When traveling — in the U.S. or internationally — it is always important to proactively protect the Pack from cyberattacks. Follow these tips to safeguard your personal and university data while you’re on vacation.
Before you go:
- Bring only the devices you absolutely need.
It’s easier to keep track of one device, and a smartphone with fingerprint or facial recognition is suitably secure. - Buy a device charger and pack it with your smartphone and IDs.
It’s not safe to use the public charging stations typically available at airports, hotels and coffee shops. Cybercriminals tend to exploit such stations, using technology to steal your data. - Update everything.
Laptops, smartphones, game devices, or network devices are best protected when updated. This means updating everything from security software and operating systems to apps and browsers. Even better, enable automatic updates for your devices. - Back up your data.
Back up your contacts, financial data, photos, videos, and other device data to another device or cloud service. This will save you from data loss if a cyberattack forces you to reset a device to factory settings, you lose your device or it is stolen. For university data, use the Storage Locations for University Data to be sure you are storing data securely. - Be a password geek.
Cybercrime, ransomware and phishing are all becoming increasingly sophisticated at a rampant rate. Before leaving for any vacation, take the time to protect each of your online accounts by assigning each a unique passphrase. Using a password strength checker can be a huge help to construct a password you find easy to remember and type. For your Unity account, use the Password Change Form, which provides password strength checking. - Multi-authenticate everything.
Set up multi-factor authentication (MFA) for email, banking, social media, and any other service that requires logging in. This protects your accounts from cybercriminals who can easily access your accounts otherwise. Whenever MFA is available, you can typically use either an authenticator (e.g., smartphone app) or a physical token key for the second factor.
Once you’ve begun the journey:
- Stop auto-connecting.
The last thing you want is for your devices to automatically discover and connect to any available Wi-Fi or Bluetooth devices. Auto-connecting throws the door wide open for cybercriminals to hack into your sensitive data. Connect only to private, secured Wi-Fi. After you get what you need from a manual Bluetooth connection, turn Bluetooth off immediately. If you use your smartphone to connect to a car via Bluetooth, make it a habit to turn off your phone’s Bluetooth before removing your seatbelt. - Avoid public Wi-Fi.
If you have a personal, secure hotspot, use that instead.
However, if you’re desperate to use public Wi-Fi at an airport, hotel or coffee shop:- First, confirm the name of the network and precise login procedures with their personnel to make sure the network is legitimate.
- Absolutely do not access any university or personal accounts, especially banking, that prompt you for passwords, credit card numbers or any sensitive information.
- Go only to secure sites or those that begin with https:// when shopping or banking online.
- Most importantly, use secure VPN solutions. For example, NC State has a VPN service that allows secure access to campus resources. When you are finished using public Wi-Fi, disconnect from it immediately. For additional information, see campus recommendations to secure your wireless connections for Android and iPhone devices.
- Use your own device charger.
Use the device charger you brought with you on your journey. Never use public charging stations. - If a text or email looks phishy, don’t bite!
If you have any doubt that an email or text message is legitimate, don’t respond, don’t click any links, and don’t open any attachments. If it’s from someone you know but you have even a slight concern they may have been hacked, contact that person, instead, by calling them from the phone number stored in your Contacts. For questionable university emails, the NC State Help Desk can help evaluate message legitimacy. - Connect only with those you know and trust.
Avoid new online groups, people, apps, and so forth until validated. - Don’t post that!
Never show that you are away from home — or even planning a vacation. Save your vacation photos for posting once you’re back home, safe and sound. Don’t post your check-ins. Disable location services that allow everyone to see where you are. - Lock down your mobile devices and keep them close.
To prevent theft and unauthorized access or loss of sensitive data, you need a plan to make it impossible to leave your equipment unattended — including any USB or external storage devices. Develop an automatic behavior to secure your devices every time you enter a taxi, airport, airplane, or hotel room. If you’re ever in a situation where your smartphone may be confiscated, power it off without hesitation! When it’s turned back on, whoever has confiscated it will have to know the password, PIN, or provide the fingerprint or face to get past the lock screen. Use “Find My Device” (for Android or iPhone mobile devices) and set up device wipe (Failed Passcode Protection on iPhone) so that your device erases all data after multiple failed logins (e.g., 10 failed attempts). - Be hotel savvy.
Don’t use public computers such as those available in business centers; they may contain viruses that can compromise your account information, including your login credentials. Be especially vigilant about keeping your smartphone close. The hotel’s safe isn’t as safe as it should be.
If traveling internationally:
- Be extra cautious.
For example, try to avoid any banking or other sensitive transactions. - Use your debit cards judiciously.
They offer less financial protection than credit cards. For cash withdrawals, use only the ATMs located inside reputable banks; they tend to offer optimal cybersecurity. - Use a disposable phone.
Especially when traveling to high-risk areas of the globe, consider traveling with an inexpensive, disposable phone and discarding it once you’re back home. If the disposable phone becomes compromised, cybercriminals won’t have access to all the sensitive data stored on your personal phone. And they won’t gain access to all the other devices and personal networks you have at home.
For additional information on how to protect the Pack while traveling, see: