Even though we often go on vacation to get away from everything (especially technology), that does not mean that you can take a break from internet safety while travelling. Cyber security for solo female travellers is especially important as more women venture out on their own (as they should not be afraid to do).
Cyber Security at Home
Check your Network
Have you named your network after yourself? Even if you know your friends and neighbours and the extent of their computer knowledge is turning on the computer, that does not mean that you’re safe from a targeted cyberattack. Knowing that you’re going to be away means that your network is vulnerable to attack.
Have you ever been on Facebook and seen your friend’s responses to other posts? That means that when they are wishing you a good trip, their friends are seeing that as well. I’m willing to bet that not all of their friends are your friends; perhaps that bully from high school or the weird kid that lived on a computer is reading about you being away for some time. If you gave your network a simple name, like your own, it is easy to find. Seriously, there are websites that have mapped out networks all over the world and you can find them from the comfort of home.
It’s a good idea to rename your network something that does not tie back to you in any way. I know someone who named their network “spam and malware”. Or do a search for Wifi names and I promise you will be entertained. Also look at your password; ideally it will be long and hard to guess with a sprinkling of uppercase, numbers, and special characters.
Consider what you’ve named your mobile devices as well. All of them. Is your phone labelled “yournames iPhone”? You may as well wear a shirt with your name on it if that’s the case. What about a drone? Camera? Wireless headphones? What did you name your laptop? Change the names for all of them to something randomly awesome.
I would even go so far as to unplug your router. Partially to avoid hacking, but also to prevent it being damaged by power surges. Even if you’re not using it, it’s still drawing power that you are paying for. If you’re going to be gone for a long time, it might even be worth calling your internet provider to have your service suspended so you’re not paying for something you’re not using.
While you’re at it, unplug all your other connected devices. I’m willing to bet that you would be devastated to come home, sit down in front of your 65” TV to catch up on all the shows you missed, only to find that it had been damaged by a power surge. Or that your printer (which are notoriously insecure) had been hacked and now your network belongs to some kid who wanted to try something they saw on Reddit.
Best Password Management
Speaking of passwords, avoid saving them on your phone or on a post-it note next to your monitor. If your phone gets stolen or compromised, you may as well roll out the red carpet to all of your accounts. If you need a back-up for your passwords, you can consider a password vault which can keep all of your passwords safe. That way you only need to remember one password (for the vault) instead of all of them. Or go really old school and keep a written list somewhere safe. If you have a naming system, you can just leave reminders for yourself that won’t mean anything to anyone else if they happen to find it.
Ensure every account has its own password. Yes I know it’s a pain in the backside to remember umpteen passwords, but here’s the reason why cyber security experts keep saying to change your password:
If a website or network gets breached, such as MyFitnessPal, the hackers now have the email address that was used to sign up and the password. They can now use that email address and password in every other banking institution, social media platform, anything and everything to see if they get in. Being lazy and creatures of habit, odds are at good that there will be quite a few accounts that can be accessed this way. Or the hackers will just take that information and post it on a dark market site and sell it off. Easy money.
Do you want to know if your email has been involved in a cyber breach? Use this website to find out: https://haveibeenpwned.com
Obviously there’s a TON more tips for cyber security but that would turn this into a novel. Let’s get to the fun part: travel cyber security.
Cyber Safety While Travelling
While many cyber security tips are designed to minimize your digital footprint and how to be safe on the internet, there are many ways that we can use this to protect ourselves while travelling. Some of these are especially important for women travelling alone as I will show you below.
Keep in mind that this doesn’t negate the old school advice of telling friends and family where you are going and giving them a travel itinerary. That’s still a great idea. If you are like me and have no idea where you’re going to be from one hour to the next, never mind one day to the next, you have to be a little more creative. I mean if I have a spot booked in three days somewhere, I do let people know. If you’ve been reading our adventures, you know that situation is few and far between. Or if you’re going to be staying in areas with ample cell signal, you can have a check-in time. However, make sure you have a discussion about what happens if you end up in a place with no signal.
Some of these points may sound a bit far out but consider this: your phone and all the apps on it are farming your data. Big Brother isn’t watching to find out where you go. Big Brother wants to targets ads to encourage you to buy more. They use artificial intelligence to get to know your patterns of life, monitor your internet searches (did you see any ads related to travel while or after you read this?), and conveniently suggest something you may be interested in. This is actually laid out in some ad networks as a selling feature.
Or have you taken a seminar with someone and they suddenly end up as a person you may know in Facebook? Social media platforms want you to spend more time on them so you see more ads that they can sell to ad networks. This is incredibly pervasive so why not use it to your advantage? I have no problem with using their tactics against them as part of a general plan that includes cyber security while travelling.
And just so you don’t think I lined my house in tinfoil because the hat got too uncomfortable, I did speak to a few friends who work in the cybercrime section of a large police service. As much as we don’t want to think of ourselves as vulnerable while travelling, it would be foolish not to acknowledge that risk and to have ways that we can use every tool available to ensure that we get home safely.
Normally I keep these turned off at home unless I absolutely need it for an app, like Maps or Waze, to work. When I’m travelling, they all stay on. I want my phone to be screaming out to the internet where I am at all times. I think of it as leaving digital breadcrumbs wherever I go.
Remember to turn it on for your camera as well. Depending on the settings, if you send someone a photo of somewhere you’ve been, the GPS co-ordinates may get sent through with the picture. This can provide an exact place where you’ve been, rather than “I was in Montana”. This is embedded in the photo as part of the metadata and can include the date, time, device used, which camera the phone used, the direction it was facing, and more. So just make sure that what you're telling people and what you're sending them match up...if you know what I mean... And having the metadata can help you remember where you were when you took that amazing photo.
I do switch my phone to airplane mode when I’m using a map app. I’ll enter the destination, wait until it has the route started, and then turn to airplane mode. This way I’m saving my data plan from being depleted just because I need a coffee. Or if I'm somewhere and want to avoid anyone seeing my device, I will quickly switch it to airplane mode.
Avoid Connecting to Insecure Networks
It may be tempting to connect to the cafe’s free Wifi, but are you actually connecting to the cafe’s free Wifi? It is so easy for anyone to go to the coffeeshop, set up a hotspot named “freewifi” and wait for everyone to connect. They can then sit back with a coffee and capture all of the traffic across the network, including login credentials and passwords. I know that not having the benefit of our home networks means that every time we want to check our Instagram we’re using our own data, but it just is not worth the risk.
I am pretty sure that was how I gave someone access to my laptop years ago. After we got back from a trip out east, I kept getting prompted to enter a code into my phone whenever I started up my laptop. I now know that was someone using social engineering techniques to defeat two-factor authentication. Whoops.
If you absolutely have to check your Pinterest while you’re waiting in line, use a VPN (Virtual Private Network). This basically acts as a buffer between you and the Internet. If you’re worried about your data running out, most providers have some kind of add-on that you can buy before you leave home.
Avoid Plugging in Strange Devices
I think we have all done this: found a USB on the ground and plugged it in to our computer to hopefully connect it with the owner. It may just have photos of birthday parties or it may be loaded full of malware. If you want to reunite the lost USB with its owner, turn it in to the police or administrative office if you’re in a park. If someone discovers it is missing, that’s the most logical place to find it anyway. Yes we see those happy stories online where someone is reunited with magical photos that they were sure were lost forever. Unless you know what you’re doing to prevent potential malware taking over your magical family photos, let someone else find the owner.
Being on the road and enjoying your adventures, you may feel less pressure, or be too distracted, to follow your usual cyber security tactics. Which means that when you take a brief moment to check your email and see a warning message from Amazon or PayPal that your account has been suspended unless you follow the link provided, you might click on the link. If you're not going to leave your emails behind, at least make sure that you are mindful of the potential of phishing attempts.
Leave Your Information With Friends
This is thinking a little outside the box but bear with me. If you have someone that you really trust, consider leaving some of your bank, social media account, and tracking information with them. For example, if you aren’t heard from or if you miss a check-in, they can go to FindMyiPhone and see where your phone is. It may not be anything nefarious, but you could have hit a deer and are now sitting in a ditch. If your wallet gets stolen, you can let them know and they can give you your info and check if your cards have been used. Or (and this is the extreme), if you’ve gone missing but your cards have been used, police can use that information faster than requesting it through the bank or credit card companies.
You could always give them an envelope with all of your social media accounts, bank institutions (not just Visa but Aeroplan Visa for example), car information, phone information including provider and model, and anything else you can think of. Or you could send it to them in a chat over a platform like WhatsApp, Telegram, or Signal. That way you get notified if they open it and you can delete it when you get home safe and sound.
If you don’t want to leave passwords, I get that; at least leave them with your phone provider, phone model, social media handles, and who you bank with. That still gives the police lots to work with.
This can be a double-edged sword. It can provide clear details about where you’ve been but it can also provide the wrong people with information about you.
I typically do not tag a location until after I have left; sometimes not until days after we’ve passed by. Here’s the reason why: I stand out. Between my travelling companions and the fact that I usually look like I’ve just emerged from the wilderness, we get noticed. If I tag us on Instagram while we're sitting at a brewery enjoying a meal, anyone can search those tags and see the accounts that posted them. Now they know my account, they know everything that I’ve posted, and they can watch to see what car I get into. If they are staff or are affiliated with the staff, they could potentially get my credit card info.