Mobile Device Security for Traveling Abroad

We ran across a great post (link here) on how to keep your mobile device secure while traveling. It’s a great read.  We’ve reprised some of the tips below, but the original post is great, and well worth your time to read.

Luckily there are certain things you can do when preparing for travel, while traveling, and after traveling that will help reduce your risk and information footprint.

Prepare your device for travel

1. If you are using an organization-owned mobile device, make sure they are okay with you taking it on your trip.
2. Consider using a “burner phone” that you don’t care about being lost or stolen while traveling. Get a burner phone that is the same operating system as your primary mobile device. This way you know the device’s security and privacy setting and can better protect yourself.
3. Be sure to check the US State Department (or your country’s equivalent) for warnings, https://travel.state.gov/content/passports/en/alertswarnings.html.
4. Make a backup: Might as well make two! Consider putting a backup copy in the cloud, locally or copy it to an external drive in a safe place at home.
5. Format any removable memory cards to clean the data.
6. Reinstall a fresh copy of your device OS to remove stored application settings or errant files. Don’t restore from a backup, as this defeats the purpose of doing a fresh install.
7. Patch your OS to the latest version and update all the apps.
8. If you can avoid it, don’t travel with a laptop, use a tablet instead.
9. Register with the US Embassy in the country you are visiting, https://travel.state.gov/content/passports/en/go/step.html.
10. Register new, temporary accounts for Google, Samsung, Microsoft or iCloud so you can have separate accounts from your primary ones. This way you can automatically backup photos to the cloud and login to devices without exposing your primary account’s information.
11. Use unique usernames and passwords when creating your temporary accounts. Also, don’t forget to use multi-factor authentication for secure logins.
12. Make sure your incoming email server uses encryption, and make sure your outgoing SMTP server also supports encryption. This will prevent your authentication and email data from being exposed to other network nodes.
13. Use the web-based client, rather than native device mail clients, to access your mail. This prevents mail from being stored on the device and ensures that the connection is TLS encrypted.
14. Encrypt your memory and removeable cards. Encrypt your backups. Encrypt everything.
15. Sign up for and use a VPN service.
16. After you’ve updated your device, turn off automatic updates in your device and app store. You’ll want to review the updates beforehand to make sure they aren’t coming from spoofed sources.
17. Purchase and install a glass “privacy screen cover” to prevent people looking at your screen while you are using it.
18. Decrease your application usage: Remove apps you won’t use, delete any payments methods you won’t use and unlink any accounts you won’t use on your trip.
19. Turn off “push notifications” for any unnecessary services, so you can save your data and ensure no hostile data is received.
20. Disable Bluetooth and WiFi when you’re not using them.
21. Be cautious when posting to social media while abroad.
22. Enable your device to require a password/pin when it restarts.
23. Delete all saved WiFi networks your device has previously connected to.
24. Turn on firewall features if available.
25. Install anti-virus or anti-malware software if your device supports it.

Maintain your security during travel

1. Bring your devices with you wherever you go on your trip, and never leave them in your hotel room or another location unattended. It’s also smart to keep your passport and smartwatch with you at all times.
2. Don’t trust the hotel safe – Most workers have the master keys and master codes. The hotel front desk safe isn’t acceptable storage and can be easily compromised.
3. Don’t leave your mobile devices, memory or storage in checked luggage.
4. Use “private browsing” modes in your web browser of choice.
5. Never plug your device into an unknown dongle, computer, or use anyone else’s cable.
6. Keep an eye on your VPN service connection.

Clean up your device after travel

The goal after travel is to wipe any changes you made while preparing for your trip.

1. Restore your device to its factory settings and re-install the operating system.
2. Change your passwords and re-add your original accounts on your mobile devices.
3. Restore your mobile device to the backup you created before your trip.
4. Scan your mobile devices for viruses and malware.

Original Post:

https://architectsecurity.org/blog/2017/08/international-mobile-device-security-part-1-preparing-your-mobile-devices-for-travel/

https://www.epa.gov/sites/production/files/2013-11/documents/cio-2150.3-p-18.1.pdf