This Expert Hacker Shares the Secrets to Making Your Travel Safe From Cyber Attacks
Grow Your Business, Not Your Inbox
When it comes to figuring out the logistics for business trips, booking flights and hotels, getting to those meetings on time and closing deals are top priorities. But one thing that may not be your to-do list but definitely should be is keeping your digital information safe while on the go.
We turned to Jeff Moss, the founder of Black Hat and Def Con, two of the most well-known hacking and information security conferences in the world, and advisor to the U.S. Department of Homeland Security Advisory Council for advice.
Here are five ways to to make the most of your business travel and keep your business and personal data away from prying eyes.
1. Take your passport
Even if you are travelling domestically, Moss says he never leaves home without his passport. The reason being is a person’s driver's license has too much information on it, including address, weight, height, eye color and organ-donor status.
Moss also says to be wary of bars and restaurants that use card readers at the door. Those scanners aren't just noting your age, as the barcode on the back contains all of the information on the front -- and that data can be sold to more nefarious third parties.
"They don't tell you that but they keep all the information. Now they know the 5-foot-6, blond-haired, blue-eyed, 22-year-old came into the bar, and they can correlate your name to credit card purchases," he says.
Not only that, but a photocopied ID doesn't necessarily stay in one place either.
2. Don't leave your devices in the hotel room
"I have a pretty absolutist view, which is just keep your electronics with you at all times," says Moss, noting that it’s the only way to guarantee your computer will remain untampered for the duration of your trip. He recommends investing in a lightweight laptop or tablet, so it isn't cumbersome to carry around.
However, if you do decide to leave your devices in the room, make sure you have your hard-drive fully encrypted. "That doesn't protect you against everything, but it really helps out if someone is trying to resell the laptops."
3. Utilize encryption tools
As for tools that you can simply snap up from the app store, Moss recommended private messaging app Signal that encrypts calls and texts. "Generally it's considered by security people to be the best, most secure, voice and text app, and it's great, because it works on both [Android and iOS] devices."
Another app he’s a fan of is Silent Phone. If you aren’t speaking to someone on an encrypted line, the app will build an encrypted line between you and a secure call center, and then it will dial out from that call center to connect with the normal landline.
“If I'm in China and I want to call my mom, and my mom doesn't have a mobile device with an encrypted signal, I have to call a normal phone line for mom. While mom's side of the conversation could be listened to, I don't have to worry about the part happening in China,” he says. “When I need to call people and I don't trust the local providers, I just encrypt it out and then I get my voice call."
4. Avoid hotel WiFi and business centers
If your business has a properly configured VPN -- a Virtual Private Network -- your information is generally safe. But occasionally, if you're using the hotel’s WiFi -- either in the business center or your room -- it will block your VPN or only certain ones will work.
"A lot of these hotels, to even get online, you can't get on the WiFi without first accepting the terms of service or paying or something. So you can't use your VPN for that portion and that's the most dangerous period,” Moss says. “A lot of those use expired SSL search that are not compatible with modern browsers.”
His solution is to bypass any hotel systems altogether and use the hotspot on his phone to connect his devices to the Internet. "That seems pretty consistent, because I can get on right away, I can use my VPN the whole time. I just don't get tons of bandwidth. I can browse web and do email."
5. Talk about sensitive subjects in person
“Assume all of your texts and voicemails are listened to," explains Moss.
So if you're planning to talk about budgets, mergers or other sensitive information with employees or business partners, maybe just wait until you're in the same room together.
"Unless you're sure you have a cryptophone or some sort of secure messaging system, it is best to assume what you say on a normal phone will be [listened to] because the cost of intercepting the stuff is so cheap that lots of people do it," says Moss.