Thanksgiving is right around the corner, and you know what that means – lots of turkey and stuffing to look forward to, family reunions (and arguments) in full swing, and tons of travel. With remote work as the new normal, going on holiday doesn’t stop travelers from carrying their work devices with them. But not enough are exercising caution along the way. A recent survey of 1,000 respondents by Thales found that a surprising 25% of travelers are ‘not at all concerned’ about their cyber safety while on vacation, and the respite they get in November is unlikely to change that.
Cybercriminals can, and have, exploited this lax mindset to breach and infect, steal, or delete whatever they want. This doesn’t just threaten the targeted individual; a single breach of Jane from HR’s cellphone, or Mike from IT’s laptop, can put an entire organization at risk.
Fortunately, cybersecure travel is improving, and users can now turn to different applications to protect their data during travel. Companies can also install superior security controls on their employees’ hardware and by training their workforce about standard cybersecurity practices.
Whether for work or pleasure, for Thanksgiving or another holiday, all travelers should abide by five best practices to stay cyber-safe abroad.
1. Use Encryption and Multi-Factor Authentication
As cloud adoption and hybrid work become more prevalent, more data is in motion and vulnerable to attack as it transitions across unsecure networks. Thales Cloud Security Report 2023 found that, on average, only 45% of cloud data is encrypted, leaving 55% there for the taking. Worse, nearly a quarter of users don’t employ multi-factor authentication (MFA) for additional security and verification. So, it’s all too easy for criminals to hack a user’s phone and gain access to sensitive information.
Organizations must prioritize solutions that tackle the growing risks to data in motion, without compromising network performance or management simplicity. They can do so by turning to MFA and encryption, including data-in-motion encryption to ensure their data is secure across state lines and national borders. Ordinary travelers can install MFA on their phones to prevent easy access to their emails, bank accounts, and even the worst recesses of their photo albums.
2. Go Private and Manage Access
While traveling, employees sometimes need to access company resources in the cloud. Over 30% plan to use their work devices at least 2-3 times a week; more than half of those plan for daily use. In other words, they expose themselves to more threats over long stretches of time. It’s equivalent to wandering about in 18th-century England without a smallpox vaccine.
Companies can ensure that only authorized persons can view intellectual property by implementing access management policies that govern access to cloud apps based on various attributes such as geolocation, device type, and resource sensitivity. For personal devices, users can switch browsers to private mode so that their search history isn’t just up for grabs, especially when relying on public Wi-Fi. Now there are also several in-built and accessible apps that can notify if a compromise is detected on the device and block out unknown users from accounts and files until the authorized user grants permission.
3. Go Offline
Malicious actors can hide on public Wi-Fi networks and abuse Bluetooth-enabled devices to prey on travelers. But Thales’ survey finds that over 50% connect their work devices to unsecure public Wi-Fi, and 15% use it daily across all devices. Additionally, over 60% don’t use a VPN; one-third of them aren’t even sure what it is. Bluetooth users fare slightly better, with over 50% either turning theirs off daily or only switching on during use.
Unless necessary, it’s best to always disable Bluetooth while abroad, even if ‘abroad’ means your uncle’s home in Mexico. Travelers should also consider using a VPN when searching the web or have an enterprise VPN solution implemented by their company to access business systems. Disabling access to public Wi-Fi can prevent malicious hackers from breaching user devices.
4. Don’t Know? Don’t Click!
Lately, phishing emails have become a lot more sophisticated than a simple plea for funding from a Nigerian prince trapped in a foreign land. Now users are receiving dire warnings of account lockdowns, bank theft, or final notices from the IRS – anything to grab attention and let fear affect user decisions.
Travelers should be on alert for potential scams. Avoiding unfamiliar emails, texts, and websites seems like an obvious solution – and it is. If holiday mode means tuning out the digital noise, it also means ignoring and deleting the unknown content requiring clicks to ‘win a free gift!’ or ‘prevent your account from getting deleted.’ Keep it simple. If it’s not recognizable or something feels off, don’t click it.
5. Update your Software and Passwords Regularly
Attackers know that users don’t always update their devices on a regular basis. Only 14% reportedly make weekly or biweekly updates, and a whopping 33% only act after they get an alert. Over 25% either update their software 1-2 times a year or not at all. What’s worse, 23% don’t have antivirus installed on any device; 7% don’t even know what it is. As a result, hackers can develop code that exploits open weaknesses of the device’s attack surface.
Before traveling, users should make sure their software is up-to-date and change their passwords. For those that haven’t already, it’s high time they downloaded antivirus software. While work devices commonly have these installed, they often require manual prompts to make updates. This can be automated for those who want to set it and forget it. To them, we say: Enjoy your Thanksgiving break! Just be sure to check for software updates and scan your devices for malware upon return.
Stay Alert, Travel Safe
No one can be alert 100% of the time, and it’s not possible to actively prevent every single threat targeting travelers’ phones and laptops. But the few simple best practices of deploying and updating security software, being alert for any suspicious activity online, managing access and – when possible – going off-grid, are all tried-and-tested methods that the everyday holiday-goer can use to maintain effective cyber hygiene across their devices, no matter where they are.
Todd Moore is the Vice President of Data Security Products at Thales. In his role, he drives strategy for the company's data security portfolio that addresses existing and new customer needs. Todd is a respected cybersecurity professional, with over 28 years experience in helping organizations protect their most sensitive data.