Checklist 164: Over the River and Through the Woods

The Checklist hits the road this week, with a complete guide to how to keep yourself safe during the holiday travel season. We’ll tell you what to do before you even walk out the door, how to protect yourself while you’re traveling, and what things to bear in mind when you reach your destination.

This week’s Checklist is all about travel:

• Before you go
• On the way
• While you’re there

All my bags are packed — ready to go?

Staying safe during holiday travel isn’t all that difficult, but there are some basic precautions that people often overlook — and a number of these are things that should be done before the actual trip even begins. So as you’re packing your bags and wrapping the last of the gifts, make sure to do the following as well:

Update everything

Malicious actors are always looking to take advantage of vulnerabilities which have been discovered in operating systems and major software products. Of course, the companies responsible for securing these technologies are well aware of that, which is why they task their security teams and engineers with releasing patches and updates as soon as possible. 

But if you aren’t regularly updating your systems and apps, all those vulnerabilities are just waiting, unpatched, for someone to exploit. So take a moment to update your OS and software — both on your laptop and your mobile devices — as you’re packing your bags.

And don’t forget to do this with your antivirus software as well. Well-supported security software will be regularly updated with the latest malware definitions so that it knows what to look for when it scans your system — but if you’ve neglected to update your antivirus product, it’s not going to be as effective as possible (after all, it can’t detect what it doesn’t know about). So take a moment to update security apps as well.

Turn on theft protection

When you’re going to be in a lot of unfamiliar places — or places with large crowds of tourists and travelers — you’ll already be facing an increased risk of theft. In addition, you’re likely to be rushed and distracted during holiday travel, further increasing the chances of a stolen laptop or cell phone. And of course, beyond the risk of crime, there’s also the fact that we tend to lose things when we travel!

That’s why it’s important to activate your device’s tracking and anti-theft features. For newer macOS and iOS devices, this is now accomplished through the “Find My” app. Find My can help you locate a missing device (even when it’s offline) and will let you lock it down remotely if you think it’s been stolen. You can find complete instructions on how to enable Find My on Apple’s support site. Android has a Find My Device feature for its users as well. And if you’re using a Windows machine, Microsoft also offers a similar functionality.

Use 2FA

We do talk a lot about two-factor authentication on the Checklist — but that’s because it’s one of the best security precautions you can take to prevent unauthorized access to your accounts.

Many people find 2FA confusing or even intimidating if they haven’t used it before. This is completely understandable: Like any technology, there’s a bit of a learning curve at first (though we promise, it doesn’t take long at all to get the hang of 2FA). 

We don’t want to stress you out before the holidays, so if you aren’t using two-factor authentication, we aren’t going to tell you to make a radical change and enable it on every single account and service you own. Instead, we’d like to offer you a suggestion: Use holiday travel as an opportunity to dip your toe in the water with 2FA.

There’s bound to be one or two services that you’ll use during holiday travel more than all the others: maybe Gmail for keeping in touch with folks back home, or Instagram for posting turkey and pie pictures. Before you leave, turn on 2FA for a couple of these services. It will keep you safer while you travel — and give you a head start on your New Year’s cybersecurity resolutions.

Get a password manager

Another thing we often stress on the Checklist is the importance of using a password manager. For one thing, they’re convenient — it’s much easier to remember one master password than it is to keep track of literally dozens of separate passwords for all of your accounts. But their main advantage is that they allow you to “do the right thing” with regard to password best practices: Create strong, unique passwords for each and every site, service, and app you use. 

Without password managers, it’s simply too tempting to slack off a bit on this crucial element of personal cybersecurity and reuse passwords across sites or use weak passwords. Unless you only have a handful of accounts — or you’re willing to commit multiple complex passwords to memory and store written backups in a safe deposit box — password managers are the only feasible option.

As with 2FA, it’s not necessary to treat password managers as an all-or-nothing affair. Consider installing a reputable product like 1Password or Dashlane before you go, and using it to manage passwords for a few of your most frequently used accounts during your trip. If you have to sign up for something while you’re on the road, you’ll have a perfect opportunity to see how to use a password manager on a brand-new account. Once you see how easy a password manager is to use (and how much simpler it makes everything), you’ll never go back.

Planes, trains, and automobiles

If you’ve followed the above advice, you’re well on your way to having a safe trip. But there are a few things to keep in mind about the journey itself. Do these three things while on the road to make sure you arrive digitally safe and sound:

Beware of strange outlets

Way back on Checklist 150 we told you about a security researcher who had created a very convincing facsimile of an Apple Lightning cable which was capable of hacking any Mac it was plugged into. While we didn’t think this particular item posed much of a threat to the average user, it did help underscore the point that anything you plug into your computer can — at least potentially — infect it with malware. It also demonstrated that an ordinary looking USB connection could be a hacking tool in disguise.

This is why we recommend that when you’re in a public place like an airport lounge or a hotel business center, you never charge your device with a USB power port. Statistically speaking, it’s probably unlikely that the airport or hotel was compromised by a hacker — but on the other hand, you have no way of knowing who installed those ports or who has regular access to them. In other words, don’t take a chance if you don’t have to (and with ordinary wall outlets everywhere, you don’t have to risk plugging into a potentially malicious USB port).

Use a VPN

Whenever you’re on a public network, whether it’s in a Starbucks, at a highway rest area, or in an airport or hotel, anything you send over that network is at risk of being intercepted and monitored. 

If a network is poorly secured (and lots of networks are poorly secured), it’s not going to take elite level hacking skills or exotic NSA scanning tools to capture and read network traffic: That’s something well within the abilities of an ordinary malicious actor. And busy public places with lots of people coming and going and connecting to an insecure network are potential jackpots for cybercriminals.

Aside from the security issue, there’s also a privacy concern, because even if a network is secure, its administrators and the ISP can see what you’re up to (yes, even if you’re in “Private” Browsing mode). 

That’s why we advise using a VPN (virtual private network) whenever you’re connected to public WiFi. It encrypts all data leaving and entering your computer so that it’s safe from prying eyes as it’s routed through the public network. If you’re using iOS, a VPN that we like to recommend is Guardian Firewall + VPN. For Macs and Windows machines, there are a number of reliable, cross-platform VPNs to choose from — just read the recent reviews to see how they’ve been performing for users of late.

Lock it down

One last aspect of cybersecurity while you’re traveling is something that a lot of people overlook, perhaps because it’s so “low tech”, relatively speaking. We think about hackers infecting our computers with malware, or monitoring our network traffic from the next room, but sometimes we forget that our computers and mobile devices are physical things that have the disadvantage of any piece of physical property — namely, someone can pick them off and walk off with them, or sit down and start reading through our emails if we’re careless enough to leave a laptop unattended in public.

This is why you should always use a passcode or password of some sort to protect your mobile devices and laptops, and never walk away from a device in public without first sending it into a password-protected sleep or screensaver mode. If you have access to some form of biometric authentication like Face ID or Touch ID, that’s even better.

Home for the holidays

Once you arrive at your destination, the hardest part is over, and your biggest worries should be about eating too much pie and avoiding political debates with your relatives. But there are still a couple of digital security issues to keep in mind before stuffing yourself with turkey, so read on:

Keep that VPN on

We know that you know to use a VPN when connected to hotel or Airbnb WiFi — after all, those are clearly public networks in the same way that airport or coffee shop networks are. 

But a lot of people assume that home networks set up by friends and family are completely safe, and this, unfortunately, is a mistake.

We’re not implying that your Gran is going to hack you, of course. But we are suggesting that a network which you haven’t configured yourself is, by definition, a bit of an unknown. And unfortunately, this means that our loved ones’ home networks may not be as secure as we’d like.

That’s why whenever you’re using a network that you didn’t personally set up, it’s best to err on the side of caution and go on using that VPN.  

Set up fast sleep and password prompts

If you leave your laptop open on the kitchen table, you trust your relatives not to install malware on it or start going through your emails. But do you trust the younglings not to look at your Amazon shopping history for a preview of Christmas morning? It’s happened to more than one family, which is why it’s important to practice physical device security even at your relatives’ homes — especially if you’re going to be in a house with lots of people around. 

The best (and most graceful) way to do this is to set your computer to require a password after going to sleep or starting up a screensaver, and then to change the settings on your machine so that it goes to sleep after a short period of inactivity. If you’re using a MacBook, you can also use Hot Corners to create a shortcut which will activate the screensaver when you move your mouse pointer to a designated corner of your screen. Your device will be off-limits to curious children, and when you start up the screensaver before leaving the room, everyone will just assume that you’re only doing what you normally do out of habit.

Give the gift of cybersecurity

If you’ve done all of these things, you’re not only much safer than most people, but you probably know a lot more about computer security as well! 

Here on the Checklist, we believe that sharing knowledge is the best way to keep one another digitally secure — and the holidays are the perfect time to share what you know with the people you love the most. There’s time to sit around and talk, and people are in a more relaxed and receptive frame of mind than usual. Plus, you’re all in the same room together, making it easy to show someone how to set something up or to demonstrate how something works. 

So take our cybersecurity quiz with your friends and family for a fun, low-key way to break the ice and start a conversation about digital security and privacy. Let your loved ones know about the Checklist! Or go the extra mile and help them set up a password manager or 2FA.