Skip to content

Travel Tips to Protect Your Gear and Data

2012-07-06

Add to FacebookAdd to DiggAdd to Del.icio.usAdd to StumbleuponAdd to RedditAdd to BlinklistAdd to TwitterAdd to TechnoratiAdd to Yahoo BuzzAdd to Newsvine

It’s summer, which means a lot of us are on the road both for work and pleasure. I also have to take a lot more short business trips than I used to, and as a security geek, I seem to be perpetually carting around a pile of gadgets and devices, both for fun and to work. Someone recently asked me for some tips about what to do to keep devices and data safe while on the road, and I summarized a few tips, which I have expanded here.

Before You Go

Install any available security fixes, updates, and/or patches. Download and install all available critical OS updates before you leave home (preferably, before you back up the hard drive). But don’t stop there: If you use a third party browser, such as Firefox or Opera, be sure to grab the latest versions of those. Don’t forget to update things like Java, Flash, and the Acrobat Reader: applications often abused by exploit kits and used to deliver malware to unsuspecting computer users. Finally, check for security updates to other software, such as an office suite, an IM client, or chat programs like Skype. If your office lets you use a VPN to create secure connections, it’s a good idea to install the appropriate VPN software — and test it — before you leave.

While I was on the road on my last international trip, the Internet Crime Complaints Center published a somewhat vague warning about using hotel internet connections abroad. The gist of the story is that some international travelers were being presented with bogus “software update” popups while using the hotel’s wireless broadband, and finding themselves infected with malware as a result. There have been reports for several years about business travelers returning from abroad and finding that malware had been installed surreptitiously on their laptop when it was left unattended. Configure a boot password in BIOS, and disabling the laptop from being able to boot from a removable media device (such as an optical disc or USB drive), may prevent some of those tricks from succeeding.

Encrypt the hard drive. I also have the entire system drive on my laptop encrypted with the no-cost TrueCrypt, which is just a sensible precaution to take even when you’re not traveling. Remember, even if the laptop remains chained to a desk, the hard drive might be accessible to a thief with a screwdriver.

Install tracking software. Of course, there’s always the possibility I could be robbed, but it’s far more likely that someone will tamper with or steal the device if it’s left unattended. I’ve got the free version of Prey installed on all my mobile devices, but I’m not depending on it. There’s a good chance it won’t do me much good, other than give me the ability to remotely wipe the drive. Just because you know where a stolen device is, it doesn’t mean you’ll ever see it again, or that the police will act on your information and return your stuff to you.

Back everything up. I mean, back up everything you plan to take with you, and leave the backup somewhere safe, preferably hidden or locked away at home or in a secure drawer in your office. I’ve always got at least a laptop and a mobile device, and sometimes a camera. You’ll want to do this to the entire hard drive of your laptop, everything on the phone and the camera (the whole SD card), the works — working under the assumption that while you are likely to return home at the end of the trip, there’s a distinct possibility that one or more of these devices won’t.

I like to use a whole-drive imaging program like Norton Ghost or Acronis; For under $100 (not including the cost of a large external hard drive needed to store the backups), these tools can restore not just data but the entire OS to a replacement computer, should your laptop find a different road to travel, and a different destination.

If you don’t mind only backing up the data, and you have the restore disc that will reinstall the OS, Windows users can get away with something like Microsoft’s free SyncToy. Mac folks have their Time Machine, of course, but also have more tools available to them, as well. But in the end, the only way you can be sure that nothing undesirable remains on your laptop after your return is to reimage it using the backup you made before you left home, which is why I recommend going to that level of extremes.

Prepare a data-emergency toolkit. My travel data toolkit always includes: A CD folder containing the bootable restore-and-repair discs and TrueCrypt rescue disc for my laptop; Extra USB cables for any devices I bring along; A small set of screwdrivers that can open the laptop case; a microfiber cloth (I hate crumby/dusty keyboards or screens) wrapped around my little portable hard drive for cushioning; a spare (brand new, in the packaging) MicroSD card, in case the one in my phone dies and/or a spare SD card for my camera; My “utility” thumbdrive, which includes the following software: Process Explorer, GMER, MalwareBytes, DBAN (Darik’s Boot-and-Nuke), SyncToy (32- and 64-bit), and some data recovery tools, including TestDisk (and some others). The total size of all files shown on this screenshot is only a mere 61MB — small enough that you could keep a duplicate on your camera card as well. My carry-on bag always contains my laptop, power cord, a three-way power outlet splitter (for those crowded airports with just one outlet every 100 yards), a Kensington lock, USB cable and power cord for my phone, international power adapter(s) (if necessary), the portable hard drive, and a pack of Red Vines. You know, for emergencies.

Once You’ve Left

Keep your gear with you. Whenever I go on the road with my laptop I follow a simple rule: Unless there’s a solid, trustworthy, well-secured safe in the hotel room, the laptop stays on my person at all times. That means, no locking it in the trunk of the car, and definitely no leaving it in the room (even Kensington-locked to the desk). I’m not a fan of safes behind the counter in the hotel lobby, either.

Perform daily backups of new data. When you’re on the road, it’s also critical to back up the photos you take – with camera or phone – every day. I had two SD cards in my phone fritz out in the middle of my vacation, and I lost some valuable and irreplaceable pictures as a result. You can always send the cards to a data recovery service, but it costs an arm and a leg. In my case, it would have cost the same to restore those images as it would have to fly the family back to Disneyland, including the cost of admission. I carry a tiny little hard drive with me that I can slip into a hidden spot in the hotel room, and use it for nightly incremental backups of these vacation snaps and vids.

Create a vacation email account. Staying in touch can also create problems. I try to avoid using my existing email accounts when I’m on the road, but that doesn’t mean I have to give everyone a new email address to use. I create a new Gmail account just for international trips, and configure my other email accounts to forward their messages to the new one, just for the duration of the trip, so I never have to log into the “real” email account while using a network I have no control over. When I get home, I’ve still got copies of all my messages in the original accounts, and I can delete the “vacation Gmail” box permanently with no loss of data. This is also highly recommended for people who don’t want to schlep a laptop and all its accessories around the world

Reflexively distrust any “public” computer. Cybercafés offer a measure of convenience, but you have to treat any cybercafé computer you use as if it has already been completely compromised with malware. Frankly, the same is true of the computers of (most of) my relatives, and some of my friends. Never log into any kind of financial Web site from a cybercafé (or from Aunt Sally’s house), and assume that, after logging into a social media or email account from a strange computer, you’ll probably need to change the password afterwards.

Important note: With new anti-theft measures in place by Google and a number of social media companies, such as Facebook and Twitter, you may find yourself prompted for additional information (like the answers to one or more of your security questions) if you suddenly log in from Thailand instead of Kansas City. Set up your security questions and account recovery details ahead of time. If you plan international travel, don’t assume you’ll be able to receive a text message security code on your cellphone.

Funny side story: I travel a lot, and when the hotel has one or more shared computers in the lobby or ‘business center,’ I can’t keep my curiosity in check, and always take a look at it. In my admittedly limited experience, anywhere from a quarter to half of the computers set up for public use in hotel lobbies in the US that I’ve looked at have been previously infected with one or more types of malware. Some of these have been infected for months before I stumble across them. I carry a thumbdrive with some analysis and malware removal tools on it, and try to clean the box before I leave, but more often than not, software restrictions set up by the hotels themselves prevent me from cleaning up their infected public computer. Sigh. In those cases, I just pull the plug on the box and tell the hotel manager, so at least nobody else will get their IM, social network, or email passwords stolen.

When you get home from a long trip, always always always change the passwords of any accounts you may have accessed while on the road. That includes email, IM, and social networks. Just assume that someone has been stealing your passwords the entire time, and change them the minute you get home.Solera blog stats

Comments are closed.

%d bloggers like this: