Data security for travelling geeks

This is a work-in-progress guide for geeks looking to keep their data and identity secure while travelling.

The purpose of a good security setup is twofold:

  • control all points of access to your data and identity
  • minimise flux of naked data

There is enough brouhaha in the news recently, but let’s understand clearly what is at stake:

  • Identity (You)
  • Intellectual property (Your work)
  • Information (Client/privileged)

The intention behind this setup is to minimise risk of data leakage and ensure integrity in the chain of trust - Control, Confidentiality, Authenticity, Availability. The underlying theme is

“Do not trust any device or means of communication that you do not control end-to-end.”

With this in mind, I’m currently exploring a security setup outlined below:

  1. Own all ports

    The only physical connection you should make is to AC power sockets. You should not connect your devices to any USB ports for charging. So carry a powerbank that you can charge overnight and keep in your backpack. Also - carry your own set of cables, including ethernet. There are wonderful devices for super paranoids - like a USB Condom - but a USB hub with separate ports for charging and data transfer with surge protection will be very useful.

  2. Configure always on VPN

    Do not trust hotel wifi, guest networks or even in-store wifi. Put your device on VPN for all data and communication transmission. This will be enough deterrent for drive by snooping. Look around and choose a VPN service wisely, specially if privacy or anonymity is high on your charts. HTTPS Everywhere may helps but SSL connections can be intercepted. Also it turns out, cellular connections are not that hard to compromise either.

  3. Manage your passwords

    Do not type out passwords - let a dedicated password manager store them for you - 1Password, keepass or a terminal based utilities. Although keep in mind that if your system is compromised, then using any password manager is insecure, but still better than keeping them in a doc file.

  4. Encrypt data

    Use the native disk encryption supported by your operating system to encrypt your files in situ and in memory.

  5. Configure a firewall

    Enable stealth mode for firewall. Configure firewalls or apps that monitor outbound traffic - most malwares always call home. Install device tracking softwares like Prey or use native service like Find My Phone.

  6. Use 2FA for logins

    All major email and SAAS services support two factor authentication, so use it where possible with a physical key but you should be aware of its limitations and caveats. You also need a backup plan if you lose your key.

  7. Backup. Backup. Backup again.

    Checkpoint your data with multiple backups before travel.

  8. Secure payment services

    For any on-the-go payments use a credit card or a gateway service like Paypal where possible. Also keep your bank informed of your travel plans.

  9. Conform to local laws

    Find out about local laws applicable to digital tools and content - what’s legal in your country might be a reprehensible crime in another. You may not have any reasonable expectation of privacy for usual means of communications and cloud based data storage services, in certain countries. Be informed.

Additionally, take a travel insurance that covers your physical devices getting lost or damaged during travel.