Will your holiday end in a cyberattack?

Secure password and digital vault vendor Keeper Security has published a list of countries it calls the riskiest holiday destinations for cyber security. The data comes from Intel and refers to the number of breaches of mobile devices in 2016. The list of countries will surprise many in the cyber security industry as it misses out some countries that are regularly cited by other security reports.

It rates countries by mobile threats. It defines this as: “the amount of times someone’s phone and online data has been hacked into and stolen.”

Which countries do Keeper Security suggest you should be careful in?

The top ten countries where your data is at risk on holiday are:

  1. US 5 million mobile threats
  2. UK 2 million mobile threats
  3. Spain 1.7 million mobile threats
  4. France 700k mobile threats
  5. Poland 475k mobile threats
  6. Canada 400k mobile threats
  7. Italy 400k mobile threats
  8. Portugal 375k mobile threats
  9. The Netherlands 320k mobile threats
  10. Greece 75k mobile threats

Missing off this list and top of most mobile security warnings is Brazil. During the Olympic Games and World Cup, travellers were given repeated warning about hackers targeting their devices. This was not unwarranted. There has been a significant increase in the amount of malware targeting mobile devices in Brazil over recent years. It is also one of the leading nations when it comes to self-taught cyber criminals.

The list also seems to ignore India and the Asia Pacific region. China is a major state sponsor for cyber attacks. It controls how people access the Internet (via the the so-called ‘Great Firewall of China’) and seeks to capture all the traffic moving in and out of the country. As such, travellers should always use VPN technology and ensure that all communications and devices are encrypted.

What can you do to protect yourself?

Keeper Security has provided four steps that individuals can take to protect themselves. These are:

  • Double check to be sure all of your apps are password protected with fresh, new passwords, ideally stored in your password management system so you don’t have to remember any of them. When doing this, use two-factor authentication if possible, which most devices have today. Make the passwords eight characters or longer with a combination of nonsensical letters, numbers, and symbols.  And don’t use the same PIN for hotel room safes that you use for your device password.
  • At all cost, avoid using “public” digital devices, such as those at coffee houses, libraries, and bookstores. They are often notoriously riddled with malware lurking to steal your information. If you use them, you should presume that someone other than you would see any information you enter.
  • Be very careful about connecting to any Wi-Fi network if you haven’t subscribed to a global service previously, per the tip above. These are prime milieus for cyber thieves.
  • Don’t charge your devices using anything other than your own chargers plugged directly into the wall or into your adapter. It is easy for cyber thieves to install malware onto hotel and other public docking stations. And never connect any USB drive or other removable media that you don’t personally own. Again, they are easy to load with malicious software.

It is surprising is that keeper security omits the encryption of storage or the use of a VPN. These are basic things that will add a layer of protection to devices.

Why does this matter?

People are increasingly using their personal devices for business. When they travel on holiday they take those same devices with them. They often cache their security credentials on their device making them a key target for hackers. In addition, hackers will seek to install malware on machines so that when a user returns to the office the hackers can use the installed malware to access corporate networks.

Assessing, and then minimising, the mobile threat level is never simple. Getting accurate counts of device breaches and data theft relies on accurate reports and access to systems. Despite this, the rules put forward by Keeper Security provide a decent start for protecting devices.