[ISN] Travel Tips for the Digital Age

From: InfoSec News (alerts@private)
Date: Thu Jan 18 2007 - 22:32:15 PST


By Maryann Lawlor
AFCEA Signal Connections
January 16, 2007

Securing valuables while traveling is about more than suitcase locks, 
money belts, travelers checks and hotel safes. These days, information 
is one of the most precious commodities that people carry with them 
everywhere. Whether on the road for pleasure or on military, government 
or commercial business, professionals are laden with laptops, cell 
phones and personal digital assistants filled with data just ripe for 
the picking by information thieves.

But according to Robert J. Bagnall, chairman and chief executive 
officer, Maverick-Security LLC, 80 percent of the information security 
breaches that people face every day can be averted by using common 
sense, employing information security products and being aware of their 
cyber surroundings.

Threats to information differ depending on the region of the world, 
Bagnall states. China, for example, has an open hacking policy; however, 
citizens go to jail if they are hacking in an attempt to overthrow the 
government, he explains. Because the Chinese military trains personnel 
to hack into computer systems, travelers may be targeted if they are 
carrying military information.

Russian hackers are motivated by a different desire: greed. In the past, 
Russian hackers specialized in identification theft. They would steal 
credit card information then sell it in bulk. But Bagnall says there is 
a new specialty in Russia of selling boutique data. If someone wants 
access to specific data in the military, for example, they can go to the 
guys who have it and buy just what they want. Pricing is based on the 
quality and reliability of the data, he explains.

In Israel and France, Bagnall notes, hacking is all about economic 
espionage. The thieves aim to steal corporate secrets or to access 
corporate networks.

By staying informed about the type of data hackers in the destination 
country are most interested in grabbing, travelers can take appropriate 
precautions to protect particular information. On its Web site, 
Maverick-Security has published its top 10 security tips [1] for 
protecting data while traveling. The list is divided into three 
categories: mild, medium and paranoid. Travelers should choose the 
security level they need for their specific travel plans. By employing 
as many of these tips as practically possible, the vast majority of 
security risks can be alleviated, Bagnall says.

Four of the recommendations fall in the mild category. First, travelers 
should use removable storage media to store critical data. Second, all 
dataincluding the information on the removable mediashould be backed up. 
Third, before leaving on a trip, firewalls, intrusion detection systems 
and antivirus applications should be updated. Fourth, any equipment that 
is not needed or not in use should be turned off. The safest computer is 
the one thats not on and not connected, Bagnall points out.

The first recommendation in the medium security category is to trim down 
the information that will be taken on a trip to the bare minimum. 
Documents should be duplicates, not originals. When you travel, you must 
assume that your data is at risk, Bagnall says. To minimize the risk, 
bring only the data necessary to accomplish your goals while you travel.

Using encryption to protect critical data is the second suggestion in 
the medium category. Because wireless capabilities enable hackers to 
burrow into hard drives, travelers can no longer assume that data is 
safe even if it is on a hard drive that is in their possession. 
Encryption will help ensure that data is not lost, compromised or 

In addition, like all other valuables, digital devices should never be 
left unattended in hotel rooms. Removable media should be carried; 
laptops or other hardware should be locked in a hotel or room safe.

The paranoid category includes three suggestions. First, travelers 
should not use free connections without employing encryption and should 
never perform work-related tasks using public Internet kiosks. Second, 
upon returning from a trip, all passwords should be changed. Finally, 
when traveling, a more restricted user account should be established on 
a laptop, and the regular user account should be suspended until 
returning home. The temporary account should be wiped clean before 
plugging a laptop into a home or office network.

Maverick-Security plans to update its list of travel tips this year. We 
just want to tell people to look at themselves from the standpoint of 
what they bring with them. Also, look at the information about yourself 
that youre putting out on the Internet in places like MySpace.com. This 
information could lead to identity theft or stalking, Bagnall says.

Some security problems can be solved with technology; others have to be 
solved by working with people, he adds. For example, users must update 
software programs and apply security patches in a timely manner, and 
information security personnel need to be included at the beginning of 
the planning process of information system projects.

The bad guys are no less lazy than the rest of us. Thats why computer 
system break-ins are 80 percent preventable, he explains.

Copyright 2007 AFCEA International. All rights reserved.

[1] http://www.maverick-security.com/static_content/maverick_tips.pdf

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Thu Jan 18 2007 - 22:48:52 PST