Data security while traveling

Nomadic Lifestyle, Travel

Problem: I don’t want my sensitive data to fall into the wrong hands.

Solution: Secure your sensitive personal data and take precautions while using public computers.

Increasingly, our work/personal lives are becoming irreversibly intertwined. This can be especially true for the freelancing neo-nomad who really has no dividing line between work/leisure time. Because of this, we at The Life Nomadic believe it is important to come up with a strategy for securing your essential data while traveling.

Internet banking has made vagabonding and the neo-nomadic lifestyle accessible to the masses. With the ability to pay bills via the Internet one no longer has to be a complete social dropout to enjoy the benefits of vagabond style travel. Further, e commerce allows people to actually generate income in a brave new cyber world; free from the chains that bind the typical nine-to-fiver. The convenience provided by Internet banking and e commerce however, come with their own set of risks. Nary a day goes by when you don’t hear about a case of identity theft and how it devastated somebody’s life.

Identity theft isn’t new or unique to the Internet. What is new and unique to the Internet are the opportunities presented to the crafty identity thief. Travelers can be especially vulnerable to these types of security breaches. When using public cyber-cafes one doesn’t have any idea of how the computers are kept secure. Poor security measures at a public Internet terminal can lead to any number of virii infecting the machine. Even if a good security policy is in place how can you be sure that an unscrupulous owner or employee hasn’t installed some sort of key-logging device or software on the computer you are using? The answer is, you can’t. Below, I will discuss some methods of securing your data and sensitive passwords.

Encryption

A very simple and effective method to secure your personal data is to encrypt it. Why should you encrypt your data? Well, as a traveler, you should have digital copies of important documents (passport, driver’s license, shot records etc). Also, recently, customs officials in several countries have begun seizing storage media to search for…well, whatever the threat-du-jour is whether it be kiddie porn or Al-Qaeda communiques, the Department of Homeland Security and other government agencies are invading the privacy of people under the auspices of increased security. Do you really want these people sifting through your personal data…whether it be journal entries or maybe some saucy pictures of you and your lover? Keep your private data private with encryption. One of my favorites is the Gnu Privacy Guard (GnuPG or gpg). It’s simple, free, portable and cross-platform. You can encrypt files on your Mac at home and decrypt them on a Linux or Windows machine in Istanbul (not Constantinople). GnuPG will run standalone, so no install is needed – so you can use it even if you don’t have administrator privileges on a computer, say in an Internet cafe in Bangkok. It can also be used to encrypt and sign sensitive information allowing you to send secure email to friends, family and business associates ensuring that the contents of those emails won’t be seen by anybody other than the intended recipient.

Internet Banking:

The prospect of having your bank account information compromised is a scary one. The first step in banking security lies with the bank itself. They need to have good security measures in place and you, as a customer, need to take some responsibility for only doing business with banks who implement security practices that will protect you. Know your bank’s policies on fraudulent use of your account and theft. The responsibility for securing your login information lies with you. Transmission of data between the computer you use to access your bank account and the computer where this information is stored should be encrypted – meaning that the data can’t simply be snatched out of cyberspace and looked at by unauthorized parties. The main problems with securing login information lies in securing the computer you are using to access you bank account. I will discuss a few different methods for doing this.

First, understand the threats. Virii, malware, spyware, and

hardware devices can be used either by themselves or in any combination to compromise your sensitive personal data. The less control you have over the computer you are using, the more heightened your awareness needs to be of these threats.

Increasingly banks are issuing devices to their customers to decrease the likelihood of unauthorized logins. Most of these devices are simple to use. They spit out a unique authentication string each time they are used so they verify the identity of the person logging in to the account. Because the authentication string is different each time, even if your keystrokes are recorded, they are useless to a would-be thief. The upside here is the simplicity of use and effectiveness. The downside is that these devices are subject to loss and breakage. Overall, if simplicity is a priority, find a bank that uses this method of security.

HSBC uses a combination of a typed in password and a security key entered via a virtual keyboard. This method ensures that a malicious program or device only gets half of your login information. Kudos to this method for its effectiveness and simplicity. I really like HSBC for several reasons and would recommend them on the merit of their security alone.

A weaker version and sort of combination of the two methods above is a unique challenge each time you login from a different computer. For instance, you, the user enters answers to several security questions. When you log in from a public terminal in London, you may be asked what your favorite food is, then when you get to Kathmandu, you will be asked for your mother’s birth date upon logging in. This is probably an okay method for when you are logging in from work or a friend’s house, but I wouldn’t rely on this alone when using public terminals.

One of the simplest tricks I can recommend is to store passwords in an encrypted text file, and then, when needed, decrypt the text file and copy and paste the password into the appropriate field. This method does present some of the same problems as the authentication device mentioned above. If you keep the encrypted file on a USB pen drive, it can get lost or damaged. If you keep it stored online somewhere, your keystrokes for obtaining and opening it can be recorded. I would recommend keeping the file on some sort of portable storage media and keeping a backup copy online. An additional challenge when using this method is to remember to empty the clipboard when done. If possible, a reboot of the computer will probably be most effective.

This brings me to my last trick for circumventing keystroke loggers. A standard tool on Windows as well as many Linux distributions is the character map. It is much like HSBC’s virtual keyboard. You can use the computer mouse to click on characters, then copy them to the clipboard and paste in the appropriate field. Again, don’t forget to empty the clipboard when done.

A method with much overhead, and probably unwelcome at many Internet cafes is to bring your own operating system with you. This ensures that you are using a virus free system for your session while not having to lug your own laptop around with you. Most modern computers will boot from a USB device these days and most Linux distributions have a version that is made to boot and run from a USB device. My favorite is Mandriva. This particular method does nothing to protect you from hardware key loggers, but again, you will be completely protected from viruses and spyware installed on the host computer’s operating system.

Sheila @ May 22, 2008