Traveling can be an incredibly rewarding experience, but it also comes with heightened vulnerability to various cybersecurity risks.
One of the first steps to protecting yourself is doing some research and gaining a better understanding of what kind of threats you may face. You can protect yourself by taking precautions before you even leave home.
Before you travel
Research and prepare
Most governments have a website that contains useful information regarding the country you are planning on traveling to. This is a good starting point to quickly discover if there are any major risks of which you may have been unaware.
American citizens should consider enrolling in the Smart Traveler Enrollment Program to receive timely updates and information. While citizens of other countries or dual-passport holders are advised to check for the guidance provided by their foreign ministry.
Consider using a professional travel service, these can help to set up itineraries or “at-risk countries”, completely streamlining the process.
Notify Banks and Credit Card companies of travel times and countries being visited.
The Weekly Wrap from Goldman Sachs Private Wealth ManagementFind out what’s moving the markets click here
Review device settings
Ensure all devices have a password or PIN enabled for access, then balance access types with financial/privacy applications (e.g. pin/password to unlock phone, then 2-factor or facial recognition to access banking applications). This prevents unintended unlocking of your phone at border or security checkpoints.
Update all mobile devices for patching, install malware protection, remove unused applications, focus on using a single browser (instead of using multiple), and install a VPN service for safer browsing. You should check browsers, social media services and VPN usage in certain countries as some prohibit certain software, and remember to clear your cache before leaving or entering countries.
Back up and save all photos, documents, and sensitive information on all mobile devices to an encrypted external hard drive, and/or a secure cloud portal. If information is particularly important you could consider setting up a recovery with trusted persons and two-person access.
Switch off camera, audio, location, and history for applications, disable notifications and cellular data for all but critical services. If you are using Siri or Google Assistant, disable non-essential settings or disable while traveling.
For corporate devices, engage with your IT, security and HR departments to ensure you’re taking all precautions as related to the items above with the understanding that all online activity is subject to government and/or other monitoring techniques.
Notify family or friends
Leave your itinerary details, including booked flights, hotels, rental car agencies, and any planned activities with a trusted family member, assistant, or friend at home. It is also a good idea to create photocopies of ID documents and the front and back of credit and bank cards that you will be traveling with.
Leave one set at home, preferably in a sealed envelope where a trusted individual can access them if needed. Retain another secured set with yourself and keep it separate from the original documents.
Remove your home address and never post any future, or existing travel plans on social media forums as this increases cyber risks and potential physical threats like kidnapping, ransom, and property theft/damage. You should never share a picture of your ticket for others to know your location or attain your personal information.
To keep your location secure you should avoid posting travel pictures until after you return home.
Do not use public or common areas (forums such as Facebook groups, newsfeed posts, comment sections) to schedule in-person meetings. Instead, coordinate through private texts, calls, direct messages or private meetings.
Always turn off or lock your phone, tablet, and laptop before airport security. If you are asked to prove a device works at a security or border checkpoint, just power on and demonstrate. If you are then required to give a password, change it as soon as you are able afterward.
When using a public Wi-Fi network you should use a VPN for added security. At a minimum, access only websites that do not require submission of your personal details or passwords while on public Wi-Fi.
Do not connect USB cables directly to any port or device that you did not bring with you and bring your own destination country-specific wall outlet plug and power adapter to recharge devices.
Limit remote access to your device, disable Bluetooth and Wi-Fi when possible and avoid downloading software during your travels. Don’t use another person’s device or allow anyone to use yours.
It is also important to save receipts from ATM and credit card transactions, taking photos of them will also give you extra copies in case the physical ones are lost or compromised.
Delete any apps installed while traveling or that are no longer needed. Additionally, you should monitor and review transactions for credit and debit cards for a couple of billing cycles. This is important to ensure nobody has stolen your bank details.
Common travel scams
Fake “Free Wi-Fi”
Always use VPN when using public Wi-Fi or at a hotel. Otherwise there is a risk of exposing yourself to network hacking. Dark Hotel is a similar scam where fraudsters use a business’s free Wi-Fi to target guests.
Phishing (ex: fake flight confirmations, free tickets etc.)
Do not click on any unsolicited links in emails or websites. Bolster Research found a fourfold increase in fake travel sites in the first six months of 2021.
Be cautious of using ATMs that do not charge fees as they may be attempting to get your card information through the use of a card skimmer.
Malicious actors may try to engage your family, friends or colleagues through electronic communications impersonating you or travel companions asking for financial assistance or to otherwise divulge sensitive information. This is often with the pretense of an urgent situation and an inability to talk over the phone. Having a safe word or duress phrase is effective in alerting this scam is occurring.
This material is intended for educational purposes only and aims to share best practices around good cyber hygiene. Several types of cyber risks are highlighted in this guidance, along with associated controls to keep you and your family safe. The cybersecurity risk landscape is constantly evolving and the security measures needed to respond to those risks will naturally change over time and also vary from one client to another. We encourage you to discuss this guidance with your family and personnel. You are strongly advised to stay abreast of ongoing developments in the cybersecurity space, and to consult with your own cybersecurity and technical experts. The target audience for this guidance is Goldman Sachs clients, employees, and institutional partners looking to improve their personal cyber health. Goldman Sachs does not represent that this document alone will be sufficient or adequate for your intended purposes, and it is not intended to be a comprehensive guide to cybersecurity best practices. While it is based on information believed to be reliable, no warranty is given as to its accuracy or completeness and it should not be relied upon as such. Information and opinions provided herein are as of the date of this material only and are subject to change without notice. Goldman Sachs is not a fiduciary with respect to any person or plan by reason of providing the material herein. Information and opinions provided herein are as of the date of this material only and are subject to change without notice.
© 2023 Goldman Sachs & Co. LLC. All rights reserved.