How To Protect Your Identity and Data While You Travel

Traveling may increase digital security risks for many people because it forces them out of their ‘comfort zones.’  When people travel, they’re compelled into trusting unproven outside networks and services (like in-flight WiFi), they’re corralled into locations that are easy for attackers to surveil and target (airports, hotels, ‘tourist traps’) and they’re more likely to be distracted, sleep-deprived, intoxicated, hurried, etc., all of which makes it easier to exploit them.

It is critical that you protect your identity and data so that you minimize the risks of theft, fraud, harassment, and more. With just a few steps you can be well on your way to securing your personal information and passwords.

At Airports

Most people don't know that your boarding pass includes a PNR, Passenger Record Locater, which includes details of your trip, and much more personal information than most people realize. The most sensitive data in the PNR is the travel data itself: Where you will be and when you will be there during your travels. The most serious and common threats for your PNR getting stolen is stalking and domestic violence, along with robbing your home while you're away. 

The record locator is used as though it were a password, but it meets none of the criteria for a strong password. Travelers are not told that they need to keep it  secret, as though it were a password. It's hard to keep it secret, since it is printed (or included in a bar code) in so many places including boarding passes and checked baggage tags. You can't choose your own record locator as a password -- it is assigned automatically. Perhaps worst of all, the record locator can't be changed if it is compromised.

Here are some more ways you can treat your PNR as an especially sensitive password:

  • Shred or burn all your boarding passes, luggage labels, and printed itineraries or printouts of e-mail from airlines or travel agencies that contain your record locator. (It may be in a bar code even if it isn't written.)
  • Never carry a boarding pass or itinerary visible in public. Keep it folded, or in your pocket or purse.
  • Remove luggage tags (and hide them until you have a chance to shred or burn them) as soon as you claim your luggage. 
  • Never say your record locator out loud or on the phone in a public place.
  • Never tell anyone except the airline or your travel agent or someone you trust completely your record locator or forward e-mail that includes it.
  • Don't take or post photos, or let anyone else take them or post them, that include your boarding pass, baggage check, or any other airline document that includes your record locator or a bar code (most of these bar codes include the record locator).

But even these steps might not protect you fully since it is so easy to look at your PNR over your shoulder. What is urgently needed, and what travellers need to demand, are technical changes by the Computer Reservation System (CRS) companies, and enforcement of existing data protection laws against Computer Reservation System companies and airlines.

At Hotels/On The Road

WiFi is always risky to use. Period. I know it’s super convenient, and we all do it, but when traveling, it’s important to remember just how vulnerable wireless transmissions really are.

It’s not that hard for a hacker to crack into your WiFi connection, even if it’s password protected. In fact, there are a number of free or inexpensive online tools people can download that will do it for them, if they don’t have a lot of technical skill. They can do this by creating a fake WiFi access point which you mistakenly connect to, spoofing a trusted WiFi access point to your phone, or breaking into the connection between you and the legitimate access point.

If a hacker is able to eavesdrop or inject into your WiFi connection, they can steal your passwords, cookies, and any transmitted data; she could also potentially infect your device with malware.

Getting your own hotspot for on-the-go security is the easiest step you can take to protect data and passwords. The KeepGo is by far the best for international nomads. The hotspot comes with a 1GB Internet SIM Card and, if you need more data, you can keep topping this one SIM card as you go. It can connect 10 devices to the internet at one time, has six hours of working battery life and works in 64 countries, including Europe, Asia and the Americas. Also, since the Keepgo allows international travelers to keep their original SIM card in their phones, users can make and receive regular voice calls on their normal phone number while abroad.

Here are 10 more steps you can take for digital security:

  1. Make sure your operating system and antivirus software are updated before you go on the road.
  2. Backup your data before you head out (and store the backup in a safe place).
  3. Consider leaving some data behind or move sensitive data from your laptop hard drive to an encrypted USB stick.
  4. Make sure you have password protection and inactivity timeout engaged on all devices including laptops, tablets, and smartphones.
  5. If possible, only use reputable hotel Internet service providers (ask the hotel who their provider is before you book).
  6. If the hotel Internet asks you to update software in order to connect, immediately disconnect and tell the front desk.
  7. If you use hotel Internet to connect to your company network use a VPN.
  8. Do not use WiFi connections that are not encrypted with WPA (avoid WEP encrypted connections which are easily hacked).
  9. Avoid online banking and shopping while on any hotel or public Internet connection.
  10. Disable pop-ups in your web browser.

But for the majority of business travelers, an awareness of basic risks and a familiarity with a few tools and behaviors is a good place to start. Read over this list of easy-to-implement steps by digital security researcher John Scott-Railton, who covers the basics, including encrypting a computer's hard drive, enabling two-factor authentication on important accounts, and choosing a tough-to-crack password.


What do you do to protect your data and identity while you travel? Is it important to you? Let us know in the comments below!

Tara ByrneComment