Tips to avoid the cybersecurity blues during vacation

Amer Owaida, Security Writer at ESET explains that from securing your devices to avoiding public Wi-Fi hotspots for logging into apps we look at, are the measures you need to take to remain safe while this holiday season.

Summer vacations are slowly inching closer, a welcome respite from the COVID-19 pandemic that has been raging around the world for well over a year now. And with the downward trend in new infections, countries are slowly, but carefully, opening up to tourists who are looking for a little R&R after being stuck in the confines of their homes, working, studying, and, well… spending most of their waking hours between the same four walls. 

When traveling, whether domestically or abroad, there are several things to keep in mind so that you don’t fall victim to the various looming cyberthreats you might face while staying in a foreign country or the nearby Bed-and-Breakfast. 

Fake COVID-19 passports
With the pandemic showing signs of slowing down and vaccination rollouts gaining speed, travel and lockdown restrictions are being lifted and countries are carefully opening up to travelers. To minimize the risks some countries are also introducing COVID-19 certificates, which allows individuals who hold them to travel more freely. For example, the European Union introduced its EU Digital COVID certificate, which certifies that the holder has been vaccinated, has been tested negative, or has recovered from the disease. This hasn’t escaped the notice of cybercriminals, who have jumped at the opportunity to make a pretty penny by offering forged vaccination documents for sale.   

If you’ve been vaccinated, tested, or have recovered from the disease, only your national or regional health authority should be authorized to issue a certificate verifying the fact, and that’s where you should request it from. Most countries have issued information about the process of obtaining the documentation on health authority websites or directly on the websites of their health ministries. Searching for them elsewhere may lead you to malicious websites, which will be looking to phish for your credentials or may infest your devices with malware. And if you’re considering skirting the rules by purchasing a forgery, there’s a high probability you’ll get scammed out of your money and an even higher probability that it will land you in hot water with law enforcement agencies. 

Back up and patch your devices
One of the first things you should do before venturing on your adventure is to back up all your electronic devices that hold any form of personal or sensitive data. Accidents are prone to happen at any time and anywhere, and the chances of that happening might be slightly higher when enjoying your summer vacation. You might drop your phone in the pool or forget you have it in your pocket while taking a dip in the ocean, or you might misplace it, or it could even get stolen. So, in the event any of that happens, you have your bases covered and you have a backup to fall back on once you replace your device. 

For good measure it’s advisable to have multiple backups – you can have one in the cloud, while another could be safely secured on a hardware device. For tips on how to back up your iOS and Android devices, you can refer to our in-depth guide. And while you’re at it you should consider encrypting your data for an extra layer of security; this applies to both your backups and the data you already have on your devices since, if a device does get stolen, the crooks will have a hard time to make use of it. And last but not least, never, ever, forget to install the latest official updates on your devices since they regularly contain security patches that help keep your device and data protected. 

Secure your devices
Since we’ve already mentioned devices getting stolen or being misplaced, another thing you should never underestimate is securing your devices using built-in security measures, such as PINs, passwords, pattern locks, or biometric authentication measures. Many people often forgo setting up a lock for their devices for convenience’s sake of not having to keep locking and unlocking their smartphones. However, when setting up your lock, you shouldn’t do it half-heartedly and use a triangle-shaped pattern or a simple four-digit PIN. 

When setting up your phone lock, the optimal solution would be using a combination of a biometric feature, such as a fingerprint or face scan, and password; or better yet, a passphrase. The same applies to your laptops. And while you’re coming up with your new passwords, be sure to avoid common mistakes of password creation. And to add an extra layer of security to your sensitive accounts, you should always use two-factor authentication (2FA). 

Be wary of what you connect to
While you’re traveling, you’ll probably sample a smorgasbord of restaurants, cafes, and shops that will offer complementary Wi-Fi connections you can use to browse social media or communicate with loved ones back home. This may seem like a preferable option compared to burning through your data plan, especially, since your mobile network operator may charge exorbitant prices for the data you consume abroad. However, unsecured public Wi-Fi hotspots present a security risk that could lead to your devices being hacked, infested by malware, and your sensitive data being stolen. And if you’re forced to use a public hotspot, a good rule of thumb would be avoiding using any services that handle sensitive data (for example financial apps) or anything that requires login credentials. 

Fortunately, there are several ways to resolve your internet conundrum. One of the easiest ways is to obtain a SIM card with a data plan from a reputable local mobile network operator that you can use for your web surfing while abroad. Another is setting up a virtual private network (VPN) to use while you are connected to a public hotspot so that you can browse safely. If you’re not sure about which VPN to use, you can check out our article that looks at commonly used types of VPN networks. 

Use a reputable security solution
While this step should be a no-brainer, many people still underestimate the value of using security software when it comes to smartphones and tablets. However, it is important to remember that these devices are no longer “just phones”, but are personal computing devices that store a ton of sensitive data. Beyond storing personal data, smartphones and tablets are also used for paying bills via banking apps, or even groceries with various electronic wallets. The electronic wallet is especially something to keep in mind since many people don’t like hauling around their whole wallets and will resort to using their phone’s NFC payment features whenever possible. 

That’s why using reputable security software is a must, preferably a fully featured solution that protects your devices from getting infested by malware and protects your online payment transactions as well. 

Oversharing isn’t caring 
Showing off photos of magnificent views of the beach or mountains, or just sharing some brilliant meal; who hasn’t been guilty of a bit of oversharing during their holidays or trips abroad? However, that bit of oversharing of your favorite moments in real time, especially with the geolocation data added, can spell trouble if a bad actor is monitoring your frequented social media accounts. If you share enough information, they can deduce your whereabouts and use the change to either infiltrate your hotel room or take their sweet time while they leave no stone unturned cleaning out your home. 

For starters you should probably review your social media accounts, to find out who can see your posts and ensure that the posts are only seen by people who are meant to see them. The next step would be turning off your location, which can be done by either disabling your location services or disabling the “include location” option in your camera app: you really don’t need to broadcast the precise spot you are located all day, every day. In fact, reviewing which apps have permission to access your location settings would be wise as well. And to round it up, minimize your information sharing: don’t do it in real time, don’t provide any more information than is necessary, including anything that can hint at your location such as a restaurant’s name or location. 

Final thoughts
All of us probably need a vacation after this exhaustive, pandemic-flavored, insane year or more. However, we still need to keep our wits about us before we fall into a holiday-induced travel craze. To sum it up: before you leave to your beach or mountain refuge, you should get your special travel documents in order, back up, patch, and secure your devices, and be wary of oversharing your data or connecting to every dingy public Wi-Fi hotspot you might encounter when trying to connect with your loved ones. Enjoy the holidays and stay safe!