This holiday season, whether you’re visiting family or getting away from it all, don’t let your guard down when using your devices away from home.
Sure, it’s nice to think about unplugging for the holidays, to put some distance between you and the many screens that have stolen your time through the year. But let’s be honest, you’re still going to be posting on social media, mindlessly scrolling while waiting at the airport, or signing in to your work email from time to time—all of which can put your privacy and passwords at risk if you’re not careful.
Here are our top cybersecurity tips for staying safe online while you’re traveling.
Read more: 10 life-enhancing tech products under $30
Look out for fake flight and hotel websites
It’s tempting to try to save a few pennies on airfare and hotels by using travel search engines promising great deals. But always make sure to verify the websites you book from are legit. Read travel trade group IATA’s warning about fake travel sites.
What to do instead: Do some research on the site if you’ve never heard of it. For more well-known sites, check that the website URL is correct (bookmark it if you use it often). It’s also a good idea to book directly from reputable organizations you trust, such as hotel chains or airlines.
Don’t join unsecured Wi-Fi networks
Free Wi-Fi is one of the most common cybersecurity risks for travelers. The vast number of users who join free Wi-Fi networks in hotels, cafes, and airports makes them an attractive target for attackers. Many of these places don’t secure their Wi-Fi networks, meaning an attacker who hacks into a router could distribute malware to guests or monitor their activity.
What to do instead: Always check the name of the Wi-Fi network to make sure you’re not joining a fake network with a name similar to your hotel’s Wi-Fi, for example. If in doubt, ask the staff.
The easiest solution is to use a VPN when connecting to public Wi-Fi networks. VPNs stop intruders from seeing what you’re doing online. If you can’t use a VPN and still have a data connection on your phone, hotspot from your own device (or use a portable router) to avoid connecting to any potentially unsecured public Wi-Fi networks.
Don’t leave your Wi-Fi and Bluetooth on
Most devices’ default settings make them automatically connect to networks they’ve used in the past. The risk here is that your device identifies these by the network’s name—which can easily be spoofed.
What to do instead: Keep your Wi-Fi turned off by default when on vacation and only connect when you need to join a network. Similarly, turn off your Bluetooth unless you need to pair with a specific device you trust, like your headphones. Allowing Bluetooth to automatically connect to devices may allow unsuspecting remote connections to your phone, or allow advertisers to track you as you wander around a market or a mall. Turning off Bluetooth saves battery, too.
Beware of airport USB charging stations
USB ports provide power (handy!) but can also transfer data (security risk!), which means you should think twice before plugging your device into an untrusted USB port. It’s not a huge risk, but cybercriminals could modify a USB connection to install malware on your phone or download data without your knowledge.
What to do instead: You can protect yourself with some preparation. For less than 10 USD, you can get a device called a juice jack that you can put in front of your charging cord, blocking data from passing down the cord. Or bring your own portable power bank, which can often charge multiple devices at once or one device several times over. Very handy for long airport layovers, poolside scrolling, or Instagram-heavy sightseeing trips.
Think before using an internet cafe
Internet cafes aren’t as popular among travelers as they once were, thanks to the proliferation of smartphones—which is probably a good thing from a data security standpoint.
What to do instead: If you anticipate having to use an unfamiliar computer to check your email or access files on a USB drive, you can prepare a portable operating system instead. Basically, it’s a USB stick that you plug into a computer to show you a private, personal operating system, which you can then close out of entirely once you’re done. More on that here.
Don’t scan QR codes indiscriminately
You’ve probably heard of email phishing, but have you heard of “quishing?” The convenience and contactless nature of QR codes saw them return during the pandemic, giving rise to a new breed of cyber scam: QR code phishing.
Scammers in Texas used fake QR codes stuck over the real ones on parking meters, which directed users to malicious websites which asked them for their credit card and bank details. Drivers in Atlanta reported finding fake parking tickets with QR codes on their windscreens, directing them to malicious sites asking for billing information.
What to do instead: Be extra wary of QR codes on flyers or stickers. Always try to verify the legitimacy of QR codes before scanning—for instance, if you’re in a restaurant, ask the staff—especially if they are requesting payment. Also scrutinize the preview of the URL when scanning a QR code to see if it looks real.
Don’t leave your phone unlocked
It’s basic, but must be said. Traveling and holidays are distracting, and you’re more likely to lose your phone when your guard is down. Don’t put off setting a passcode!
What to do instead: Set passcodes on your mobile devices, preventing anyone from accessing your data even if they get stolen. And set up backups for your device and accounts before you travel so you don’t lose all your data!
Read more: What you should do after losing your phone
Don’t flash your screen
Sometimes online security dangers are right over your shoulder while you’re on your phone or laptop.
What to do instead: A privacy screen is a film that darkens your screen when viewed from the side, thereby preventing a lot of curious onlookers from physically spying on your activity in public—like typing in your passwords or sending private messages. They’re a great idea for keeping things private when you’re abroad.
Protect your online privacy and security
30-day money-back guarantee