The New York Times
This copy is for your personal, noncommercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers here or use the "Reprints" tool that appears next to any article. Visit for samples and additional information. Order a reprint of this article now.

February 18, 2010

Safe Travels for You and Your Data


You’re a smart traveler. You pack sunscreen and Pepto, locks for your luggage and a pouch to hide cash under your clothes. But what digital precautions do you take?

It’s hard enough to make sure the data you send and receive is safe when you’re at home or at work. But traveling brings a whole new set of hazards: from publicly accessible computers to unprotected wireless networks to crowded and pickpocket-plagued airports.

Luckily, preventing a digital wipeout while you’re on the road is reasonably easy and inexpensive. Here are some of the main things you can do to keep your data out of harm’s way while you wander the world.

PUBLIC COMPUTERS Computers in cybercafes and hotels are notorious for having malware on them, including “keylogger” programs that record users’ keystrokes and capture screenshots to collect log-in information. Many PCs do not have important software fixes or security programs with current updates. They could even have physical keylogging devices fitted onto the back.

Before using public computers, ask what security measures are in use. Better hotels and cybercafes maintain their computers properly and reset them after each user so unauthorized programs are removed.

If you get a blank look from the attendant, check for a security program icon at the bottom of the screen and click on it to see if it is up to date. If you do not see evidence the computer you are about to use is safe, try to find another place to go online.

If you cannot wait for a more secure machine, avoid any banking business and entering of your credit card number. As for using e-mail: “If you absolutely have to, then do it. Then when you get home, change your password,” said Maxim Weinstein, executive director of StopBadware, a consumer-focused nonprofit.

PUBLIC WI-FI It is safer to use your own computer and go online using airport, hotel or other public Internet connections. But beware that there is still some risk, especially using public Wi-Fi.

By “sniffing” the airwaves, a snoop in the vicinity can read data you send across the network. It’s easy — free software for capturing, viewing and analyzing Wi-Fi traffic is widely available — though it is unclear how prevalent this kind of activity actually is. A hacker could also infiltrate your PC by making his computer appear to be a legitimate Wi-Fi hot spot.

To protect yourself, use a firewall — they are included free in recent versions of the Windows and Mac operating systems — and make sure important information you send is encrypted. Look for “https” in Web addresses, and check if a Wi-Fi network uses encryption by reading privacy policy on its Web site.

If you have access to a VPN (virtual private network), from your employer for example, use it. You could also get online via a cellular card or “tethering” with your mobile device over encrypted cellular connections, though that may increase your data fees.

On a low-tech note, if you work with confidential information in public places on a regular basis, consider using a removable privacy screen for your display to make it harder for neighbors to sneak a look ($20 to $60 for laptops, $5 to $15 for iPhones and BlackBerrys).

YOUR LAPTOP Besides the laptop’s data, there’s the machine itself. In addition to keeping out malware by using current security software, you need to protect and back up your data in case your computer does take a walk, especially if you store confidential personal or business documents.

Laptop loss and theft at airports are rampant. A 2008 study of 106 airports in the United States conducted by Ponemon Institute, a research firm that focuses on data security and privacy, found travelers lose more than 12,000 laptops a week — and that’s just the ones airport personnel find.

“People don’t really think about the security of their laptop as much as they need to,” said Marian Merritt, the Internet safety advocate for the security software maker Symantec. “I see a lot of bad behavior on the road.” Do not entrust your laptop to a complete stranger; it’s better to take it into the bathroom stall with you, she said. Do not put electronics in checked luggage. And consider buying a laptop lock ($20 to $50) to use if you leave the computer in your hotel room.

Using a password to lock your computer provides little protection; someone with know-how can bypass it in minutes. And if you let your Web browser store your passwords, hackers could be in your accounts in no time. It is more effective to use a password manager to store and encrypt your passwords. If you do lose your laptop, a service like LoJack for Laptops (starting at $40) can help you track it down or remotely delete your data.

An even better idea is to use full-disk encryption. You can get quality software free (BitLocker in Windows Vista and 7 and the open-source tool TruCrypt for Windows, Mac and Linux), and using it is easier than deciding which individual documents or folders to encrypt, said Bruce Schneier, a security book author and chief security officer at BT Group. “If you lose your computer, you suddenly don’t care about the data at all,” he said. “You’ll only think: Do I have a good backup, and will my insurance cover it?”

YOUR SMARTPHONE A good alternative to public computers and personal laptops is, increasingly, your mobile phone. Smartphones are essentially minicomputers and usually pull down data using encrypted cell networks. But when connected to Wi-Fi hot spots, the security issues are the same, so find out whether Web sites and mobile apps you use to move confidential information use encryption. Also, intruders can use Bluetooth to read contacts, text messages and other data stored in your phone, so turn it off if you don’t use it.

If you are, say, a supporter of the Dalai Lama and visit China, you may want to be careful what data is on your phone in the first place, since the government there could easily copy it. Or you could slide decoy SIM and memory cards into your phone before you go through customs and put the real ones back in later, said Greg Hoglund, chief executive of the security firm HBGary.

You may have recourse if your phone is lost or stolen. For instance, iPhone users who buy the MobileMe service can use the “Find My iPhone” feature to locate their device on a map, set a password lock remotely, display a message on the screen, make the phone ring even if the ringer is off and erase all content remotely. People with Windows Mobile phones can do the same, at $5 for each function.