What should you do when going through an airport security checkpoint with a Government issued device cyber?

Keeping your electronic devices secure when travelling overseas is just as important as keeping your passport safe. Crime targeting electronic devices is a real and growing risk. Read this page to learn about:

Why cyber security is important when travelling

Information is a hot commodity. You don’t have to be working for a Government organisation or large corporation to be a potential target for data theft. Digital identity theft is a growing concern for tourists.

Additionally, effective personal cyber security can also protect you from situations that can threaten your safety. If you’re travelling where there’s political or social unrest having information on your devices that can connect you to a particular cause or political affiliation can put you at risk, even if you’re unaware what you’re doing is potentially unsafe.

How to prepare your devices and data before you leave

The best way to protect your personal devices and data from being compromised is to leave them at home. If you don’t need it, don’t take it.

Consider using a cheap burner phone for the trip, particularly if you intend to get a local SIM card. Remember not to use the burner phone at home after your trip. Dispose of it thoughtfully, and never store sensitive information on it.

If a burner phone isn’t an option, there are steps you can take to make your devices as secure as possible.

• Don’t take information or devices you don’t need. Back up all your important data before you depart, and leave the backup at home.
• Enable passcode logins on start-up. Create strong passphrases for all your devices and applications, and social media accounts. Use multi-factor authentication where it’s available. Never store your passphrases on the device.
• Encrypt sensitive information stored on your devices.
• If you’re taking a business laptop, or a personal laptop with large amounts of sensitive data that has to travel with you, consider using a tamper seal over the hard drive access point, or consider using USB port locks.
• Ensure your operating system is fully patched with the latest security updates. Download current up-to-date anti-virus, anti-malware and anti-spyware protections (these can often be supplied as part of your device’s operating system). Enable a firewall on every device where possible.
• Update your web browsers and implement strict security settings.
• Disable auto connect for Wi-Fi and Bluetooth.
• Disable wireless device-to-device sharing, such as AirDrop on iOS or Nearby Share on Android.
• Consider using a Virtual Private Network (VPN) on all devices that may be accessing the internet.

How to keep your devices and data safe while you’re away

Preparing your device isn’t the only step you need to take. While you’re travelling, there are additional things you can do to keep your devices secure and your data safe.

Physical safety

Always keep your electronic devices with you.

• Don’t put them in your check-in baggage.
• Turn devices off when going though airport security checkpoints.
• Don’t assume your devices will be safe in your hotel room, even in the locked safe. In some destinations hotel rooms are often searched. If you have to leave devices behind, remove the battery and SIM card if possible and take those with you.
• Don’t lend your devices to people you don’t trust, or allow people to charge their device using yours.
• If your device is taken out of your sight for security screening, or has potentially been accessed during a room search, assume that it’s compromised and your hard drive has been copied.

Virtual safety

Remember that any information you send electronically can be intercepted, unless you can guarantee the network is secure. Wi-Fi is particularly vulnerable to malicious use. Your mobile network is often more secure than public Wi-Fi.

• Don’t have any expectation of data privacy on public Wi-Fi, hotel Wi-Fi or in internet cafes. Don’t send secure information or sensitive personal data on unsecured Wi-Fi connections.
• Be aware that phone networks may be monitored in some destinations. When making sensitive calls, use an encrypted Voice over Internet Protocol (VoIP) service on your own device rather than the local telecommunications network.
• Only turn on Bluetooth, Wi-Fi or other data capabilities when you’re using them. Keep them off at all other times.
• Don’t use the “remember me” option for passphrase protected websites. Log out when you’re finished. Clear your browser history, cookies and caches each time you finish browsing. This will remove any credentials and other information that were stored while you were online.
• Don’t open emails from unknown sources. Delete them and empty your email trash.
• If you’re going to be having sensitive or secure in-person conversations while you’re travelling, power down your device and put it away from you, or remove the battery.

Using shared devices

Never trust publicly accessible shared devices.

If shared computers aren’t well maintained, they may have keylogging malware that can record your passphrases, credit card details and other personal information that’s valuable for identity theft.

USB connections can be used to transfer malicious malware and spyware to your devices. These can then be used to send your data to external recipients, and track your location. They can also remotely turn your microphone on to track conversations, even when the device is turned off.

• Don’t use internet café or hotel business centre computers to do things like internet banking or online shopping. Avoid logging in to personal email or social media.
• Use your own plug and cable to charge your devices, or a charged battery pack. Avoid using shared direct-to-USB port charging stations. Consider using a USB data blocker.
• Never use USB thumb drives or cables that are gifted to you or come as a freebie when you purchase something else.

We share our lives on social media. Unfortunately, that can make it a valuable target for cybercrime.

Social media can also be particularly risky in some destinations where there are social or political tensions, or laws that may seem unreasonable by Australia’s standards. Travellers have been arrested in the past for things they have said on social media.

• Lock down your social media profiles so you can control who’s seeing what you post. Most social media platforms have an option to only allow friends to view your content. Check the platforms security guide for further privacy and security features.
• Don’t constantly share your location. It’s fun to post travel snaps. But if public they can be used to track where you are, right down to your accommodation. If you must share holiday snaps while you’re travelling, consider only posting locations that you’ve already left. Don’t post pictures of your accommodation while you’re still there.
• Don’t post pictures of your passport, boarding pass, or other tickets – these contain sensitive personal information.
• Don’t leave your social media logged in on your devices. If your device is taken for screening at a security check or stolen, logged in social media profiles are an easy place to look for information.
• Never comment on local social or political events on your social media. Posting something that aligns you with a political movement or is seen to criticise the local authorities could put you at risk, even if that wasn’t your intention. The Australian Government can’t get you out of trouble if you’re accused of breaking the law.

What to do if you think your device has been compromised

You may not be able to tell if your device has been compromised. But there are some things you can watch for.

• Applications or the whole device crashing repeatedly.
• Pop-ups and ads that weren’t there before.
• Suspicious activity in the accounts connected to your device.
• Excessive data or battery consumption on your device that can’t be explained by your personal usage.

If you’re worried your device has been compromised, there’s a few things you can do to protect yourself.

• If it’s a mobile phone or tablet, switch to airplane mode. This will prevent it sending data. If it’s a laptop, turn off the Wi-Fi and don’t connect to the internet.
• Immediately run anti-malware, anti-spyware and anti-virus applications on your device.
• Change all of your passphrases, and log out of all active sessions for accounts connected to your device.
• If the device belongs to your workplace, hand it in as soon as possible to your ICT team for inspection.
• If it’s a personal device and you’re still concerned after running cleaning software yourself, seek advice from a trusted service centre for your device brand. 
• If you backed up your device before travelling, you can perform a factory reset then restore from your backup.

The Australian Cyber Security Centre’s www.cyber.gov.au contains a range of resources such as easy to follow step-by-step guides to improve cyber security.