Thanks to India Outbound for the image
With spring travel just around the corner, a post about sensible steps that we can take before and whilst travelling both abroad and at home.
Special thanks to Professor Alexandros Paraskevas, University of West London, for his research paper Cybersecurity in Travel and Tourism: A Risk-based Approach
The other day, my brother received a strange email relating to a friend who was travelling. It appeared totally authentic, but it sought a cyber permission. Fortunately, my brother was on it. He avoided the phishing attachment, deleted the request and contacted the friend. It transpired that, moments before the message, his friend had used airport Wi-Fi to send an unrelated email.
With increased cyber security awareness, many organisations are ramping up their cyber protection to levels that make it hard for criminals to exploit. But doing so means that criminals are turning to softer targets – us. Whilst we should be aware of state sponsored actors, hacktavists, black hats operating through the dark web and organised crime groups, increasingly threats are coming from individual back-room hackers, focused on what is termed, ‘cognitive hacking‘: our personal vulnerability that arises from our conditioned response to take the information we receive by email on face value.
Which leads us to the question of our ‘cyber hygiene’. This encompasses our physical device security, personal identity and access management, third-party and external dependencies (especially when making payments), and information protection and encryption.
Let us start with malware attacks. These frequently involve a bogus software update or an email attachment that may contain malware in a self-extracting file capable of gathering your system information, taking screenshots and can download network mapping malware called reconnaissance tools, enabling remote desktop access, stealing passwords, searching email and even installing new remote desktop programmes.
Whilst your standard virus protection, if properly installed and active, may protect you from known malware, the presence of new attacks, or attacks involving out-of-date software may not be flagged.
During an intensive cyber security review to obtain Cyber Essentials Plus certification, I discovered that cyber vulnerability may often arise from old software remaining on our computers and the terminals we may encounter whilst travelling. Tests on my systems revealed thirteen critical vulnerabilities, mostly as a result of un-updated software.
In addition to our personal computers, ‘legacy systems‘ that have not been updated with the latest security patches, or are completely outdated, are still used in many hotels, restaurants, pool and beach bars. They present an easy target for attackers to infect with malware. For example, when our credit card is swiped, its details are briefly stored in the point of sale terminal’s RAM while being transmitted to the payment processor. Malware installed in the terminal can copy the card data and transmit it to hackers.
According to Prof Paraskevas, studies have also shown that major airline and hotel websites leak guest booking data (including booking reference code, full name, address, mobile phone number, passport number, and the last four digits of credit card numbers) to their advertisers, social media websites, data aggregators, and other partners. This can include the hotel booking process or through the reservation page. Hackers can subsequently log into a reservation, view personal details, and even alter or cancel the booking.
After hotel reception areas, airport terminals constitute locations where we are most distracted. Hackers use a technique known as the ‘evil twin’ attack, positioning themselves near an authentic Wi-Fi access point to discover its SSID and frequency. They then send a radio signal using the same frequency and SSID which bears the same name as the legitimate hotspot allowing the hackers to take control of the device, collect their personal data and can monitor activity on the device.
Wise moves for travellers – top twenty tips:
- Remove old or unwanted software to shut ‘back-door‘ access.
- Update your software, particularly web browsers and virus protection.
- Activate auto-update so software receives essential patches.
- Connect your devices, and activate your ‘find my device’ feature.
- Disable autoplay.
- Create a separate administrator account to take charge of all system changes to your computer. This will alert you to requests to make changes that are sought (or induced).
- Back up your data before you depart.
- Keep your device locked when not in use, never leave it unattended.
- Avoid being overlooked when accessing a device.
- Disable remote connectivity by switching off auto connect.
- Keep Bluetooth turned off when not in use.
- Avoid sensitive activities on public networks, including online shopping.
- Only use sites that commence “https://” when shopping or banking.
- Always prefer mobile connection to public connections.
- Avoid unsecured networks.
- Hover and read a link before clicking.
- Beware mobile travel apps that share your personal data to your social media.
- Don’t use publicly accessible computers for anything other than browsing, and avoid connecting via USB to other people’s chargers or data storage.
- Maintain well-planned physical security for devices, especially when left in hotel rooms.
- Think before connecting.
Advertisements appearing within or below this post are placed by the platform, not the writer. They are neither endorsed nor monetarised.
*
*
*
*
Ageing Effortlessly 