International Travel Security Tips

Over the past few years I’ve been fortunate enough to do a bit of international travel.  I’m also fascinated with personal security.  The following are some minor “best practices” for international travel security.  If you have any suggestions, post them so we can all benefit. Additionally, If I’m being foolish, please call me out.

Primer:  I fly with a US passport, often through countries where I prefer not to advertise my citizenship.  I worry about my general privacy being violated by large scale data-aggregation companies, identity fraud, and international terrorism.  I also worry about my US Passport elevating my profile.

Luggage

International Travel Security

I took this in a European airport.  Can you identify the US Service-member?  As a professional, it’s a worthwhile investment to buy normal/bland luggage.  I know plenty of servicemembers who view this as an unprofessional and ridiculous violation of Operational Security (OPSEC).  Obviously some do not.  Use normal luggage.  Blend in.  Don’t be interesting.

Passport Cover:  Inexpensive, professional and aesthetically pleasing, passport cases are a worthy investment.  Many are made with Radio Frequency Identification (RFID) blocking material.  The RFID blocking is a plus, but I think the biggest advantage is simply that it conceals my US passport.  I’m in an airport with thousands of strangers, in debatably hostile countries.  I have no idea who could catch a glance at my passport and immediately seethe with animosity.  To be honest, I don’t blame some of them but I’m damn sure not going to give them a reason to remember me.

International Travel Security

RFID Blocking:  Like the passport cover, I’m a fan of protecting my other digital assets from RFID compromise.  I’m interested in protecting all my electronic/RFID-capable devices from identity theft as well as airport security (who really wants to go to additional security screening?).  It is probably not a bad idea to have an RFID-blocking messenger bag or pouches for laptops, tablets, and cell phones†.  Like the passport cover, I would focus on getting something non-alerting.  Stay away from “tactical” nylon!

Block Data While Charging:  USB connections typically allow power AND data to transfer between devices.  Theoretically, malicious software (malware) can easily infect your devices via the numerous airport, airplane, hotel USB charging stations (as well as the USB ports now found in many rental cars). Inexpensive data blockers like the PortaPow I use allow you to block the data transfer while still allowing charging.

International Travel Security

Cell Phone Privacy Screen: Reminiscent of computer privacy screens seen at many medical facilities, these screen covers drastically reduce visibility to anyone trying to view your screen from any oblique angle.  Additionally, they protect your screen from scratches.  On my most recent flight, a well-meaning older lady sitting next to me was baffled at my screen while trying to shoulder surf me. She asked, “What’s on your screen? I can’t even see your screen!”.   Instant validation.

Miscellaneous/Well Known Points:  Many of these have been beaten to death in privacy circles, yet I would be remiss not to mention them.  Be wary of emerging and unknown Wi-Fi access points.  I took the following pics at a Starbucks inside the Istanbul Airport a few months ago.

International Travel Security

In order to get Wi-Fi access, you had to pair your credit card up with your boarding pass, then input the provided pin to get online.  That’s some exceptional data linkage.  **FYI, If you wait for someone to put their info it and take a photo of the pin…that pin will also work for you.

If you’re using public wifi, use a Virtual Private Network (VPN).  Don’t leave your computer or phone in your hotel room if you can help it.  Cover the camera on your laptop with tape or one of these.  Again, this is not new knowledge.  However, make sure the tape covers the camera but not the indicator light that the camera is active. The difference is, this gives you an early warning when big-data (or PLA) is watching you.

International Travel Security

My biggest advice to anybody is, please watch what you talk about.  I hear way too many sensitive discussions in airports – from business people, military contractors, and servicemembers.  Don’t talk about your business’s proprietary information or classified information.  Also, just be polite.  Terrible people in the airport are the worst.

Gabe (a pseudonym) is a close friend and colleague who has a vast body of experience in international travel and working against an opposing force.  Gabe has a few future posts planned.  Enjoy!

†Because of the cost of some of these bags, I intend to begin reviewing some of these products in coming months.  If there is something specific you’d like to see reviewed, please let me know – Justin

Identity Theft & Data Breach Response

Data breaches occur with shocking regularity.  The news is full of reports of data being spilled by companies and individuals being targeted for identity theft.  Few of these stories contain much useful information on appropriate data breach response, however.  Once your information has been spilled it is impossible to fully recover it.  However, there are some meaningful data breach response steps you can take if you do fall victim to this type of crime.

  1. Contact your financial institutions immediately. If you think your financial information has been compromised this should be your first step.  Call your bank or credit card issuer and alert them to the problem.  Frequently your bank will contact you if suspicious activity occurs, but if you know something they don’t, don’t wait!  Request to cancel your credit and debit card numbers and be issued new ones.  Use new PINs on these cards, and ask the bank to flag your account for suspicious activity.
  2. Contact the credit reporting bureaus.  If you do not have a credit freeze in place and the breach involves financial information, you should immediately contact Equifax, Experian, and Transunion. Some online resources advise placing a fraud alert on your account at this point; I recommend a credit freeze (see below).
  3. Change your login information.  If you suspect an online account has been breached you should immediately change its password and, if possible, username.  If the account does not already have two-factor authentication enabled, enable it.  In addition, you should also change the login credentials for any accounts associated with the breach account.
  4. Contact local law enforcement and file a report.  I will be honest – your local law enforcement agency probably isn’t going to open an investigation and bring the perpetrator to justice, so be prepared for that.  What they will do is generate a police report for you.  This serves as proof that you were the victim of identity theft.  This can help you recover your credit later if the need should arise.  It can also assure that you get free credit freezes for life (see below).  It may also be useful if you attempt to opt-out of public and non-public databases as Michael and I recommend in The Complete Privacy and Security Desk Reference.

Of course, the best spillage, identity theft, or data breach response is preemptive (the best defense is, after all, a good offense).  There are several steps you can take to make yourself more resilient against identity theft.  The time to act is now – once your information is online you will never completely erase it.  I am a strong advocate for dealing with the problem before it is a problem!

  1. Use strong authentication for online accounts.  Use strong passwords and two-factor authentication on all of your online accounts.  Though this isn’t a guarantee that your accounts are safe, you are unlikely to fall into the “victim of opportunity” category.
  2. Use unique usernames.  Though this could fall under the above category, I am listing it discretely because I think it protects you where strong passwords and two-factor authentication do not: customer service reps.  If an attacker knows your username, he or she can often convince a customer service rep to give out sensitive information.  Using a unique username gives you a great layer of protection against this type of attack.
  3. Have a credit freeze in place.  A credit freeze with each of the credit reporting agencies (Experian, Equifax, and TransUnion) is the strongest measure you can take to ensure new credit is not issued in your name.  Credit freezes also protect your personal information and credit report.  A credit freeze will not protect your current accounts and lines of credit, however.
  4. Use one-time credit card numbers.  Some credit card issuers offer this option organically.  A one-time credit card number is only good for one purchase.  If a hacker recovers it, it will no longer be valid and cannot make a charge to your account.  If your bank does not offer this an online service that I recommend called Blur does.
  5. Limit personal information that is publicly available.  Large amounts of personal information make you vulnerable to social engineers.  This information can be pieced together to allow someone to impersonate you in order to gain access to your financial or online accounts.  I recommend minimizing the information you place in the public domain on social media, personal blogs, etc.  If a great deal of information is available about you, remove it!  More information is available in The Complete Privacy and Security Desk Reference which will be publicly available soon.