Our whole lives and livelihoods are wrapped up in our data.
That data is especially vulnerable at border crossings and in unfamiliar environments.
There are plenty of security products available on the internet for the privacy-minded traveler – if you feel like going shopping, a quick search will turn those up for you.
And if you really want an excuse to travel with a laptop and phone that you’ll acquire solely for your trip and then dispose of when you leave, you certainly can, but most people won’t.
But here are some tips you can use without spending tons of money on extra security gear.
Getting there – keep it encrypted, and travel light
If you need to bring data with you, make sure it’s encrypted with full disk encryption, and that your computer is turned off – not merely on standby – so that there are no encryption keys left in memory.
Keep in mind that border officials in some countries can require you turn on and unlock your devices, and they may be allowed to make and keep copies of your data, as a condition of entry.
If you refuse you might be denied entry, or even detained. So think of encryption more as protection from data loss should your hard drive or machine be stolen or physically lost.
If this is unacceptable to you, travel light and leave your devices and their data at home.
It depends on what’s at risk for you and what your tolerance for risk is, but less you have with you, the less you have to lose.
When you’re there, mind what you connect to
Think before you charge a device using a USB port on someone else’s device, even if it looks like a plain old charger.
Consider carrying a cable or adapter of your own that you know has only its power wires connected – if the USB data wires are missing from the cable then it then can’t be used to sneak data onto or off your device.
Also, if you rent a car, avoid pairing your phone with its computer system, no matter how convenient that might be. You may end up leaving behind more than you intended, including your device name, contact data and call details.
When it comes to accessing data remotely, stick to basic internet hygiene procedures.
Avoid accessing sensitive services via public access points, and consider using a VPN to encrypt all your network traffic (if local regulations allow) back to your home or company network to reduce the amount you leak out to eavesdroppers.
Final note
If you’re traveling abroad and not bringing any of your kit with you but plan on accessing your cloud-based services from a new computer, remember that your new device and new geolocation could trigger security alerts on your account.
At the very least, if you have 2FA (two-factor authentication) enabled on your account (and you should if you have the option!), make sure you have your token generator or phone with you so you can get access.
If you use SMS to receive your 2FA codes, you’ll want to be sure your phone plan allows you to receive SMS while abroad. (This is something you can resolve while abroad, but it’s a lot easier to take care of before you leave, speaking from personal experience.)
Similar advice applies if you use a password manager: make sure you have the tools to access it on the go, such as the token generator if it’s locked with 2FA.
Mahhn
Great advice, and don’t post on social media that you are gone – unless someone is at your home while you are out.
A plug the Free firewall that Sophos offers belongs here as it includes VPN access. So you can bring a nearly blank device with you and VPN into your home PC. Which is really nice.
David Bennett
Can you explain how a USB charge connection to an iPhone could take information? (I am thinking about the chargers built into the back of aircraft seats, but other chargers as well).
Paul Ducklin
The charger might be more than just a charger – it might make a sneaky data connection as well. Snoopy charging stations are known as “juicejackers”:
https://nakedsecurity.sophos.com/2011/08/19/is-juicejacking-the-new-firesheep/
In theory, your iPhone ought to resist the unexpected and unauthorised data connection event (and the airline ought not to be juicejacking you in the first place, and almost certainly isn’t)…
…but if you use a cable of your own without the data wires connected, it won’t happen because it can’t.
Olli M
I have an easy trick. I only charge my powerbank in public places and my devices only from powerbank. Then the powerbank is always in the middle on the chain.
Paul Ducklin
That works. I have a power bank that can charge and discharge at the same time so it can act as a “data blocking proxy”, so to speak.
But if I want to travel light I take a short cable that came with one of my bike lights that has no data wires in it. In a USB-A connector plug there are usally four metal conducting strips – two longer ones at the sides for power and two slightly shorter ones in the middle for data. (The power traces are longer so the power wires make contact first.) If the middle traces are absent then the cable has no conductors for data and is strictly power only.
Tony Gore
Another is to use data stored in the cloud. Taking OneDrive as an example, before you leave, make sure that you only sync folders that you really need whilst away. Then empty the recycle bin and do a defrag using a tool that will properly optimise you disk i..e it will move most files and thus overwrite the deleted data. You could ensure you have no data at all if you know that when you arrive you will have access to a decent safe connection, and then sync the data that you need. Doing this means that if stopped on the journey to your destination, there is nothing to be found. If you use Outlook, you can delete the OST file and then recreate it later, or delete it but before you go, set to only download headers only. This gets most of the info out of your system from email. If you have multiple email accounts, you may well have a fairly sacrificial one that you only occasionally use, so you can leave Outlook connected to that and only reconnect your real Outlook account when you get there.
But the principle of doing a clean up and defrag before you travel makes sense – your machine will be faster and if you do lose it, you will at least have a better idea of what there is (and is not) on your machine.
PW
Use a PIN code to access your phone, since that cannot be demanded without a warrant–unlike fingerprint access, which requires no warrant.
Paul Ducklin
That’s not quite right.
The situation varies from country to country. In the US, for example, many magistrates consider typed-in phrases to be testimony and thus protected by the Bill of Rights, but in a very specific way. (See the Fifth Amendment.) So you can’t be compelled to give a PIN if you exercise your right to silence. Fingerprints may or may not be testimony and may or may not need a warrant. Seems to depends on the magistrate.
But in the UK, although you can’t be forced to tell anyone your password you can be ordered by a court to decrypt your data. If you refuse you can be charged with a criminal offence and the penalties can be quite serious – years in prison – on the argument that without a strong sanction everyone would just refuse. You can claim to have forgotten your password but the court is not obliged to extend its presumption of innocence to accept your claim.
And in many countries – AFAIK including both the UK and the US – your legal rights are rather different when you are at the border seeking entry, because you are in a sort of legalistic grey area where you can variously be refused entry (and good luck getting in again after that) because you aren’t strictly in the country yet, or arrested because technically you are in the country already.
dan
if i have windows 10 home there is no option of disk full encrypion. anyone has a idea what is the best way to encrypet the disk or aproched this problem ?
Paul Ducklin
Windows 10 Home has a thing called “Device Encryption” built in that seems to be a special-purpose (stripped down?) version of Bitlocker.
AFAIK you can’t encrypt removable disks (e.g. USB drives or backup disks) and not all computers actually support it.
Apparently the “System Information” app in Windows 10 has a section to test if your computer supports this option…