Skip to main content
Part of complete coverage on

Cyber criminals target travelers

By Tim Hume, for CNN
June 12, 2012 -- Updated 1011 GMT (1811 HKT)
Using laptops without a privacy screen can expose your personal and professional information to shoulder surfers.
Using laptops without a privacy screen can expose your personal and professional information to shoulder surfers.
STORY HIGHLIGHTS
  • FBI has warned travelers that hackers are targeting their data via hotel Wi-Fi
  • I.T. experts say the risk of data loss is much higher when traveling
  • Public Wi-Fi in airports, conference centers and other public places is also risky
  • Data loss also commonly occurs through lost laptops and 'shoulder surfing'

Editor's note: Business Traveller is a monthly show about making the most of doing business on the road.

(CNN) -- A recent warning from the FBI about hackers targeting guests' data when they log into hotel Wi-Fi overseas was a salient reminder to travelers of the risks to data security on the road.

The alert, from the FBI's Internet Crime Complaint Center, was addressed to U.S. executives, government workers and academics but did not specify a particular country of threat. It warned of a spate of incidents of travelers encountering bogus software update pop-ups when they used hotel internet connections overseas. When they clicked on the "update," malicious software was installed on their computer.

Hotel Wi-Fi connections are particularly risky, said Sian John, UK security strategist at Symantec, because they are often set up without proper security settings. But they are merely one data-security threat among many facing business travelers.

From a data-security standpoint, travel is inherently risky, and the likelihood of private personal or corporate data being compromised is greatly increased the moment you hit the road, she said.

"One of the major ways data loss happens is when people are traveling," she said. "You're not in a secure area ... That is where the risks tend to arise."

See also: Why are we still paying for hotel Wi-Fi?

John said a major risk was that in getting online while on the road, travelers often turn to free Wi-Fi internet connections -- in hotels, but also at airports, conference centers and business facilities.

It's very easy to sit on one of these things and pick up the traffic going through them
Sian John, UK security strategist at Symantec

While security settings vary from network to network, many are left open and unmonitored, and travelers are frequently unaware that they could be unwittingly exposing themselves to data loss by logging on.

"Anyone can connect to them, which means anyone can look at the traffic going across them," she said. "It's very easy to sit on one of these things and pick up the traffic going through them. There are devices out there that let you hijack them."

Gary Davis, McAfee's director of global consumer marketing, said there was a growing trend of hackers setting up mock Wi-Fi hotspots in public places, which appear at the top of the list of available Wi-Fi connections.

"People will see 'free Wi-Fi' and click on it, and when they do that they open themselves up to great exposure," he said. The best approach is to be wary and steer clear of Wi-Fi hotspots that do not seem legitimate -- "something (that) looks like it's not quite right, not the proper name they might expect," he added.

Once compromised, hackers can take total control of a device, including removing all the data contained on it. Android devices are currently the devices most targeted by hackers, Davis said.

"We saw a 1,200% increase in malware targeting Android devices just in the first quarter of this year," he said.

John said the best approach for business travelers when using public Wi-Fi is to remotely log into their employer's virtual private network, or VPN, which ensures all data received and sent from a device is encrypted.

People will see 'free Wi-Fi' and click on it, and when they do that they open themselves up to great exposure
Gary Davis, McAfee's director of global consumer marketing

Travelers can also better protect themselves by using encrypted protocols -- simply typing "https:" instead of "http:" at the beginning of URLs -- although "https:" is not supported by all websites. And they should avoid transmitting sensitive information, such as work documents or credit card details, over public Wi-Fi spots. "I would be cautious of doing anything sensitive on them," John said.

But the risk of data loss begins even before logging on, she said. "People forget about the over-your-shoulder problem when traveling," she said. Travelers engrossed in their work in cafes, departure lounges or on transport are often unaware of prying eyes around them.

"Most people don't have a privacy screen on their laptop still, so anyone sitting next to you can look over your shoulder and see what you're doing."

See also: World's best airport restaurants

Another common cause of data loss is travelers losing their device outright, particularly when passing through security checkpoints.

"People put it in a tray and forget to put it back in the bag," she said, adding that hundreds of laptops are left in busy airports each week.

For that reason, some companies -- particularly in sensitive fields such as finance, pharmaceuticals and defense -- often issue top executives working with blank travel laptops especially for the trip. "When they come back, the company can then analyze what, if anything, happened on the devices, wipe them and reuse them," she said.

While the techniques used by hackers could be hard for non-IT professionals to detect, the best defenses against data loss are surprisingly common sense. Make sure security updates are completed before traveling. Keep a close eye on your possessions. And, like any traveler, give a wide berth to anything that seems slightly off.

While there have been major cases of data loss as a result of deliberate corporate espionage, John said, "there are also many, many instances of carelessness."

"Wherever you're traveling, take care of everything you've got," she said. "People take care of their passport -- you need to take the same care of your information technology."

ADVERTISEMENT
Part of complete coverage on
July 17, 2014 -- Updated 0339 GMT (1139 HKT)
Few airline routes are as cutthroat as the one between London and New York.
July 15, 2014 -- Updated 1515 GMT (2315 HKT)
If it ain't broke, don't fix it, the old adage goes; Airbus unveils revamped A330 airliner.
July 8, 2014 -- Updated 0248 GMT (1048 HKT)
Show us how you travel with twitpics and instagram via #howipack
July 7, 2014 -- Updated 0923 GMT (1723 HKT)
Could airlines drop fossil fuel in favor of cooking oil?
July 1, 2014 -- Updated 0940 GMT (1740 HKT)
How do you kill time during flight delays?
June 24, 2014 -- Updated 0800 GMT (1600 HKT)
Fancy stripping off before a flight and getting sweaty with fellow passengers? Head to Helsinki.
June 19, 2014 -- Updated 0255 GMT (1055 HKT)
The skies are under threat. Not from terrorists or hardened criminals, but from everyday passengers who seem to go a little loco.
June 18, 2014 -- Updated 0334 GMT (1134 HKT)
A German entrepreneur claims to have found a way to buy 1 million air miles for as little as $6,500.
June 12, 2014 -- Updated 0213 GMT (1013 HKT)
These days, no fashion house portfolio is complete without a hotel -- or at the very least, a luxuriously designed suite.
June 5, 2014 -- Updated 1039 GMT (1839 HKT)
Is sky the limit for green aviation? Take our quiz and find out.
May 26, 2014 -- Updated 0319 GMT (1119 HKT)
Some collect spoons from their travel, others collect a whole lot more.
May 7, 2014 -- Updated 1507 GMT (2307 HKT)
There is no shortage of adjectives one can apply to airline seats; no wonder that many carriers are looking to make a change.
May 5, 2014 -- Updated 0558 GMT (1358 HKT)
Etihad Airways has unveiled new cabins that are more like suites complete with butler and chef.
ADVERTISEMENT