With wider vaccine availability and country borders opening up, many of us are packing our bags. Here’s why you shouldn’t leave cybersecurity at home.
Plane ticket? Check. Airbnb? Check. Dinner reservations? Check. Password manager…? While it may not be the first item on your list when planning a trip, securing your personal data is a guaranteed way to unlock vacation mode.
Our data is especially vulnerable when we travel. Not only are we entering private information into third-party apps to book airline tickets and make dinner reservations, but we’re also (ideally) less attached to our devices and therefore less likely to get alerts in the event of a security breach.
Here are some ways to secure your data while you travel so you can toss your phone into the Seine (or just switch it to airplane mode) and enjoy a carefree vacation.
1. Don’t Tweet at hotels or airlines
In the era of business-to-consumer transparency, it’s natural for us to want to connect with brands online. Whether that’s to praise them for above and beyond service or shame them for losing our luggage, though, it’s not worth the cybersecurity risks.
Tweeting at an airline or geotagging a hotel on your public social media profile makes you vulnerable to phishing scams. Hackers can use this type of information in a number of ways: They could pose as the hotel and email you to get more of your personal data, or they might call your hotel and use a tactic called “vishing” (voice elicitation) to impersonate you and, for example, transfer your hotel points to themselves. If you feel the urge to vent or rave on Twitter or Yelp about an experience while traveling, it’s best to keep this type of communication to private channels.
Additionally, geotagging the places you visit on Instagram or other social profiles makes it easy for hackers to trace your whereabouts while you travel. If you must share your location, keep it private, or save it for a #latergram.
Read more from white-hat hacker Rachel Tobac on how communicating with brands on social media can leave you vulnerable to cyberattacks.
2. Get a password manager
Before you even book your hotel or flight, get on board with a password manager. Creating accounts on new sites and booking these reservations requires entering sensitive personal information, including your credit card number and birthdate. A password manager will not only generate strong passwords for you—no more creating passwords based on what’s on your desk at that moment—but it will remember them, too.
For all of the accounts you have on travel booking sites—Airbnb, Kayak, Resy—your password manager will encrypt and store your logins, as well as autofill your personal info. This will eliminate the need to reuse the same passwords over and over, which is a huge “don’t” when it comes to online security. Let your password manager do the heavy lifting, and all you’ll need to remember is to set your alarm for that red eye.
3. Secure your devices with biometrics
While you’re likely to store laptops or cameras in a hotel safe, your phone is probably along for the ride during your vacay. And though they’re often attached to us like an appendage, it’s not entirely uncommon to accidentally leave your phone in the back of an Uber or cab. Take advantage of your device’s built-in biometric authentication, like fingerprint or Face ID, to keep your personal data as secure as possible.
4. Book through sites that allow 2FA
When it comes to third-party booking for travel, not all services are created equally. Look for sites that allow you to enable two- or multifactor authentication (2FA or MFA). When Dashlane surveyed over 55 major third-party travel companies in 2018, some were more privacy-minded than others. Many allowed weak passwords, failed to generate verification emails, and did not offer 2FA—meaning, for someone to log in to your account, they would need a code sent by email or text in addition to your password. Regardless of what these booking sites allow, it’s best for users to take the initiative and use strong passwords (using a password generator) and enable 2FA on every account available.
5. Browse through a VPN
When we travel, we’re more likely to hop onto unsecured public WiFi networks at an airport or cafe, even if we swore to ourselves that we wouldn’t check Slack on vacation. Having a VPN means that even if you browse the web from a coffee shop in Berlin, you’re both disguising your IP address and also encrypting the data sent or received over that connection, foiling any hacker’s potential plans to snoop on your activity to glean personal data.
A few last tips
Booking sites are targets for hackers, and companies like EasyJet and Orbitz have experienced data breaches in recent years. Always double-check email addresses from companies including third-party booking sites, and if you suspect a phishing email, avoid replying or clicking any links. In the event of a breach, make sure to change your passwords.
If you suspect your personal data has been compromised, this guide explains what to do step by step.