Avoid a Data Breach While Traveling for the Holidays

Traveling  for the holidays? Planning on doing work from your laptop or mobile device? Here are some helpful cyber-security tips to avoid a data breach while traveling for the holidays!

The U.S.Department of Health and Human Services, Office for Civil Rights  just released it’s December 2017 Cybersecurity Newsletter.  This newsletter contains helpful cybersecurity tips for all Massachusetts business owners and employees who are traveling, even if the business is not subject to the Health Insurance Portability and Accountability Act (“HIPAA”).  Here are the most helpful tips for avoiding a data breach while traveling for the holidays:

1. Bring and Use Your Own Power Adapters and Cords

   You will probably want to charge up your laptop or mobile device while traveling for the holidays.  You might be tempted to use charging kiosks or other adapters at the airport or in your hotel. Be careful! A little-known security risk is that hackers can use these kiosks to download or retrieve information from mobile devices and laptops. To avoid a data breach,  use your own power cord and charger.  However if you must use public charging kiosks or someone else’s charger, power down your device before charging. This should prevent the hackers from stealing valuable information.

2. Install Security Updates and Patches

   Install up-to-date security patches and updates for the operating system, software, firewall, and virus protection for all devices that you are bringing. Security updates and patches fix well-known security flaws and enable antivirus software to identify and prevent new threats. Keeping current with security patches and updates should be a regular practice, but is especially important to avoid a data breach while traveling for the holidays as you might not have access to new updates and patches while traveling.  Don’t forget about mobile device apps! Apps are regularly updated by developers, but users often forget to install updates so long as the app is working.  Hackers can take advantage of outdated apps, so it is worthwhile to take the time to manually update apps before leaving.  Alternatively, you can change the setting on your phone to allow for automatic app updates so you will receive the updates automatically!

3. Create New Passwords

   To avoid a data breach while traveling it is important to change the passwords and create unique passwords for each device and account you will access during the trip.  Make the passwords as secure as possible.   Passwords should ideally be at least 10 characters or longer with a combination of upper and lowercase letters, numbers, and symbols. One easy way to create a secure password is to start with a sentence that is easy to remember. For example if traveling to Hawaii for business you might start with the sentence: “I love traveling to Hawaii for business.”   Then extract the first letter from each word to create a string of upper and lowercase letters:  IlttHfb.  Next add the year you’re traveling and a random symbol:  2017*.   Voila!   Your new password for the trip is:  IlttHfb2017*.  Repeat the process for each device or account you will access on your trip.  Obviously the sentence, number and symbol will vary from person to person as well as trip to trip.  Don’t forget to change the passwords back when you get home!

4. Remove or encrypt sensitive information

   Leave all sensitive or confidential information at home if you will not need to access it while traveling.  But if you are taking any sensitive or confidential information, encrypt the information and/or the device. Encryption is now fairly easy and cost-effective and there are many different programs that can be used.  And if you are carrying around personal information of Massachusetts residents, portable devices and laptops MUST be encrypted according to Massachusetts 201 CMR 17.00!

5. Turn Off Bluetooth and Auto-Connect for Wi-Fi

   Your mobile phone has a setting that allows it to automatically look for and connect to available Bluetooth devices and Wi-Fi connections.  Your device is vulnerable when engaging in these activities and cyber-thieves can connect and access your device in multiple ways. Change the settings on your phone and only turn on Bluetooth when needed and only allow for manual connections to Wi-Fi networks that you approve.

6. Avoid public Wi-Fi

   Similarly, avoid connecting to any public Wi-Fi network.  If you connect to a public Wi-Fi, everyone on that network can access your phone or mobile device. Instead, use your mobile device and cellular network to create a private secure hotspot for your mobile device and laptop.  Set a secure password as discussed above for your private hotspot to prevent unwanted intrusion or use.  Also, if you’re using your phone as a hotspot or connecting over a public Wi-Fi network you should install and use an encrypted Virtual Private Network or VPN on your mobile device.

7. Physical Security.

   Don’t overlook the physical security of your mobile device or laptop while traveling. NEVER let your laptop or mobile device out of your sight!  If traveling by airplane, keep your device or laptop as a carry-on item and do not store with any checked luggage.  If staying in a hotel and are leaving the room for meetings, lock your devices in the room safe or other secure hotel location.  But consider the country you’re in and the trustworthiness of the hotel where you are staying!  I recently heard a story about a business owner who was traveling to an African country and left his laptop and portable devices with the innkeeper for safekeeping.  Unfortunately, the devices were supposedly stolen from the innkeeper and the business owner has been unable to recover them without paying a ransom!  If there is no safe place to store the laptop or mobile devices, take them with you when leaving the room.  Most data breaches occur because a portable device or laptop has been stolen or left in a public place.

After returning from the holidays, update your Comprehensive Information Security Program (most Massachusetts businesses) and/or your HIPAA Security Rule Risk Analysis (doctors, psychologists, other HIPAA Covered Entities, and Business Associates) to reflect travel as a potential security risk and the steps you are taking to mitigate the risks.  It is widely recognized that travel is a potential risk to the security and confidentiality of your information and needs to planned for and mitigated.

If your business needs help updating your Comprehensive Information Security Program or its HIPAA Security Rule Risk Analysis, contact my office today to schedule an initial consultation.