For the faculty and staff who will be hitting the road this summer, many will be taking their various digital devices and laptop computers. In that spirit, our campus IT security folks offered a training to support us in keeping both equipment and data safe.

The actual physical protections of equipment are pretty straightforward, with many locking devices that may be used to secure laptops to more fixed surfaces. The presenter suggested bags that do not look like laptop ones to hide the contents.

Protecting the Value of Information

Of greater value would be information—both for those who created the information in terms of investments…and for the vulnerabilities that these cause.

Some savvy travelers apparently carry their own software on their own thumb drives, so as not to have to use possibly compromised software. Internet cafes are considered highly unsafe, with the use of keyloggers by unscrupulous users or vulnerable software (which may not be regularly maintained and patched).

Even business centers in hotels may not be the most secure. As one noted, people may be using wireless hubs there even if they’re plugging into a wired connection on their end. Many may not notice that that connector hooks up to a wireless router. Instead of going to wifi hotspots, some connect directly to cellular networks. An audience mentioned the use of a “dongle” connection to a local wifi network as a safer alternative. Virtual private networks may encrypt information shared between the VPN users and the main campus, but these do not code information communicated between other sites.

Public kiosks, particularly those that solicit payments by credit card, are patently unsafe, according to presenters because of the card skimmers that may be placed on these machines and also because of the rarity of maintenance for some of these devices (in terms of protective software updates).

One person mentioned the use of tracking devices and monitoring services that may be activated on particular computers. If a laptop is stolen, these programs have a “digital poison pill” activation that may destroy the data on it.

Detour into Money Issues

The well-traveled audience members suggested that it’s wise not to hit the ATMs too often and to pay attention to where these are located. Users need to be aware of their safety while removing funds from the machines. Those located in back alleys may be dangerous to use—not only for physical safety but also in terms of protecting funds.

They also discussed their strategies in lowering their credit limits on particular credit cards, to address the potential damage of fraud. They also suggested calling the credit card companies to let them know their start and end travel dates in order to help the credit card companies offer more consumer protections.

On Return from the Travel

The security gurus suggested changing passwords as quickly as possible upon returning home, as an extra layer of protection.

People invest thousands and thousands of hours to the work that they do. They handle sensitive information now and again. And yet, for every type of protection, there are ways to compromise that protection (it seems).

And all the best security measures can be compromised with poor decision-making about who to trust or what to leave in hotel rooms and other choices. The security landscape will likely constantly evolve. It does help to be wise when hitting the road.

Addendum

http://www.cnn.com/2009/TRAVEL/business.travel/05/28/computer.security/index.html