As the weather warms up across North America and spring travel kicks into high gear, the FBI is warning of travel-related scams that target unsuspected users with so-called “juice jacking” scams. This involves using public USB ports at charging stations to introduce malware and other illicit software onto devices.
This could give hackers the ability to steal personal information data from a phone when it plugs into a public charging station. Bad actors often try to compromise passwords, photos, and financial details that could be leveraged for phishing attempts or social engineering scams.
In a widely shared social media post, the FBI advised people to “Avoid using free charging stations in airports, hotels, or shopping centers … Carry your own charger and USB cord and use an electrical outlet instead.”
The Federal Communications Commission followed up with a more in-depth advisory about “juice jacking,” recommending that travelers also carry a portable charger or external battery to power up their devices privately.
In addition, the FCC recommends that travelers carry a trusted charging-only cable, which prevents data from being sent or received while charging. And if you must plug your device into a public USB port or charging station, pay attention to any prompt that asks you to either “share data” or “charge only.” If that’s the case, always select “charge only.”
To build on these common-sense recommendations, CMIT Solutions compiled the following five privacy tips that can keep you safe while traveling for business or pleasure. These strategies protect your information while enhancing cybersecurity, boosting productivity, and securing every device.
- Avoid using public Wi-Fi connections. The rule of thumb here is that if it isn’t protected by a password, don’t use it. Free Wi-Fi connections are everywhere, making them easy to manipulate for hackers looking to steal user information. If you’re traveling or working remotely, only sign in to Wi-Fi networks if they’re private and password protected. If you have the capabilities on your cellular plan, connect to the Internet via a personal hotspot on your smartphone. And if you’re using a laptop, log on with a virtual private network (VPN), which shields your IP address and adds an additional layer of security to your information. And if you must use public Wi-Fi, make sure it’s only for general web browsing — never send sensitive documents, log in to bank accounts, or access shared cloud drives.
- Turn on multi-step authentication (MFA) for all login credentials. If a password is compromised or an account is hacked, MFA can be a lifesaver. This extra layer of protection requires something you know (a password) with something you have (a unique code delivered via text message or email). A single sign-on (SSO) app can even deliver a secure push notification without cell service or a Wi-Fi signal. As an additional security step, use caution if you receive a text, email, or push notification that you don’t recognize or didn’t instigate. This can be a sign that hackers are trying to use a stolen password to log in to an account and steal information.
- Back up your data regularly, remotely, and redundantly. Data backups can provide an extra level of protection in case you are affected by ransomware or data loss and need to recover quickly. Reliable data protection should not require a specific employee to take manual steps to store information — instead, backups should execute automatically on every machine, even storing data in the cloud when a device is used on the road or away from the office. Enlist the help of a trusted IT provider to implement this step and check to make sure it’s functioning properly before you make travel plans.
- Protect important documents while traveling. Personal files are often stored in free versions of popular apps like Google Drive or Dropbox, but these often don’t include sufficient cybersecurity for businesses. Instead, enterprise-grade solutions should be used for the collaborative sharing of business documents. This can protect sensitive files, preserve version control as edits are made, and maintain easy access for all users. In some instances, mobile apps are available to effortlessly sync files between desktops, laptops, and smartphones. Many also enable users to work on documents offline but automatically sync updates the next time a device safely connects to a secure Wi-Fi network.
- Watch out for travel-specific phishing attempts. Not every cyberattack will be as aggressive as malware installed on your phone after it’s connected to a USB port or hackers exploiting your account. Often, unsuspecting users are tricked into sharing passwords or personal information by phishing attempts that look like travel notifications. These can arrive in the form of emails purporting to be from a hotel loyalty program, text messages from an airline claiming to have a flight update, or phone calls from a credit card holder asking you to confirm recent charges. Watch out for anything that doesn’t look legit—grammatical errors, unfamiliar sender names, or suspicious links — and DO NOT click on any URL, open any attachment, or share a Social Security number.
When the average computer user travels or works remotely, personal privacy and business security are inextricably linked. At CMIT Solutions, we provide cybersecurity protection that keeps data, devices, and people safe, no matter where, when, or how work gets done.
If you’re looking for help with Internet connectivity, increased login protection, data backup and business recovery, cloud-based file sync and share, mobile device management, or any other IT issue, contact us today.