Government agencies, journalists, and businesses trading in some parts of the world may find themselves at greater risk of being spied upon than others.
You only have to keep a vague eye on the security headlines to recognise that organisations have had information stolen from them, or their computers compromised, when their staff have visited countries such as Russia and China.
So, what should you be doing to protect yourself better digitally if you’re travelling to a high-risk country?
Here are some tips which may help prevent hackers from accessing sensitive government information, corporate trade secrets, journalist contacts, and… of course… passwords which could open up a wealth of further information.
Do you need to go there in the first place?
The first question to ask yourself is this: is your journey really necessary? Not only can a long-haul trip overseas trip have an impact on your body clock and carbon footprint, but it’s increasingly argued that face-to-face meetings are less necessary due to advances in teleconferencing and online meeting services.
To be fair, I think that a video conference call is never quite as good as meeting someone in real life, forming a good relationship over a business dinner, etc… but that doesn’t mean that it should always be necessary to have a meeting in person.
Okay, you’re going on the trip. What will you bring with you?
If possible, do not bring your regular work laptop.
Instead bring a temporary “burner” laptop or alternative computing device that you wouldn’t be too bothered losing or having compromised. Ensure that there is no sensitive data on your devices before you make your trip.
And it doesn’t just stop at laptops. Consider not taking your smartphone, if possible and – again – take a “burner” device instead.
Before you leave
Ensure that your security patches and anti-virus software is up-to-date. Ideally it is wise to ensure that latest patches and updates are in place before you leave for your trip, to reduce the chances that anything you download has been compromised.
3NCrypt y0ur d@ta and d3v1C3s
Encrypt your devices – making sure to choose strong, hard-to-crack, unique passwords. Where possible also enable multi-factor authentication and biometric checks to make it harder for an attacker to gain access to your data.
When communicating – via email or instant messaging – take advantage of end-to-end encryption when possible to prevent conversations from being intercepted.
Turn off Wi-Fi
Disable Wi-Fi and Bluetooth when travelling. If you must use Wi-Fi ensure that you have a trusted VPN enabled which will create an encrypted tunnel for your communications.
Even using hard-wired internet access in, say, a hotel may be inadvisable. A 3G or 4G cellular connection remains the safest option.
Keep an eye on your devices, and beware the evil maid attack
If you do take your computer or smartphone with you, never leave them unattended. Instead, keep your devices with you, and don’t leave them in your hotel room.
So-called “evil maid” attacks see someone access your hotel room – perhaps posing as room service – and gaining access to your laptop. A keylogger may be installed, and your laptop returned to its normal place in your room.
Noticing nothing suspicious (and perhaps pleased to notice your mini-bar has been restocked and your bed made) you log into your device and your password is captured. On another visit, the “evil maid” can obtain the password, and your device could have its data decrypted or be implanted with a rootkit.
If it’s impractical to bring your computer with you, you could consider leaving it in your room’s safe or check it in with the hotel concierge, but this doesn’t guarantee that it still won’t be accessed and tampered with.
Talk to your IT team. They may be prepared to set you up with a temporary “burner” email address that can be used during your trip, with messages forwarded there from your current account. Such a system means that even if it is compromised hackers will not be able to access older communications – which will often reveal sensitive or personal identifying information.
Obviously, you should disable the forwarding of messages to the burner email account upon your return!
A spy in your pocket
If you are worried that your smartphone may have been compromised, don’t just turn it off in meetings – remove its battery! That way there is little chance that it is secretly recording your private conversations. One of the advantages of carrying a “dumb” phone overseas it is unlikely to have as many methods of being compromised to either steal data or spy on you.
Social media
Be careful not to announce your whereabouts on social media either intentionally or accidentally by, for instance, uploading images containing meta data that gives away your location.
Going home
As you leave the foreign country, make a note if your devices are inspected at the border. If they are, you may wish to be especially wary of every connecting them to your corporate network – be sure to inform your IT security team upon your return.
Obviously if you chose to take a “burner” device in the first place, there is less pain associated with dumping it upon your return
Internet attacks don’t respect country borders
Finally, remember that a determined hacker won’t necessarily limit their attacks to when you are in their country. If they want to get into your systems they may well try when you are “safely” back in your home country as well.
Always be aware of the techniques that malicious hackers use to break into systems, ensure you have patches and anti-virus updates in place, and your wits about you.
tags
Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats. Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.
View all postsDon’t miss out on exclusive content and exciting announcements!