Hooray for the holiday season! Kids get a break from school, you get a break from work (maybe), and there are great opportunities for family and friends to get together and unwind. For millions of people, that means travel. Unfortunately, travel also means risk. Theft of physical possessions used to be the big worry -- wallets, purses, bags, passports, cash, and the like were prone to pickpockets or other types of theft. And while those issues are still a concern (make sure you keep a color photocopy of your passport separate from your official documents, along with extra cash, a spare credit card, and contact numbers for your bank and credit card providers), the threat of cyber theft is growing rapidly.

Today, when most of us can’t bear to be – or can’t afford to be – offline, and everyone, even kids, travels with multiple digital devices, you’ve got to make sure you’re thinking about cybersecurity and data theft when you travel – and not just your physical security. The FBI's Internet Crime Complaint Center (IC3) received an average of more than 900 complaints every day in 2018. And because travel means navigating unfamiliar territory, often while distracted, that makes you and your family more vulnerable to digital attack than ever. And there are plenty of cybercriminals out there eager to steal your data and ruin more than your vacation.

Fortunately, being aware of the risks and taking some basic precautions can significantly reduce your exposure. Here are some practical tips that can help keep you and your family’s data safe when traveling this holiday season.

Before you go:

  • Travel light. That means reducing the number of connected devices you and your family carry with you, and removing as much personal data from those devices as you can before you travel. And before you go, make sure you have backed up your data and devices to the cloud, and deleted anything you don’t need on your device – especially those things that could give a criminal access to things like your banking resources.
  • Update passwords. Yes, passwords are a nuisance. And many of us give in to the temptation of using easy passwords and using those same passwords for multiple accounts. But this can multiply the damage done by a single password theft. Get creative about passwords. Use the first letter of each word in a favorite song lyrics or catchphrase – swap letters for numbers. Or better yet, get a password manager/generator so you don’t have to remember everything. And while two-factor authentication can seem like an added annoyance, it’s a small price to pay for protecting your sensitive information.
  • Encrypt. Don’t store data in the clear. Whenever possible, use encryption software to make sure that sensitive data is not exposed – even if you have to surrender your devices for inspection at a border. That means installing and knowing how to use a VPN application for those times you need to conduct business or transactions in a public setting, and using a digital lock that encrypts data stored on your device.

While you’re traveling:

  • Watch your WiFi and Bluetooth. Data thieves often spoof public WiFi networks in airports, hotels, and coffee shops--even using branded pages to make it look like you’re safe. They’re connecting you to the Internet all right, but passing everything through their machines, stealing your data and user credentials. This is the aptly-named man-in-the-middle attack. In addition, leaving Bluetooth and WiFi on can enable cyber criminals to access your device and its data while you’re not paying attention. Most smartphones today, for example, are constantly searching for known access points, and malware that can spoof things like your home or hotel SSID on the fly can connect to your device without you even knowing.
Tourists travel by kayak on Half Moon island, Antarctica
Tourists travel by kayak on Half Moon island, Antarctica AFP / Johan ORDONEZ

There are a few ways you can protect yourself here: First, turn off automatic connections for both WiFi and Bluetooth. Second, check before you connect. Ask staff for the name of the business’ WiFi SSID before you connect and make sure it matches. Third, instead of using public WiFi networks, set up your smartphone as a hotspot and connect other devices through that.

  • Don’t trust those USB charger ports. USB charging stands in airports and other locations might look like a godsend when your battery is on its last legs, but plugging a USB cable directly into a charging port can enable attackers to download your data while they charge your device. Law enforcement officials have reported a rise in “juice jacking,” in which criminals load malware into these charging stands, which then infects the phones and other devices of unsuspecting users. Plug your own adapter into a regular electrical outlet and charge that way, or consider purchasing a portable charger for emergencies. If you have to use a USB charging station, make sure your device is turned completely off before you plug it in.
  • Don’t leave your devices unattended or unlocked. It’s a trivial thing to install key loggers or other malware on devices when they’re physically accessible. Hotel staff can run profitable side hustles aiding cyber criminals in this way. Make sure your devices are turned off and locked when you’re not using them—even if you put them in a hotel safe.
  • Think before you click. Bogus emails are frequent delivery mechanisms for phishing attacks, whether you’re traveling or at home. Don’t click links from untrusted sources. If someone you trust sends a suspicious link, ask them about it first – their email could be compromised. If you get an unexpected email from an organization, connect through their actual website rather than clicking on any embedded links. And remember that when you’re traveling, you’re more likely to access unfamiliar websites sometimes in an unfamiliar language. Malware is a concern for compromised or spoofed websites. Make sure you’re really connecting to the business you think you’re connecting to. Watch for bad grammar, misspellings, uncharacteristic language, or inconsistent graphical elements. You should also hover over URLs before you click links to make sure they’re genuine.
  • Don’t overexpose yourself. I must confess, I don’t understand why so many people are so willing—even eager—to over-share personal information online through social media, especially when traveling. We’re leaving home now! (leaving it unattended for would-be Home Alone-type attacks) We just arrived at the “insert name here” hotel in Paris… Now we’re going out to dinner! (so make sure to stop by our room) Really? Why not wait, enjoy your vacation, and post about it when you get home?

It may seem like a drag having to think about cybersecurity when you want to relax and enjoy your vacation. But think about how unrelaxed you’ll be if you fall prey to a phishing scam or man-in-the-middle attack while you’re traveling. Accept the fact that travel has always meant increased risk. Rise to the challenge. Make a game of it if that makes it easier. But be prepared and take some simple precautions. You’ll increase your chances of having that relaxing and enjoyable trip you’ve been looking forward to.

(Derek Manky is the chief of security insights and global threat alliances, Fortinet.)