The holiday season will soon be upon us and most people will be taking a break from the hustle and bustle of workday life, but unfortunately, most people will not be taking a break from their IT. In this short blog, I will identify a few things to think about before you head-off for that relaxing break.
1) Check that the holiday is legitimate
This advice may be a little late for this year, but it's something to bear in mind for when you plan next year's break, but quite simply – check that the ideal holiday you've seen online actually exists!
Many people have unfortunately fallen foul of fake sites which use content stolen from legitimate sites to fool holiday makers into booking for a non-existent break. Make sure the website you use for your holiday is the right one with real destinations to offer.
2) Check those emails from your travel agent
A common attack in recent years is for hackers to send spoof emails to holiday makers saying things like "please send your final holiday payments to bank account X as bank account y is having difficulty processing payments" or similar. If you get ANY suspicious emails about your holiday, double-check with the travel agent.
3) Backup before you go
It's not uncommon for people to have a wealth of personally valuable data stored on their mobiles and tablets. It would be devastating to lose those files and photos if your device gets lost in the airport, or stolen in an overseas café.
Before you head to the airport, make sure you've backed up your precious files to your home PC or a cloud service such as Apples iCloud, or Google Docs/Photos, etc.
If you do suffer a loss of your device, then at least you still have those valuable files.
4) Update before you go
It should be a matter of course that you perform regular updates of your devices, but certainly check to see if there are any updates before you fly out. It's quite common for hackers to build fake Wi-Fi hotspots for unwary travellers to connect to and then attempt to download malware to those devices. If your device is not up-to-date, then you are potentially at risk of getting such an infection.
5) Consider investing in a VPN
When you are abroad, you will no doubt want to take advantage of the various free Wi-Fi hotspots offered by airports, cafés and hotels. This is all fine, but you should be cautious about who can intercept your data whilst using such convenient access points.
A VPN (Virtual Private Network) will allow you to create an encrypted tunnel through the network you are using to a safe exit point somewhere else on the Internet from where you can then surf in safety.
Most VPN providers now offer mobile apps as well as the traditional PC VPN software and many offer multiple installs under one account.
Some good VPN providers to check out are:
6) Avoid purchasing online whilst abroad
If you simply have to buy anything online whilst abroad, consider using a safe system which offers you security over your purchases such as Paypal, or your credit card. Do not use a debit card for purchases as there are no guarantees over fraudulent transactions.
7) Use your device to pay in shops which offer touch-to-pay
If you have the ability to use Android Pay, Samsung Pay, or Apple Pay, then do so rather than use your credit/debit card.
When you use your credit/debit card to pay, the real card number is passed to the merchant which could be subsequently stolen, or even syphoned off by the merchant themselves. Using a phones touch-to-pay transmits a pseudo-card number which means that the merchant (or hacker) never receives your true card details.
8) Resist making your friends envious
Everyone takes holiday snaps, and many people instantly upload these snaps to social media to show their family and friends what a lovely time they are having. If you want to do this, then think about whom else might be able to see that you are currently not at home! If you must post your snaps, make the group a private one who you share with – or maybe send direct WhatsApp messages as opposed to posting on a Facebook wall – If you tag friends in photos, then be aware that friends of those you tag can also see your post – do you want to risk it?
9) Use 2FA (2-Factor Authentication) if possible
2-factor authentication involves using 2 pieces of information to access an account – typically 'something you have' and 'something you know'. So for example, when logging into Gmail you provide the username and password, and if you have 2FA enabled, Google will send a verification code to your registered mobile device (Something you have) which you must also enter to the site before access is granted.
Using 2FA is a way of assuring that if your password does get compromised whilst you are using an untrusted network, then access cannot be gained as the attacker will not have access to your mobile device to receive the validation code.
Hopefully, these quick tips will allow you to kick-back and relax whilst you earn your well-deserved break, and whilst you are away you can think about which QA cyber course you want to attend when your batteries are re-charged on your return to normality! See our website for more details - cyber.qa.com
Graeme joined QA in 2017 and has worked in security on and off for 15 years. His last role was as a Senior Technical Security consultant at Capgemini covering the public and private sector.
From the age of 17, he was running investigations into online scams and phishing. Today he teaches and/or has written: CEH, OSINT, CTF (conventional or OSINT), CyberFirst, practical encryption and Security+. Graeme is an avid writer with 130+ articles to his name and a chapter in a published book.
He loves thinking like a hacker to review and tweak settings with a fine-tooth comb.
More articles by Graeme
Shadow IT during Covid-19: Do not let your employees decide which apps and tools to use
11 cybersecurity tips for more secure home-working during the Covid-19 outbreak
Hostile reconnaissance: What is it and how do we stay safe?
My partner is a landscape gardener – who would want to hack me?
7 cybersecurity tips for wedding photographers – or anyone, really
Cyber Security for everyone - what we all should know
Cyber Attacks - Most of them are not as high-tech as you'd think
Cyber risks are too often ignored by management
Rise and Fall of Bitcoin
Endpoint and network firewalling needs to change