Light Dark
May 24, 2022 By Faith Opiyo 10 min read
Risk Management
Identity & Access
Incident Response
Security Services

The beauty of having different climates around the world is that there is always somewhere we can travel for leisure all year round. These are times when we tend to relax and let our guard down. The reality, though, is that cyber crime knows no vacation. Attackers are relentless and are always on the lookout for the easiest path to their next prey. That makes us, vacationers, an attractive target. Part of good cybersecurity training involves telling your employees how to protect themselves outside of the office.

Attackers are looking to steal your data or money, wreak havoc or use you to get intellectual property from your work. With the rising rates of cyberattacks and the impact having progressed to include loss of life, we all have a part to play in the fight against cyber crime. Ensuring that we always perform our due diligence and not fall victim to preventable attacks is a step in the right direction.

This article uses the seven stages of an attacker’s kill chain to outline handy tips for securing your trip away from home.

Cybersecurity training for abroad: Let’s get packing

The first part of cybersecurity training for vacation is to know some things before you go. Everything starts with proper preparation. While you plan your itinerary and pack your bags, attackers are also at work. They lurk around performing reconnaissance activities. Their aim is to gather as much information about you as possible. Securing yourself and your data before you leave makes their work harder.

  • Use secure passwords, proper password safety and multi-factor authentication (MFA). According to Verizon’s 2021 Data Breach Investigations Report, 61% of breaches are due to improper credential management. This includes using the same passwords across accounts. To protect yourself, use strong unique passwords coupled with MFA. The passwords should safely be stored in a password manager. The use of unique passwords reduces the impact should one of the websites get compromised. Enabling two or more ways of authenticating to the same website further lowers the risk because the attacker will need to know the other factors too to successfully authenticate.
  • Consider using temporary travel accounts. As an optional measure, it is wise to create a separate throw-away account that you use for anything travel-related. You can then use this throw-away account to register for things related to that trip and later close the account when you get back home. That way, should your account get compromised during your travels, the impact is minimal. Keep in mind that not every website or application requires your real personal information to function.
  • Prefer credit cards to debit cards. When making online purchases, consider using a credit card instead of a debit card. Unlike debit cards, credit cards provide protection against fraud. If an attacker uses money from your debit card, they are making an immediate withdrawal from your own account. This makes it difficult to trace or get back. With credit cards, they are spending your credit card issuer’s money, which is easier to track and manage in case of fraudulent activities.
  • Leave your data at home. Consider the number of electronic devices or documents that you carry on your trip. Do you need the extra gadgets? Take only what you need with you and leave the rest at home. This reduces the attack surface and makes it easier for you to keep track of your devices while on the road.
  • Keep up with software updates. By keeping up with vendor software updates, you close an attack vector, making it harder for the attacker to succeed. Use reputable application stores or sites to download the software. Ensure that all your gadgets are up to date before hitting the road.
  • Review app permissions. Give applications the least required permissions for the task they are to perform. That way, should attackers gain access via an application, they do not have extra privileges to cause too much havoc.
  • Disable automatic connections. The auto-connect feature allows your gadgets to connect to nearby devices without intervention. This is not ideal when you are on the road, as the Wi-Fi and Bluetooth networks are untrusted and insecure. Disable the auto-connect feature to avoid connecting to rogue devices. Turn Wi-Fi and Bluetooth networks off when not in use.
  • Protect yourself from prying eyes. Get yourself a privacy screen for your phone and computer. This protects you from shoulder surf attacks by a curious onlooker who tries to spy on what you are doing when you are out in public.
  • Set up and test virtual private network (VPN) connectivity. While on the road, avoid accessing sensitive information over insecure public networks. A VPN builds a secure and private tunnel over untrusted public networks. You can then visit sensitive websites and connect to work or even to your home resources. Test and verify that the VPN network is working and that you have access before traveling.
Plan for what is difficult while it is easy, do what is great while it is small. – Sun Tzu, The Art of War

What if something goes wrong?

During the preparation phase also think of your disaster recovery and contingency plan. Remember, you will be on the road and will not have the convenience of your home. Good cybersecurity training should include a checklist of questions to ask. What would happen if you lost your phone or it got stolen and you use it for MFA or password management? Will you still be able to connect to your online accounts? Would you still be able to make payments? Do you have an emergency contact so that you are not stranded in a foreign country?

  • Back up and test your data. Having backups of your data in accessible places allows you to get back in operational mode should anything happen to your device. This is the best way to reduce the impact of a cyberattack. Most gadgets give you several backup options. You never know when it will come in handy, so back up frequently.
  • Enable the remote delete option. Find out how to locate or wipe your phone in case of loss or theft.
  • Make prior arrangements to access funds. To prevent fraud, some banks need you to inform them to enable worldwide payment options when you travel outside your home region. As a result, your card may be automatically declined when used outside your geographic region. This could leave you stranded if you are dependent on that account. There are also some credit card networks, such as American Express, that are not readily accepted in some geographical regions. Make prior arrangements to ensure that you can use the card in those locations or have a backup in case it fails.
  • Enable card charge notifications. Knowledge is power. You want to know when someone makes an unauthorized payment from your account so that you can act accordingly or report it immediately.

Off you go

You are all packed, ready to hit the road and start your adventure. Remember your cybersecurity training, keep your cyber defenses up and teach your family and friends to do the same. Your defenses are only as strong as your weakest link. Remember that information gathering can happen at any time within your journey. Make secure practices a habit. This ensures that you don’t easily fall for attacker bait or leave breadcrumbs that an attacker can leverage against you.

  • Make a sweep for hidden cameras. When you first check into your hotel room or rental apartment, be on the lookout for unsolicited cameras. It might be easier to do this at night. A quick way to do this is by turning off the lights and using your phone’s camera to scan the room for sources of infrared light.
  • Use the safe in the room. Don’t leave your valuable items lying around in the room. Lock them up in a secure safe if you have access to one.
  • Be watchful when making payments. Request that the terminal be brought to you or walk over to it instead of handing over your card. Should that not be possible, keep the card in sight and pay close attention to the payment process.
  • Beware of onlookers and shoulder surfers. The only person who should know your PIN or password is you. Keep it that way. When keying in your PIN or password, ensure that the information remains private. You can use your hand as a cover.
  • Protect your identity. Provide the least required information to achieve the task, nothing more. Don’t be afraid to ask what the information requested will be used for. Is it necessary to provide a scan of your passport or credit card? Do they really need to write down your credit card number, expiry date and security code (CVV number) after making a successful payment?
  • Protect your digital footprint. Avoid oversharing personal information. This can be your location data, passport details, tickets, vaccination QR codes or anything that can be used against you. Should you choose to share, make sure that private information is scraped. With location-based data, consider sharing after you’ve returned home instead of during your journey. This protects you from being easily located by those with malicious intent.

How attackers get information

Cautious as you may be, a security incident could still happen. The attackers plan how they can use the information they gathered to strike their target. This is the weaponization phase. You do not have visibility into what is happening during this phase. An attacker could craft a phishing email, create a website that mimics a legitimate one or develop a malicious payload to send to the target.

Cybersecurity training for abroad: Keeping devices out of trouble

Attackers need means to deliver a malicious payload to the victim. A very common way of doing this is via phishing. This is when the attacker sends a luring email with an attachment or link to the target. There are other means of malware delivery such as a drive-by download or leaving gadgets lying around for the target to pick up. With a drive-by download, the victim gets infected by simply visiting a malicious site during normal web browsing. You can hinder an attack at the delivery phase by practicing cyber awareness. Be careful where you connect your personal devices, which networks and websites you access and what you download.

  • Avoid using shared electronic devices or untrusted accessories. Shared computers and accessories may already carry malicious software or might be set to log your keystrokes. Avoid connecting your devices to shared computers or cables. If you must use a shared computer during your travels, make use of safe browsing habits. Use an incognito (private) browser, do not log in to sites with private information and do not save or use ‘Remember Me’ options when visiting sites. Ensure that you log out and clear browser history and cookies upon completing your browsing session.
  • Avoid free public Wi-Fi. Remember that public Wi-Fi is at the end of the day public. Be cautious. Ask for the correct name and connect only to known and secured Wi-Fi networks. Do not access sensitive information over public Wi-Fi. If you must access sensitive data, make sure it is over a secure VPN network.
  • Keep track of all your electronic devices. Do not leave them unsupervised even while charging.
  • Stop and think before you click. Analyze links and attachments in emails, social media sites or other sources before accessing them. When in doubt, do not click. Instead, go directly to the trusted company’s webpage. Remember, if it’s too good to be true, it probably is.

Once malware gets onto the target system, it normally attempts to exploit a vulnerability to install itself. Keeping up with system and software updates hinders successful exploitation. There is a huge ‘but’ here. When you are on the road, you want to hold off on the updates. Do not install updates from just anywhere, as they may be malicious updates. If you really need to, use your phone network instead of the public Wi-Fi network.

If the exploitation phase is successful, the attacker transitions to the installation phase. Here, a malicious payload backdoor is installed on the device. This is usually accompanied by some form of persistence to give an attacker access to the device for command and control. Once the intruder can control the device, it’s normally game over. The attacker can now move on to the last phase. The end goal may be to steal, destroy or corrupt your data. You may notice successful attacks in these four phases if you carefully and frequently study your device.

  • Verify installed applications. Make it a habit to frequently check what applications you have on your device and look for oddities.
  • Go through outgoing communications. Check to see what emails have been sent from your device or your call log. Also, keep tabs on what payments are being made from your card.
  • Take note of suspicious behaviors. How is your device behaving in general? Is it crashing or is the battery dying quickly? Are you seeing strange activity like the mouse moving automatically? Are there some weird and unexpected network connections to or from your device? Whereas these symptoms do not automatically mean your device is infected, it is wise to investigate the root cause of the issues.

Should you fall victim to a successful attack, it is not the end of the world. Keep calm and do not panic. This happens even to the best of us, so don’t beat yourself up about it. Instead, act quickly and learn from your experience.

  • Assess risk. What is at stake? What might have been stolen? Is there something that can be done now? Perform a proper damage assessment and act accordingly.
  • Report right away. Taking timely action will help reduce the impact. Notify your bank if your card or banking information has been compromised. That way, they can block outgoing transactions in good time. Notify the authorities and those around you in case of identity theft.
  • Change credentials right away. When in doubt, the right action is always to change your credentials.

Cybersecurity training for after vacation

The holiday has finally come to an end, and it’s time to head back home. But let’s not leave a part of you behind.

  • Clean up after yourself. You do not want to leave valuable information or data behind only to be found by an attacker. If you had a rental car, make sure to remove any data that you had synced with the car before giving it back. Shred valuable printed material or take it with you instead of simply throwing it in the wastebasket. You don’t want an attacker to go shopping for your information at your expense.

You made it home, safe and sound. Before you get back to your normal daily routine, put things back in good order.

  • Disable unnecessary card settings. You no longer need to allow for worldwide payments. Put your card settings back to allow for local payments only. This reduces the attack surface and the risk of fraudulent payments being made from unexpected locations.
  • Purge unnecessary apps. Make it a habit to review your installed applications and remove what you do not need. If you installed applications for a specific location and do not need them anymore, uninstall them.
  • Review financial statements. Check your financial statement and review the payments made. If there are any payments that you are not sure about, do not hesitate to contact your bank.
  • Update your passwords and PINs. Consider the credentials that you used during your travels compromised. Change them. Rotating the bank card is also a valid option if you believe it was compromised.
  • Update your software and applications. Now that you are home and in a secure network, make sure that your applications and system software are up to date.

The fight against cyber threats knows no vacation, so cybersecurity training can’t either. It’s an all-year affair that requires you to level up, remain vigilant and stay alert. The good news is that there is a lot that you can do to avoid falling victim or simply make it harder for attackers to succeed. Have fun, but don’t let your guard down.

 |  |  |  | 
Faith Opiyo
Threat Hunter

More from Risk Management
April 17, 2024

What should Security Operations teams take away from the IBM X-Force 2024 Threat Intelligence Index?

3 min read - The IBM X-Force 2024 Threat Intelligence Index has been released. The headlines are in and among them are the fact that a global identity crisis is emerging. X-Force noted a 71% increase year-to-year in attacks using valid credentials.In this blog post, I’ll explore three cybersecurity recommendations from the Threat Intelligence Index, and define a checklist your Security Operations Center (SOC) should consider as you help your organization manage identity risk.The report identified six action items:Remove identity silosReduce the risk of…

April 16, 2024

Obtaining security clearance: Hurdles and requirements

3 min read - As security moves closer to the top of the operational priority list for private and public organizations, needing to obtain a security clearance for jobs is more commonplace. Security clearance is a prerequisite for a wide range of roles, especially those related to national security and defense.Obtaining that clearance, however, is far from simple. The process often involves scrutinizing one’s background, financial history and even personal character. Let’s briefly explore some of the hurdles, expectations and requirements of obtaining a…

April 11, 2024

Ransomware payouts hit all-time high, but that’s not the whole story

3 min read - Ransomware payments hit an all-time high of $1.1 billion in 2023, following a steep drop in total payouts in 2022. Some factors that may have contributed to the decline in 2022 were the Ukraine conflict, fewer victims paying ransoms and cyber group takedowns by legal authorities.In 2023, however, ransomware payouts came roaring back to set a new all-time record. During 2023, nefarious actors targeted high-profile institutions and critical infrastructure, including hospitals, schools and government agencies.Still, it’s not all roses for…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature