CyberMaterial - Security Through Data

- Log out of your social media accounts - Remove your email accounts - Enable full-disk encryption - Disable biometrics -- like a fingerprint or eye scan (if you're crossing broders) - Disable voice activation access like Siri from your lockscreen - Enable alpha-numeric login instead of 4 or 6-digit passcode

- https://www.osac.gov/ - https://travel.state.gov - https://step.state.gov/step/

- Data (digital and physical copies of documents and personal information) - Devices (laptop, phones, tablets) - Money (bills, credit cards) - Reputation

- Look at the address bar (URL) to see if there is an “s” in the URL Click on the padlock icon to verify the details of the website (e.g., the type of encryption used) - Review the options for contacting the company - Review the Company’s Social Media Presence - Double check the address bar to see if you have been redirected to a website that is not legitimate - Use the Whois Lookup domain tracker (https://whois.domaintools.com/) to get information on the domain - Watch for Poor Grammar and Spelling - Verify the Website Privacy Policy - Run a Virus Scan

- Validate the Site with Google Safe Browser Transparency Report

https://transparencyreport.google.com/

- Use the Better Business Bureau to research the reputation of a company

https://bbb.org

Theft of devices and physical copies of documents Social engineering Man in the middle Ransomware Hidden Cameras Shoulder surfing Juice jacking Keylogging ATM and Web Skimming Using public WiFi, printers and shared computers Data protection laws and security restrictions in some countries Fake flights and hotel websites

Traveling can be an exciting time for many people, whether it be for work or vacation. Much like medical immunizations for travel, cybersecurity preparedness is essential if you want to prevent the loss of devices, property or digital data. Here are some useful tips for travelers:

Before you depart:

❏ Ensure you have updated all device software (phones, tablets and laptops) with the latest software updates and patches.

❏ Change your passwords to use something completely different than your “usual” at home passwords for all services (email, banking, social media, etc.).

❏ Ensure you have a strong (i.e. long and complex, or biometric) password on all devices.

❏ Disable the auto-connect feature so your devices do not automatically try to join wi-fi hotspots (as they may be rogue). Optionally “forget” all your networks so your devices do not broadcast this information.

❏ Disable Bluetooth before you leave. This can be hacked.

❏ Do not announce your pending departure date or location on social media.

❏ Ensure your anti-virus software is installed, running and up to date on all devices.

❏ Subscribe to a VPN service (e.g. Nord VPN) to use to connect to any untrusted network (which can be almost all networks).

❏ ALWAYS back up (to the cloud, to a portable device left at home) anything sensitive, critical or irreplaceable. Assume that your devices WILL be lost, stolen, broken or hacked. If you don’t want to lose it and can’t back it up, don’t bring it with you.

❏ Consider bringing loaner devices while traveling. Access your information via a VPN and use unique passwords that were created just for travel. Depending on your destination, your phone and/or mobile device may be confiscated and searched. Do not assume that something legal in your home country is legal in your destination.

❏ Assume that someone is watching, listening and trying to get to your information at all times.

While you are away:

❏ If the price is not prohibitive for you, use your cellular data connection (e.g. LTE on your phone) or a portable mobile hotspot for connecting to the internet when away.

❏ If using cellular data for internet connectivity is not practical ALWAYS use your VPN service to connect to untrusted wi-fi (e.g. airports, hotels, coffee shops, etc.).

❏ NEVER use hotel business computers or internet cafe computers. They are likely heavily infected with malware and keyloggers.

❏ Do not directly use a USB port from “free” charging stations. USB cables can transmit power AND data. If you need to charge your phone, bring your cord AND charging block (the electrical connector).

❏ Do not leave your used boarding pass or luggage tags in the plane or in the garbage without shredding them. These pieces of information are frequently being targeted by criminals looking to steal your frequent flyer points and buy tickets.

❏ Do not use your bank PIN or your “everyday PIN” in the hotel safe. These PINs might be illegally skimmed and if your wallet or devices are stolen they can be used for authentication.

❏ Never broadcast on social media that you are “away on vacation enjoying the sun for 7 days” when your home is empty. This creates a target for a home break-in.

❏ Never broadcast on social media that you are “heading out on an excursion” or “going to dinner” as that indicates your hotel room is empty and can be another target.

❏ Never take your eyes off your devices (e.g. leaving a phone on the restaurant table while you go to the buffet).

❏ Do not download apps from local restaurants, bars, hotels, resorts, etc. You have no idea what is in them.

When you return: ❏ Change your passwords again. Do not use any passwords that you used while traveling. ❏ Scan your computer and mobile devices for malware. Use multiple virus scanning engines if possible.

Traveling overseas with high tech equipment, confidential, unpublished, or proprietary information or data - Traveling with certain types of high tech equipment including but not limited to advanced GPS units, scientific equipment, or with controlled, proprietary, or unpublished data in any format may require an export license depending on your travel destination. Federal export and sanctions regulations prohibit the unlicensed export of specific commodities, software, technology, and payments to or from certain countries, entities, and individuals for reasons of national security, foreign policy, or protection of trade. University employees are required to comply with United States export and sanctions regulations when traveling abroad with commodities, software, and technology. ECAS can assist with export and sanction determinations related to your international travel. Helpful information may be found below concerning international travel procedures and best practices to ensure compliance with these federal regulations.

Before You Go:

Update your mobile software. Treat your mobile device like your home or work computer. Keep your operating system software and apps updated, which will improve your device’s ability to defend against malware.

Back up your information. Back up your contacts, photos, videos, and other mobile device data with another device or cloud service.

Keep it locked. Get into the habit of locking your device when you are not using it. Even if you only step away for a few minutes, that is enough time for someone to steal or destroy your information. Use strong PINs and passwords.

While You Are There

Stop auto-connecting. Disable remote connectivity and Bluetooth. Some devices will automatically seek and connect to available wireless networks. And Bluetooth enables your device to connect wirelessly with other devices, such as headphones or automobile infotainment systems. Disable these features so that you only connect to wireless and Bluetooth networks when you want to.

Think before you connect. Before you connect to any public wireless hotspot – like on an airplane or in an airport, hotel, train/bus station, or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network. Only use sites that begin with https:// when online shopping or banking. Using your mobile network connection is generally more secure than using a public wireless network.

Think before you click. Use caution when downloading or clicking on any unknown links. Delete emails that are suspicious or are from unknown sources. Review and understand the details of an application before installing.

Guard your mobile device. To prevent theft and unauthorized access or loss of sensitive information, never leave your mobile devices–including any USB or external storage devices–unattended in a public place. Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room.

Cybersecurity should not be limited to the home, office, or classroom. It is important to practice safe online behavior and secure our Internet-enabled mobile devices whenever we travel, as well. The more we travel and access the Internet on the go, the more cyber risks we face. No one is exempt from the threat of cyber crime, at home or on the go, but you can follow these simple tips to stay safe online when traveling.