Mitigating cyber threats on the road

Rotation

The State of Alaska has long been a destination for folks seeking adventure, beautiful scenery, and elbow room. It is an amazing and truly wild place.  It is also home to many hearty souls who seek to get away from big city life and live a minimalistic life close to the earth as an integral part of their surroundings. There is a term for these people – ‘off-gridders’. No longer referred to as survivalists, their characterization stems from their desire to not only live a basic life but to also not lead a wired (or even wireless) life.

This descriptor suggests something we all know already: we all lead very public lives and we really have to work hard to find privacy. With our obsession (dependence?) with mobile technology and social media – and the urge to convey to the world our happenings and opinions – come all sorts of risk mainly because we are surrounded by threats lurking in our digital environment.

Maximizing the passenger experience (#PaxEx) is a major focus of the service airlines and airports provide to their paying customers, and developing interactive digital technology is a key medium to achieve that. So armed with your smart phones, tablets, and cool apps, and demanding access to free or low-cost Internet service with an insatiable desire to send and receive information, where does that leave the traveler in his or her risk profile?

Cyber risks come in many flavors and come toward us from many vectors. They can be criminal in nature, or state-sponsored intelligence operations, or just some ‘script-kiddie’ (young aspiring hacker with limited proficiency) looking to build his hacker bona-fides. They can pose a threat whether we are traveling or not. They are too numerous and complex to adequately cover in this short article. However there is one universal truth about cyber threats: there are no geography boundaries or proximity limitations, just technological constraints. The mere fact that we choose to live our lives “on the grid” with a wired life makes us vulnerable to global cyber do-badders.

So how do we mitigate those threats – or threat conditions – that uniquely occur while traveling, and what can the traveler do to mitigate those vulnerabilities and travel securely? Here are some things to consider before and during your trip:

  • Research! Before stepping on that plane, know the cyber environment in which you are about to enter. Are you a business person with an arm full of intellectual property, or simply a vacationer? Are you going to a country where you need a visa, in which case they know you are coming and why? What does the State Department and Interpol say about cyber-crime in your destination country? It may determine if you really want to bring your cell phone with you, and whether you consider setting up a free Google, Outlook, or Yahoo email account for use during that trip…and that trip only.
  • Free Wi-Fi has a Cost. That free Wi-Fi hotspot in that trendy coffee bar or airport lounge may give that quick, cheap fix for your Internet addiction but keep in mind that you are surfing in a digital equivalent that is as clean as an airport public restroom. Isn’t that lovely! It’s used by many folks who you don’t know.
  • You are on “Their” Network. When in a foreign country and operating a powered personal electronic device, any communications you do – even encrypted – is conducted on the infrastructure of that country, and some countries do not care about protecting your privacy. You might consider minimizing your ride in their digital highway. Of course there will be times when you must use their host networks, and that’s a risk you must accept. Just don’t make it easy for them.
  • Mobile Banking:  See above. Why risk it? Encryption or no encryption, cyber-thieves are very, very good and are targeting financial services firms worldwide. So regardless of where you are on the globe, plan your financial requirements ahead and avoid doing any financial transactions on your phone or device if you can help it.
  • Smart Phones are often Only as Smart as the User. In that same line of thinking as a temporary email account, you might consider using a pay-as-you-go or travel rental phone. These can be a bit pricey. Again, smart phones are not as smart as we like to think when it comes to web application security and a well-crafted, socially engineered exploit such as a watering hole attack or other drive-by exploit may expose your digital world wide open. Are all those apps, tweets, and posts really that important? I think it might be worth a look and your own personal cost-benefit analysis.

Very smart people have made cyberspace a wonderful place. Can you image life B.D. (before digital)? Unfortunately some equally smart and ill-intentioned operators have used this global environment for wicked purposes. There methodologies have evolved in lock step with the advances in technology and human digital dependence. They are good and there are no geographical limitations. You need to be better in order to travel securely. #PaxEx #TravSec

About the Author, Rick Charles (@TravelSecurely)

Travel security writer RC is a lifelong airplane geek. He is an international travel risk manager for a global aviation organization based in Washington, DC. He has served in various security, aviation, and risk management roles for close to 25 years. He is a Stanford University/IATA Certified Aviation Management Professional, and an aviation subject matter expert on the Supply Chain and Transportation Security Council of ASIS International, the world’s foremost association for security professionals.