IE 11 is not supported. For an optimal experience visit our site on another browser.

How to protect your digital life from hackers and criminals when you travel this summer

Survey finds most travelers don’t realize the risk of cybercrime increases when they’re on the road.
Image: A woman smiles inside a train station
Public Wi-Fi is inherently dangerous because anyone can access the network and anyone can eavesdrop on what’s being transmitted.Paul Bradbury / Getty Images/Caiaimage

Here’s something to consider as we enter the summer vacation season: We’re more vulnerable to digital security intrusions when we travel. We get distracted when we’re away from home and that break from our daily routine makes it easy to opt for convenience over security.

“Traveling has always been when people are most vulnerable. This goes all the way back to the days of pirates and highway robbers,” said Caleb Barlow, vice president of X-Force Threat Intelligence at IBM Security. “We’re trying to get from point A to point B, so we let our guard down and leave a little bit of our security thinking behind.”

We know the risks, according to a recent online survey conducted by Morning Consult for IBM Security. And yet, we do things that increase our chances of getting hacked when we’re on the road.

The key findings from the survey:

  • More than half (52 percent) of those responding worry that their sensitive digital information will get stolen when they travel.
  • More than 70 percent connect to public Wi-Fi, charge a device on a public USB station or enable auto-connect on their wireless devices. These are all considered high-risk behaviors.

Another security risk: A lot of people bring their business laptops, loaded with sensitive corporate information, with them when they go on vacation.

“Why not leave the work laptop behind and bring a spare one that has no corporate data on it,” Barlow advises. “If you need to access the corporate data or e-mail, do it through the cloud.”

Protect Yourself When You Travel

You can’t eliminate all digital threats when you’re on the go, but cybersecurity experts contacted by NBC News BETTER say you can significantly reduce your chances of having a problem by following these four simple steps:

Public Wi-Fi is risky — turn off unneeded connectivity

Public Wi-Fi is inherently dangerous because anyone can access the network and anyone can eavesdrop on what’s being transmitted, unless you use a virtual private network (VPN) to encrypt the data leaving your device.

Anyone can set up a free Wi-Fi hot spot. Scammers typically give their fake networks a name that’s similar to an authentic connection, using the name of the airport, airline, coffee shop or hotel (i.e. Hotel 1 instead of Hotel Guest), hoping to fool tired travelers.

“Connect to a Wi-Fi network that's been set up by a hacker and you’re now giving that network permission to start taking data off your machine,” said Christopher Hadnagy, chief human hacker at Social-Engineer, a digital security consulting and training company.

If your device is set to auto-connect, you might be leaking data and not even know it. Hadnagy recommends keeping the Wi-Fi on your smartphone turned off until you need it. Cellphone data is encrypted when it travels on the mobile network. But, if Wi-Fi is turned on, and the phone connects to the mobile network via a free Wi-Fi hotspot, the data transmitted is vulnerable.

Any digital device you use outside your home, including laptop, tablet, and smartphone, should have a VPN installed to protect your data.

Here’s how Hadnagy does it: “The Wi-Fi on my phone is off and every app is shut down. I connect to the Wi-Fi and turn my VPN on. Now I open any apps. That's the safest way to do it; you get into the VPN first before your apps start beaconing out information to the internet.”

Don't charge smartphones or tablets at public charging stations

Smartphones and tablets use the same USB port and a single USB cable for charging and sharing data. Plug that smartphone or tablet into a free charging station and unlock it, to check your email or go online, and all your data is vulnerable. It’s called “juice-jacking” and the threat is real.

If criminals set up — or reconfigure — that charging station, they can now access everything on the connected device: passwords, credit card and bank account numbers, contacts, pictures and videos. They can even read your email.

“There is no way to tell if that USB charging port is safe or malicious,” said Robert Siciliano, security awareness expert and CEO of Safr.Me, who has a tip sheet on how to avoid rogue charging stations. “Make sure your device is fully-charged before you leave home. If it needs a recharge, plug your phone directly into a public socket using the brick attachment. If you’re on the phone a lot, carry a portable charging stick or get an extra battery.”

Don't share when you're away

Be honest: It’s fun to use your social media accounts to let everyone know you’re on vacation. Whether it’s nature shots or selfies, you want to show the people you know — or think you know — what a great time you’re having. Sharing your travels in real time creates several problems.

“If you're telling everybody where you are, by definition, you're also telling them where you're not. And that leaves you open to becoming a victim of a home burglary, as well as possibly being stalked during your trip,” said digital security expert Adam Levin, founder of CyberScout and author of the book "Swiped". “Share the memories when you return from your trip, rather than the minute-by-minute activities as they're happening in real time.”

Cyber-crooks now target travel rewards

You work hard to rack up those airline and hotel travel rewards. To a criminal, they’re as good as cash, which is why they’ve become a priority target for hackers.

Travel companies are now the second-most attacked industry, according to the 2019 IBM X-Force Threat Intelligence Index, up from tenth place in 2017.

More than a half billion (566 million) records from the travel and transportation industry have been leaked or compromised since January 2018, IBM reports.

The only way to protect yourself is to create a strong and unique password for each travel rewards account. When possible, turn on two-factor authentication. And make it a point to check your account from time to time to look for suspicious activity.


Want more tips like these? NBC News BETTER is obsessed with finding easier, healthier and smarter ways to live. Sign up for our newsletter and follow us on Facebook, Twitter and Instagram