Ride the Lightning

Updated Advice for Keeping Your Data Safe While Traveling

May 7, 2019

Naked Security had a good post on May 1st, updating some of the rules for keeping your data safe when traveling, especially when crossing borders. There are some large law firms that issue clean or burner phones and laptops for cross-border travel, but most people take their own phone and laptop.

If you need to bring data with you, make sure it’s encrypted with full disk encryption, and that your computer is turned off – not merely on standby – so that there are no encryption keys left in memory.

Keep in mind that border officials in some countries can require you to turn on and unlock your devices, and they may be allowed to make and keep copies of your data, as a condition of entry. If you refuse you might be denied entry, or even detained. So think of encryption more as protection from data loss should your hard drive or machine be stolen or physically lost. Knowing this, some people may leave their devices (and their data) at home. The less you have with you, the less risk you take.

Once you are at your destination, be careful what you connect to. Think before you charge a device using a USB port on someone else’s device, even if it looks like a plain old charger.

Consider carrying a cable or adapter of your own that you know has only its power wires connected – if the USB data wires are missing from the cable then it then can’t be used to take data onto or off your device.

If you rent a car, avoid pairing your phone with its computer system, no matter how convenient that might be. You may end up leaving behind more than you intended, including your device name, contact data and call details.

When it comes to accessing data remotely, avoid accessing sensitive services via public access points, and use a VPN to encrypt all your network traffic (if local regulations allow – know that before you go) back to your home or company network to reduce the amount of data you may leak out.

If you’re traveling abroad and not bringing any of your personal gear with you but plan on accessing your cloud-based services from a new computer, remember that your new device and new geolocation could trigger security alerts on your account. At the very least, if you have 2FA (two-factor authentication) enabled on your account (and you should if you have the option!), make sure you have your token generator or phone with you so you can get access.

If you use SMS to receive your 2FA codes, you’ll want to be sure your phone plan allows you to receive SMS while abroad. This is something you can resolve while abroad, but it’s a lot easier to take care of before you leave! Similar advice applies if you use a password manager: make sure you have the tools to access it on the go, such as the token generator if it’s locked with 2FA.

Traveling with data has become a royal pain. Think it through before you leave the country!

Email:    Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology
https://senseient.com
https://twitter.com/sharonnelsonesq
https://www.linkedin.com/in/sharondnelson
https://amazon.com/author/sharonnelson