ITSPmagazine coverage, podcasts, webcasts, articles, and all our happenings during RSA Conference 2019 will be made possible by the generosity of our sponsors. We are ever so grateful for your support.
Have a story to share and want to join us for the journey? We invite you to discover the benefit of the full coverage sponsorship and let us know if you are interested in joining us for our adventures. We look forward to another exciting conference.
When I was first asked to write this piece for ITSPmagazine, admittedly there was some reluctance. It’s one of those “don’t leak information” type scenarios. As former Intel Chairman and CEO Andrew Grove famously said, “Only the paranoid survive.” He even has a book on the topic. And if you care about your data, security and privacy while on the road, well then a little bit of paranoia may not be a bad thing.
By the way, you ain’t living until you’re in some far off place and the fonts on your phone suddenly change. It’s nice to have someone watching over you, right?
Most of us have sort of missed the point that we carry our lives in our pocket. Gain access to that device and you have a treasure trove of contacts, calendar appointments, access to your email/cloud services, pictures, where you’ve been, where you’re going, and in some cases even if you’ve been naughty or nice. What is perhaps even more shocking to me—apart from holding so much information in your pocket—is that people don’t seem to care. As I mentioned a couple years ago, we have unfortunately normalized theft.
With that said, I also believe that some of us are fed up, particularly those who have realized that they are no longer the consumer but are the product for big tech’s big data munch-a-thon. There are some people who still value security and privacy. That’s why I’d like to give you a very quick and basic list about what you can do to protect yourself while on the road. Note: by no means is this list exhaustive or complete.
Some Easy Dos, Don’ts, and Think About It for Your Data While Traveling
1) Turn Off all Unused Radios on Your Device While not in Use
You should be doing this regardless, but if you’re not actively using your Wi-Fi, Bluetooth, GPS, NFC or any other connection point, make sure they’re set to “off”. Not only will your battery thank you, but you’ll stop blasting out the unique beacon signal that your device has to every willing tower, router and scanner that’s ready to scoop it up.
Yes, you give up some convenience, but let’s get serious for a moment: the average user taps their phone a few thousand times per day, so a couple extra taps to turn something on or off won’t kill you. If that’s your major hold up, create a shortcut key if one doesn’t already exist.
2) Never Use Public Networks Unless It Is an Emergency
You’ve heard the phrase “There’s no such thing as a free lunch” right? Well…
Sure, personal hotspots come at a cost and you may have performance issues depending on location, but if you care about your security and privacy, never use a network connection that isn’t yours. Emergencies—real ones—should be your only exception, but you must be cognizant that your vulnerability increases when you do this.
3) Use Power Banks, not Charging Stations
Seriously, you think that charging station is only charging? The way the world is going, there’s probably some labyrinthine terms and conditions attached to that charging station you’re using.
Never plug into USB ports you don’t know. Use an AC adapter. And yes, if somebody wants your stuff bad enough, they’ll go full James Bond and get all your data even through an AC adapter or some emission off your device. Most of us don’t have the ability or means to set up and employ TEMPEST Level I security (happy hunting) but c’mon, don’t become the data commodity version of low-hanging fruit.
4) Don’t Use Your Primary Device or Primary Accounts
Yes, you’re giving up convenience and increasing cost here, but if your priorities are security and privacy, that’s the price of admission. Dan Geer, CIO of In-Q-Tel, who does not use a cell phone, sums it up best: "Convenience, freedom, security – choose two." I personally prefer the last two.
When traveling to certain parts of the world, sometimes your only option should be a cheap device that you’re ready to throw away after you’re done with it for that trip. If you can (and it’s legal), consider using local services instead of your roaming services. And seriously, don’t use your primary accounts. There are these things called forwarders for phone numbers and email. They work great.
5) Segregate Data and Device
Losing a device or having it stolen is never fun, but losing the data probably will cost you more these days. External flash memory is cheap. Take only the data you need while traveling and wherever possible, encrypt the data, either through software or hardware.
Hardware-only encryption devices are probably handier if you need to use multiple devices, but they are also costlier. Here’s a great website that shows you the encryption laws of different countries (excellent filter tool).
6) Special Circumstances: Use Faraday Bags
I don’t suggest this option unless absolutely necessary. You will draw unnecessary and unwanted attention to yourself. Check local laws, too.
7) Assume Everything on You Will Be Lost or Stolen
This is more mental preparation than anything, but it’s also necessary. If you go into a situation prepared for the fact that you could lose everything on you, you’ll prepare accordingly.
You start thinking about the essentials and you strip down to take only what you need. Note: make sure you have all your necessary cables and adapters. You can’t even trust HDMI cables today, as some come with some sort of unwanted computer in them (I speak from experience).
8) Be Ready to Go Low-Tech and Be Disconnected from the World
This is more mental preparation, but perhaps the most important point on this condensed list (along with the previous one). If you’re not carrying pen, pencil and a pad of paper with you, you’re in trouble. You have a world of information at your fingertips…until that device goes kersplat. “Digital amnesia” is real and the figures are outright scary.
If you have problems remembering phone numbers, email addresses or other similar critical information, make sure you have those items written down and guard them as you’d guard your passport.
9) Bonus Tip: Bring Cash
Cash is king. If we ever go to a purely cashless society, we’re toast. Make sure you’re carrying some local coin and some of the world’s major currencies. By the way, how’s that cryptocurrency thing working out for those who are locked out of their accounts because the person who has the passwords has died? Ah, it’s nothing. Just $190 million. What’s a few hundred million when we’re talking trillions these days, anyway?
As mentioned, this list is by no means exhaustive. Much of what you’ll do depends on two things: your line of work and your personal views on security and privacy. I’ll concede this: some people just don’t care — and you can’t change that (apologies as I invoke some Forrest Gump).
Until We Figure It Out: Limit Your Data Leakage and Vulnerability Points
Whatever your work and views are, your subsequent behavior is a function of two things: your cybersecurity education and your situational awareness.
Ultimately, it’s your choice. My only commentary here is this: the world hasn’t figured out how to deal with big data. It’s one big mess. Expectations between cultures, and even generations within cultures, vary greatly. We’ve blurred the lines between consumer/product where few know who is who. There is a concentration of power limited to a small group of corporate behemoths, some more powerful than most nation states. And around the corner, we have AI—specifically deep-learning—that is going to be crunching all these data points to figure out what you’re going to do next. Is that help or manipulation? Feel free to discuss.
If you care about your data, until we figure out these big questions, consider limiting the amount of data you spread into the world. You’ll never know where it will end up. And you’ll certainly never know how it could come back at you in the future.
About George Platsis
George Platsis works the private, public and non-profit sectors to address their strategic, operational and training needs, focusing on projects related to business development, risk/crisis management, resilience, cyber and information security, and cultural relations.