Skip navigation

Holiday Travel Security & Privacy Tech Tips

It’s that special time of year, when some of us will be traveling to visit family and friends for the holidays. And we can’t leave home without our tech. Smartphones, tablets, wireless headsets, laptops, and all of the various cables, adapters, and chargers to keep everything running.

We use our tech to check our flight, summon transportation, gather and post pictures of the various foods, and rank/judge/document everything. Heaven forbid we encounter Grandfather’s cute new kitten and not get its picture on Instagram instantly.

The other side of this coin is with all of these tech devices, it attracts the criminal element. It’s not just the busy season for retailers and those catering to travelers, the bad guys are also hard at work stealing your money, your identity, and even your tech itself.

I always make a checklist before I travel - it’s an actual printed list of things to do and pack before I leave. I even take the list with me for the return trip. In that spirit, here are a few items to help you get your own list started, or at least thinking about all that tech for your trip.

Thwarting Pickpockets and Thieves

If you’re used to putting your phone in your back pocket, don’t. Put it in your front pocket. Personally I’d do the same for your wallet as well, if you carry one of those. Even better, take that old dead phone whose memory you’ve wiped (you know, the one with the broken screen) and put that in your back pocket, and an old empty wallet in the other. Now if a pickpocket comes along, not only is it harder to get into the front pockets undetected, they’ll be grabbing the old stuff in the back pockets and leaving the new stuff alone.

If you carry a purse, satchel, or backpack, I’d recommend one with minimal outside pockets that are not easy to get into, and keep those outside pockets empty or filled with stuff you don’t care about (such as notes to any potential thief recommending a lifestyle change). I’d also recommend one that is resistant to a quick knife slice to gain access to the insides. And keep it with you at all times, unless you are leaving it in a relatively (no pun intended) safe place like your in-laws’ locked-up house.

Reduce Your Load

Most devices do not need to make the trip. Typically a smartphone and some earbuds are usually enough, and you only need to take one charger. The point is to try and take that huge list of tech and reduce it down to the basics. A modern phone is your boarding pass, credit card, camera, GPS and general concierge. Only take your laptop if you think you’re going to need to dump photos off because you’re out of space on your cloud account or cannot add extra memory to the phone. If it is a working holiday because you’ve got expense reports due or you’re on call, you may not be able to leave the laptop home. But if at all possible, reduce it to one item if you can.

The strategy is simple - less to lose (think about all those cables), and if your phone is stolen, it is a lot easier to replace this single item than all of your tech at once.

Reduce Your Attack Surface

Make sure any tech you travel with has a password and encryption is turned on. This will help keep your data safe and unseen by prying eyes, in the event of a lost or stolen device. Watch what network you connect to when using Wi-Fi. Free doesn’t always mean free, it could be someone doing something bad to present you with a myriad of fake websites to get you to give up credentials. If you are using your phone, I’d recommend turning off Wi-Fi and using your data plan. Much safer.

Turning off Bluetooth and everything else is also a good idea. If you bring that laptop, turn off all of the extra communication. If you need Bluetooth for one task (say a data transfer between devices), then turn it on for that one task and turn it right back off after you’re done.

If you never or rarely leave the house with your laptop, it is possible it is running insecure software, has open TCP/IP ports despite firewalling, and is leaking tons of data including privacy data. Follow all of the remediation steps from our reports to help lock things down.

Update Everything and Make Sure Everything Works

Make sure you update your device so that it is running the latest and greatest, and that all associated apps are also up to date on all devices. In your rush to reduce your load, don’t simply download some app to your phone so you can leave your laptop at home. Use that app and make sure it works. The last thing you want to do is try to reset your forgotten bank account password from Uncle Bob’s computer that’s running Windows 95, all because you realize too late that your app doesn’t have password autofill like your browser at home does.

There are multiple services that allow cloud sharing of data between devices, if you’ve never done this before, testing it at the airport on your way out of town is not the best method. Make sure you know how things work and what those limits are. Don’t decide to do a manual backup of your phone in the car on the way to the airport - do the backup before you leave. Oh yeah, back up everything before you leave.

Vigilance Online

Remember this is the busy phishing season, with more questionable emails making their way into your inbox than any other time of year. Everything from false FedEx shipping notices to links to fake “password reset” notices. Often these are much easier to spot when you’re at home on the laptop, but on the phone it might not be as easy. Avoid, avoid, avoid. If you did bring your laptop with you, check from there and employ your usual checks and balances to determine if it is legit or not. Most phone apps don’t allow for much advanced poking around of an email message.

Whenever you’re out and about on the interwebs via Wi-Fi from a hotel, Grandma’s house, or coffee shop at the airport, stick to the known good sites. If you see those odd browser warnings that the site you are visiting is unsafe, pay attention - especially if you’re using public Wi-Fi. Use two-factor authentication like we’ve told you to do all the time. Make sure your connection is encrypted, and seriously avoid any online shopping - it’s much safer to do shopping from home vs. a public network.

Don’t Use Your Relative’s Computer - At All

There are several reasons to avoid a relative’s computer. First off, you will find issues with it, and being the tech nerd you are, you might want to fix it. Don’t. It will take hours, and you might not like what you see.

Secondly, this computer probably has slightly less security than the average computer in a business center at a hotel (i.e. none). As mentioned before, don’t go resetting a bank password from this computer, or doing anything requiring a password. Or typing. Or powering it on.

Thirdly, remember that you might leave traces of whatever you type on that computer. Email drafts, web history, everything could be left on that computer for your aunt to find. These old computers typically run on some combination of coal and tears anyway, no reason to even touch them - let alone add another sad digital chapter.

If you really truly must, patch it. Or just replace it with a Chromebook and tell your relative it is your gift to them AND humanity.

The Conclusion Paragraph, or Really, TL;DR

Patch. Update. Reduce attack surface. Do backups. Test stuff before travel. Do wicked cool stuff like putting your phone in the front pocket instead of the back and impress your Uncle with your spycraft. Use two-factor authentication. Avoid suspicious networks, use your data plan on your phone, don’t shop online while traveling, and stay away from any relative’s computer. Most importantly, stay safe and have a great holiday!

Mark Loveless

Senior Security Researcher

Mark Loveless is a Duo Labs researcher who also goes by the name Simple Nomad on the interwebs. He is not overly paranoid in spite of the fact that evil alien robots are stealing his luggage when he travels.