turned off. Consider purchasing prepaid SIM cards or temporary phones when you arrive to the destination country. Your IT department should consider having a supply of travel-ready phones for this purpose. This will likely also save costs since many international cell plans are quite expensive, and local phone plans in many countries include free calls to the U.S.

Anticipate Your Authentication Woes

If you’ve enabled two-factor or multifactor authentication for your key application services, review what you have done. If these services send your phone a one-time password as a text message, you will have to make other arrangements since your phone won’t be operating on your home network when you travel. This happened to me when I went abroad, and I couldn’t log into my accounts without a lot of work.

Think About Security Before Reaching Your Destination

There are two aspects at play here: your network security and your surroundings. For the former, consider establishing programs such as full-disk encryption for your hard drive, using some form of mobile device management (MDM) software and using a virtual private network (VPN).

But it is also important that you remain aware of where you are and what you are discussing, either on the phone or in person. I almost never work on planes because they are so crowded that it’s easy for someone to snoop on what I have open on my screen (not to mention that with the shorter seat pitch, you barely have enough room to type). Yes, there are laptop filters that can limit the viewing angle of your screen, but your seatmate or person sitting behind you can still see something.

Don’t Use Any Wi-Fi Networks

Hotel Wi-Fi is probably not secure. If possible, avoid using any public network, including those at local Internet cafes. Limit your data connections to wired and trusted networks whenever possible. Don’t download anything to your laptop, even if it looks benign — it probably isn’t. If you need a connection, tether your laptop to your mobile phone and use the broadband phone data network.

Always Remain Alert

There are a few other measures you can take to keep your data, possessions and person secure. For example, don’t trust any USB thumb drives. Blindly using these devices is an easy way to get infected.

You should also pay careful attention to how and when you use a VPN. Some business users inadvertently download malware before they bring up their VPN software, which could compromise these networks.

Paranoia is key. Be aware of what you are doing at all times and you will be able to travel more securely.

More from Advanced Threats

GootBot – Gootloader’s new approach to post-exploitation

8 min read - IBM X-Force discovered a new variant of Gootloader — the "GootBot" implant — which facilitates stealthy lateral movement and makes detection and blocking of Gootloader campaigns more difficult within enterprise environments. X-Force observed these campaigns leveraging SEO poisoning, wagering on unsuspecting victims' search activity, which we analyze further in the blog. The Gootloader group’s introduction of their own custom bot into the late stages of their attack chain is an attempt to avoid detections when using off-the-shelf tools for C2…

Black Hat 2022 Sneak Peek: How to Build a Threat Hunting Program

4 min read - You may recall my previous blog post about how our X-Force veteran threat hunter Neil Wyler (a.k.a “Grifter”) discovered nation-state attackers exfiltrating unencrypted, personally identifiable information (PII) from a company’s network, unbeknownst to the security team. The post highlighted why threat hunting should be a baseline activity in any environment. Before you can embark on a threat hunting exercise, however, it’s important to understand how to build, implement and mature a repeatable, internal threat hunting program. What are the components…

Top-ranking banking trojan Ramnit out to steal payment card data

4 min read - Shopping online is an increasingly popular endeavor, and it has accelerated since the COVID-19 pandemic. Online sales during the 2021 holiday season rose nearly 9% to a record $204.5 billion. Mastercard says that shopping jumped 8.5% this year compared to 2020 and 61.4% compared to pre-pandemic levels. Cyber criminals are not missing this trend. The Ramnit Trojan, in particular, is out for a shopping spree that’s designed to take over people’s online accounts and steal their payment card data. IBM…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today