Fortinet Inc.

07/05/2022 | Press release | Distributed by Public on 07/05/2022 09:07

A Traveler’s Guide to Staying Cybersafe and Practicing Proper Cyber Hygiene

As Covid-19 infection rates shift and countries re-open their borders for tourism, travel in some places has returned at an even higher rate than pre-pandemic. With expanding travel comes expanding cyber risks, and it is as important as ever for those heading abroad this summer to practice cyber hygiene.

In this Q&A with Jonas Walker, a Security Strategist with Fortinet's FortiGuard Labs, he offers his insight into how to stay safe and avoid attacks from threat actors while traveling in today's cyber world.

Why is practicing cyber hygiene essential for travelers?

Cyber hygiene is like personal hygiene, it's all about having a daily routine. That includes good practices to ensure that your environment stays clean, especially when traveling.

When you travel, you typically carry a device, a computer or smartphone, with you. These devices are known as endpoints. The nature of endpoints is that they connect to different networks, whether that be a hotel, a corporate network, public Wi-Fi, or at a conference. Endpoints are thus the last stage of a network, making them the most at risk.

For example, if you travel with your laptop, and then you come back to your own environment, your computer, which has been connected to a lot of different devices, is now being brought back to your own network where it's connected to your own servers, and your own infrastructures. And if while you were traveling, your endpoint device was infected with malicious software like viruses, there's a chance you could infect your corporate network.

If threat actors can gain access to your specific device, then they can gain access to your corporate network. With this, threat actors have a foot inside the network, which allows them to move laterally through the networks and scan the network from inside. This often leads to ransomware down the line at the later stage of an attack.

How have cybercriminals taken advantage of the recent increase in travel?

Threat actors are ahead of the curve; they always have been. The better they are prepared, the more likely they will be successful.

What we're seeing from attackers, is that they are closely monitoring how people are behaving differently than they used to with the world changing. So, for example, when travel opens up, they are monitoring what that means, with regards to what people are doing and their behaviors. Sometimes travelers forget the very basics of staying cyber safe, and that's why it's really good to remember the importance of cyber hygiene.

We have seen just in the last couple of weeks different kinds of phishing campaigns leveraging the fact that people are traveling again. One example that we released recently, is phishing scams that contain malicious weaponized PDF files pretending they have information about the travel itinerary. Conferences are super popular for this for these kinds of attacks, as well as airports. Wherever there's travel involved, this risk exists.

What can travelers do to protect themselves against cyber-attacks?

I think the most important point is to patch your systems. This is something which should be something of high priority whether you're traveling or not. A good example is when you open the App Store or Google Play Store and update the apps on your smartphone. Next time you do this, check out the release notes, and why the vendor is recommending you update their app. More often than not, it's not about a feature or a new UI. In most cases, it's about security features, it's about a bug that has been fixed. If you don't update these apps, threat actors who are aware of these issues as disclosed by the vendor can take advantage of these vulnerabilities. It's not that difficult for an attacker to scan systems that haven't been patched and compare if the systems are on different software levels If they are, they know whether something is vulnerable or not. So, updating the system is really important.

Another important point is not to install random stuff on your computer for which you don't know the legitimacy. This was very popular at the beginning of Covid when people wanted to understand what was happening with the spread of the virus, and therefore installed trackers. When traveling, sometimes you need different kinds of tracking software, especially if you are in different countries, and especially now with a lot of countries asking for certain kinds of trackers at airport immigration for example. Make sure you install the right one and not some weaponized files which might be floating around the Internet.

It's also really important to be aware of with whom you share your devices. For example, when you travel, don't let someone else use your laptop, even quickly to just browse a website or check some emails. This is really dangerous because if someone else connects to their own inbox, this could lead to you opening a certain file and downloading malicious stuff onto your computer. The same holds for connecting USB sticks from others to your computer. You never know what's what kind of software is stored on a USB stick; it may automatically run once it's connected to your system. I highly recommend never using a USB stick from others.