On the road again

Limiting your digital risks while traveling

When travelling with digital devices, there are a number of precautions that you can take to protect your data, privacy, and devices.

Protect your data

Backup and encrypt

If you travel with data on your device(s), ensure that it is backed up completely to multiple safe locations before you leave. You should also encrypt all data on all your device(s) (smartphones, laptops, tablets, USB devices).

Use software

When available, use anti-virus and firewall software on your devices to prevent security attacks, and ensure that your operating system and applications are up-to-date.

Avoid external storage

Avoid using unknown USB drives, CDs, DVDs, or other media storage with your devices. These can harbour malicious software (malware).

 

Border concerns

To prevent potential problems when crossing borders, you may want to travel without any sensitive data. Border agents in some countries have been known to seize devices and duplicate the data on them. 

Secure access from your destination

You could use secure means to retrieve lock in shielddata off a secure shared network folder from your destination. However, this is not without risks and could be difficult if you are travelling someplace without reliable Internet access, or if you are going to a country where Virtual Private Network (VPN) use is blocked.

 

Protect your communications

Beware of unsecured Wi-Fi networks

Many public venues offer unsecured Wi-Fi. Never transmit sensitive information using one of these networks unless you take other steps to prevent digital snooping.

  • Ensure that the unsecured Wi-Fi network you are connecting to actually belongs to the purported provider, and is not being served by a suspicious third party. 
  • Use networks provided by hotels, coffee shops, etc. that are advertised in the venues. Some fake access points use similar names as legitimate ones, so don’t trust that the name of a Wi-Fi network honestly describes it. 
  • Even if the access point is legitimate, don’t use it for sensitive data without using a VPN to prevent snooping on your communications.
  • Turn off Wi-Fi, Bluetooth, and other communications features on your devices when you aren’t using those functions.

Who else is monitoring your communications?

Be aware that your network communications (e.g. webmail, web browsing, Skype) and/or your access to services like Wikipedia and Google Apps may be monitored by the government or other entities. 

No VPN? No secure network?

If you can’t use a VPN to protect your communications, avoid sending confidential information. You may even want to set up a disposable email account to use during your trip.

 

Protect your credentials

Passwords

strong armUse strong passwords on all your devices.

desktop screen and smart phoneUse different passwords on your devices from those you use on other accounts.

shuffleChange passwords for the duration of your travels and restore them upon your return.

 

Two-factor authentication

two-factor authenticationAt Waterloo, we are rolling out Two-factor authentication (2FA) using products from Duo. While you might be able to use this enhanced authentication on the road, you should investigate whether your 2FA method will work at your destination. For example, if it relies on text messages and you won’t have reliable cellular roaming, 2FA might not work for you. Also, export regulations may prohibit use in other countries. Duo 2FA can not be used in Cuba or North Korea, according to our contract, due to U.S. sanctions.

Password managers

If you use a password manager, check whether it will require additional authentication if you use it out of your normal geographical area.

Beware of public or shared computers

Public or shared computers may be insecure or contain malware that can capture passwords and communications. Signing into accounts on such a computer could be risky. Be cautious using these computers, and use them only to check weather or other public data.

 

Protect your devices

Limit devices you pack

  • Threats of industrial espionage and attempted data theft means we should limit the devices left in hotel rooms.
  • When possible, use work-provided phones and computers which can be wiped clean upon your return. 
  • You could buy a cheap burner cell phone to use only on that trip.

Find a missing device

  • Install software that will allow you to track a missing or stolen device, or to remotely wipe its memory and storage in the case that it becomes irretrievable.

Charging kiosks

  • Use a charging block rather than plugging it directly into a USB port at a charging kiosk. The charging cable can act as a data transfer cable, leaving your data vulnerable. 
  • You might buy charging-only USB cables that do not support the transfer of data from your phone.
 

References

Cyber security while travelling, https://travel.gc.ca/travelling/health-safety/cyber-safe

On-the-Go Wi-Fi Safety Infographic: 5 Online Security Tips for Smarter Travel, https://stopthinkconnect.org/resources/preview/on-the-go-wifi-safety-infographic