Recently, Finland’s public service broadcaster published an interview with the Finnish Security Intelligence Service (SUPO), which was met with some level of ridicule on social media.
The premise of the article: Mass surveillance and targeted espionage is a thing. So, everyone should leave their gadgets at home when they travel abroad.
Sadly, this advice is technically completely accurate. SUPO does its job, states the facts and that YLE, the state broadcaster repeats it. However, overall, the article is pretty low on practical, actionable advice for the average traveler. The idea of threat modeling, figuring out or who should be afraid of what is missing.
So, yes, SUPO is entirely right, technically speaking. Seriously, the internetworking between mobile phone carriers (SS7) is just broken beyond belief. But are you going to leave your smartphone home? Well, we thought not.
That’s why we’ve collected some basic useful security tips for travellers.
14 quick security tips for travellers
Most of us probably ought to think more about IT security than we currently do, but the correct approach for security professionals is to give actionable and practical advice. So:
1. Your number one threat is probably losing your stuff. Always back up your data before you leave on a long trip. Online backup solutions make sure your new documents are safe, even when you’re on hotel Wi-Fi
2. Speaking of Wi-FI: every traveler should have VPNs service and use that to protect against at least snooping on the local network. Virtual Private Networks form a tunnel that the content of traffic, up to an endpoint server, after the traffic either stays on a corporate intranet or leaves for the public internet. It’s good but does not make you anonymous.
3. Use a credit card rather than a debit card. Seriously; why give anyone direct access to your bank account?
4. Do not make important phone calls. Phones are indeed location traceable and eaves-droppable.
5. Use tools like WhatsApp and Facetime to place encrypted phone calls.
6. Make sure no e-mail accounts on devices are set up without secure connections (SSL/TLS), so you don’t leak e-mail passwords and content if you a separate mail client.
7. Use unique, complex passwords managed with a password manager like LastPass or 1Password.
8. Activate multi-factor authentication everywhere you can. That way, knowing a password is no longer enough to steal your stuff!
9. If you use a laptop, make sure to use a software firewall. It’s still all too common to see computers with shared, open folders on public networks.
10. Install software security updates, preferably automatically. Updates often protect you against remotely exploitable things, such as things you may accidentally click on.
11. Avoid buying devices that don’t receive updates. The situation isn’t very good on this front among Android phones. Sometimes, vulnerable phones and computers can be taken over via the network.
12. Avoid shady parts of the internet. Don’t assume anti-virus can protect you from risky behavior. Don’t install stuff the browser asks you to open.
13. As fans of online journalism, it pains us to say this: use an ad blocker. Ad networks download code website owners have little control over.
14. Encrypt mobile phones and computers (iOS devices are famously encrypted by default now, Android… not so much). Likewise, Macs make it very easy to turn on FileVault. Even cheap Home editions of Windows computers now have “device protection”.
This is all relatively simple and doable stuff, and it really matters. It’s a shame it’s so hard for the professionals to make useful recommendations. For some in-depth explanation of this topic, sign up for our newsletter to receive further information on when and why the spooks really are right to recommend that you leave your phone at home.