Cybersecurity in 2020, Roadwarrior Edition

January 22, 2020 | rjmcgarvey | InfoSec, Tech, Travel, Uncategorized


By Robert McGarvey

Now is the time to take stock of our defenses and I’m not talking about pickpockets and hotel safe thieves. What I mean is guarding against cybercriminals who, unfortunately, prey on business travelers particularly – everywhere from coffee shops to airports to hotels, even whole foreign countries.

A few steps will keep your data safe on the road and it is vastly more valuable than the devices themselves. At least in my case where I usually travel with a five yearold Chromebook, somtimes an iPad Air 2 , neither having much value. The Pixel 3 XL phone has a little value but not much. A suggestion: always travel with disposable tech gear that you won’t miss.

It’s the data that I am concerned about because a criminal could feast on my financial accounts and maybe find a way to monetize data gleaned from emails and documents, many thousands of both on my devices.

Here are my steps towards safe travels.

Countries That Spy on You

Whole countries? You bet.  Visit China and you will hear that the “Great Firewall” means you cannot access Gmail and lots of other websites. You will also hear that, psst, use a VPN – only certain vendors pass muster and the list is a changing target – and you will be able to surf to Gmail, Facebook, you name it.

But you have to wonder: is the Chinese government monitoring that VPN traffic and do they have keys that decode it?

Know too that high level security consultants – with clients inside the Beltway and on the highest floors of Fortune 100 office towers – urge their clients to bring a clean computer and a clean phone, no business data on either, and to never access sensitive information while in China because your devices will be copied on your travels.

Not might be. Will be.

Maybe not the gear of Bob Schub, average citizen, but if there is a reason to think you might have interesting info on your computer or phone know it will be copied.

Do not bring your every day business computers or phones to China. Don’t.

China is not alone. Here’s a map of the world with nations that heavily monitor Internet traffic highlighted. There are places you might not go – Saudi Arabia – and there are places you might go that monitor at least some traffic (Russia, Turkey).  Know before you go and, when in doubt, use clean devices when traveling overseas.

Password Protect Your Phone

At least once a month a friend or neighbor asks me, what do I do, I was traveling and I lost my phone?

Sometimes they say it was stolen.

It doesn’t matter.  You probably will never see it again.

Know this happens, take steps now to protect yourself.

Set up Find My Device (Android) or Find My iPhone in Settings.  Now. When you lose a device it may help you find it and – crucially – it may let you wipe the device which means erasing all personal data.

Also, lock the phone, with a PIN or biometric, in Security (Android) or TouchID and Passcode (Apple).  That simple step will keep most criminals away from your data and, in most cases, they only want the phone hardware anyway.

The data is more valuable than the hardware but most criminals are grab and run small change crooks and that’s the good news.

Just take the two simple steps above and, yes, you can cry about losing a $1000 piece of hardware but at least your data and bank accounts will stay safe and that is what matters.

Never Use a Public Phone Recharging Station

You see them in airports, also at meeting venues. Don’t use them.  They are a fast track to getting hacked. It’s tempting. Your phone is beeping for juice.  Just let it die. Or always carry a plug when on the road, as I do. Often there are two in my bag.  They do get forgotten in hotels, a spare is a good idea.

Don’t Use Public WiFi

Never, don’t.  That means no public WiFi at airports, coffee shops, and definitely not hotels.

You say you are protected because you use a VPN.  Good luck with that (read about China above). Know that there are known vulnerabilities in consumer facing VPNs and there also are vulnerabilities with enterprise grade VPNs.

Personally I sometimes use Google’s VPN on a Google Fi phone when accessing the Internet but generally I am reading the news or checking a website and if that traffic is hijacked, so be it.

My preference is to create a cellphone hotspot and access the Internet via cellular data networks. A few clicks in setting and you are in business.

You really think public WiFi is faster and of course it usually is cheaper? There is one safe way to use public WiFi – read the next step.

Use a Secure Cloud Based Browser

When on the road and accessing sensitive data via public WiFi, I use Silo, a remote browser that processes all data remotely, in the cloud. (Here’s a paper on the technicalities.) It then transmits an encrypted display of the data to you so you “see” the web page but any computing functions have occurred in the cloud, at a remove from your computer.

There are other remote browsers.

Whichever you use, know that when you look at a page with toxic code, no prob, the bad stuff happens in the cloud. Not on your computer.

And eavesdroppers – who often listen in on public WiFi sessions – will only see an encrypted data steam that won’t mean a thing to them.

That’s five steps. Take them and there’s no guarantee of data security on the road. But you can know you are taking steps to secure your phone, your computer, your Internet traffic. And that puts you in a safer place than 99% of travelers

Leave a Reply

Your email address will not be published. Required fields are marked *