How travelers can avoid being hacked overseas
With the New York Times and Wall Street Journal saying their computer systems had been hacked by Chinese groups, here are ways for business travelers and vacationers to safeguard their tech devices.
Here are some tips to help travelers protect their laptops and mobile devices from spying — or at least limit the damage of hacking — while in China or other nations where groups may want to steal company information. Many of the tips also apply to vacationers.
—Don’t take your work or personal laptop. That’s the best advice and a precaution used by major companies and agencies of the federal government, said Anup Ghosh, chief financial officer of Invincea, a software security company in Fairfax, Va. Instead, some employers issue traveling laptops that are clean of proprietary corporate or government information and are scrubbed clean after the employee returns from the trip.
—Safeguarding isn’t easy. Data can be captured while the laptop is in customs or if you step away from your hotel room briefly. “It takes five minutes or less to capture information from the laptop,” Ghosh said. Lock it in a hotel safe. Use an encrypted drive.
—Get a traveling phone. Consider getting a pay-per-use phone or a phone for travel. If you take your phone, use your screen password on your mobile device so if you lose it, no one can pick it up and read your email or other data.
—Beware of public networks. Wireless networks in hotels and coffee shops, for instance, are often compromised and malicious codes can be downloaded into your machine, Ghosh said. Even if you leave home with a clean laptop and it’s wiped clean after the trip, someone can still capture what you’re typing in emails or your credentials when you’re entering them during the trip. Not much can be done about that — it’s just a risk you have to be aware of so you are careful to avoid activities such as logging into your bank to do financial transactions, he said.
— Business travel security. Your company should also routinely take steps to limit the types of applications that can run on their systems, regularly update computer programs, and tightly control the number of people who have broad access privileges to the company networks, said Alan Paller, director of research at SANS Institute, a computer-security organization.