Summer, sun and hackers – Tips for avoiding IT security risks on holiday
by VPNHaus | 07/11/2018 | Windows 8
If you feel great after your holiday but find your bank account empty, perhaps the shopping trip on the Via Monte Napoleone went a little too far. But if you are not the culprit, cybercriminals may have drained your bank account as they are usually active during the holiday season. Staying connected has become so essential, it’s hard to go on holiday without packing a smartphone. However, this leads users outside of trusted environments and invites insecure or risky connections. Most people use mobile data roaming or Wi-Fi to access the internet on holiday and both are vulnerable technologies, albeit in different ways. Thankfully the cost of data roaming in the EU is now capped. Since mid-June 2017, holidaymakers have been able to make mobile phone calls and surf the internet in other European countries at no additional cost. This was the result of an agreement between the EU member states in April 2016 on a Roam-Like-At-Home policy. Although horrendous charges such as 12,000 euros billed to a family after using satellite internet on a cruise by mistake have since become an exception, this is not the case for countries outside of the EU, where fees can cause a hefty dent in your bank balance.
Wi-Fi is a handy alternative and many hotels and other operators provide a free service. But even free Wi-Fi can come at a cost – even if for other reasons. Hotspots are notorious security risks. Wireless signals between the device and the access point are generally unencrypted, at least until the user is logged in. Frequently, communication remains unencrypted even after a successful login. Anyone sitting within a few dozen meters with a notebook and the corresponding software can intercept data. Even if the Wi-Fi provider uses encryption, data may be unencrypted after it leaves the access point. Although many standard applications such as web browsers and email use encryption, data may not always be encrypted.
Users who want to keep their data private must use encryption. When using a browser, make sure you use a secure connection (HTTPS), emails can be protected with programs such as Pretty Good Privacy (PGP), EnigMail or GnuPG. A secure connection via SSL is indicated by a small padlock in the address bar and this type of connection protects the data sent between Firefox, Internet Explorer or Chrome and the remote server on the internet. Plug-ins for many browsers accept only secure connections automatically if configured to do so, for example HTTPS Everywhere for Firefox and Chrome. Instead of securing each application, all data traffic can be secured seamlessly through a virtual private network (VPN). Professionals usually rely on VPNs for secure communication, such as the NCP Secure Enterprise Gateway and NCP VPN clients. Private users can protect their privacy through a provider such as OpenVPN or Hotspot Shield, even if it is only a limited form of VPN. This secures the route from the device to the servers on the network; beyond this data packets exit to the Internet without encryption. At least that means third parties close to the hotspot cannot eavesdrop on the secure connection.
Encryption is also an important aspect when using cloud services. Whether OneDrive from Microsoft or Google Drive or Dropbox – all online storage providers have access to the files in the cloud storage in principle. The only way to prevent this is to use encryption on your own device. TrueCrypt is no longer considered as secure encryption software. Alternatives such as AxCrypt, BlowFish Advanced and Gpg4Win, although the effectiveness of these tools has still yet to be fully investigated. Boxcryptor even explicitly supports all major online storage services, making encryption particularly convenient. If you don't want to make the effort of encrypting encryption for files and e-mails, you should at least secure your passwords, PINs and TANS. Password safes such as KeePass are easy to use, available for many operating systems and a better alternative to a sticky note under the keyboard. Experts also recommend enabling the internal firewall on your device and keeping security software up-to-date.
The convenience of smartphones and other mobile devices also has a downside. Devices which fit in your pocket are also easy for thieves to conceal. Loss and theft of mobile devices have been increasing for years due to the value of luxury digital goods. Unfortunately, devices can only be protected from theft to a limited extent. It’s easy to be distracted from the lighting fast grasp of professional thieves and suddenly a prized possession has disappeared from view. To minimize your loss, ensure that you at least make current backups of the data. Cloud services are perfect for doing this – if the data is encrypted. Likewise, choosing sufficiently long access codes or PINs and enabling software for tracking or remote wiping will give you peace on mind on your next holiday.