Commentary
7/23/2014
09:06 AM
Jerry Irvine
Jerry Irvine
Commentary
Connect Directly
LinkedIn
RSS

Summer Travel Cyber Security Tips For Government Employees

Vacationing as a government employee brings special security concerns. Follow these precautions to protect your devices and data on the beach and beyond.



 Government Data + Maps: 10 Great Examples
Government Data + Maps: 10 Great Examples
(Click image for larger view and slideshow.)

Vacation season is in full swing and so are hackers looking for opportunities to pounce when you're relaxed and your guard is down, especially if as a government employee you might possess extra-valuable information.

The cyber risks begin even before you leave for vacation. Don't be one of those people who announces his travel plans on social media. This information is easily accessed by malicious users hoping to break into your home or work systems to gain access to proprietary and confidential information via remote systems while you are away. This is particularly true for government employees whose systems might be dormant or used by others in their absence.

Resisting the urge to share your travel plans via social media is just the first step in mitigating cyber security risks. Here are some additional tips for government employees who are hitting the road for some needed downtime:

  • When planning a vacation, you should only use websites of known companies. Unfamiliar discount websites can be malicious sites set up to infect you and steal confidential and classified data. Using unknown sites and applications, especially while at work, can hurt the security and performance of governmental systems.

[Net neutrality doesn't have to be a rerun of the Hatfields and McCoys. Read Net Neutrality: Let's Move Beyond Class Warfare.]

  • Never click on links or attachments containing coupons or discounts in emails received from a travel companies or other marketers. Phishing emails contain viruses or redirect you to sites in order to get IDs and passwords. Governmental organizations and agencies are favorite phishing targets. Instead, you should go directly to the website to review promotions and offers.

  • When logging into a website with a user ID and password, make sure it's an "HTTPS" site. Never enter any personal information, especially credit card data, into a website whose URL starts with "HTTP" because it's not as secure. Instead use a payment company or service such as PayPal, Amazon, or Google. Services do not pass your financial information but instead take the payment and transfer money from their systems, protecting your data. Governmental organizations might also provide purchasing cards or purchase orders for authorized travel.
  • Notify your credit card companies of your travel dates and locations so they can watch for unauthorized activity and alert you of any usage outside of your travel areas. You should also set up multi-form factor authentication on your accounts. This will send separate emails or

Next Page



    texts to you with additional passcodes for you to use when logging in. This added security measure decreases the risk of someone getting into your accounts. You can also set up other alerts on your accounts to send emails or texts for transactions over specific amounts. This will provide you with a warning should your cards or information be lost or stolen.
  • Every coffee shop, restaurant, hotel, and even some government facilities now offer free, publicly accessible WiFi. Although they might be convenient, beware using these hotspots. Using "man-in-the-middle" techniques, hackers can redirect your WiFi traffic to their PC and steal all of your IDs, passwords, and financial information.
  • International travelers are even more at risk because hackers know you have little knowledge of international sites. Many sites containing viruses and malware are directed to unsuspecting travelers advertising inexpensive transportation, tours and discounts. Government employees with remote access to their offices who access these sites can put data and systems at risk of denial of service, loss or corruption of data, and even remote control of systems. Similarly, many tourist attractions and tours offer mobile tour apps for installation on your smart phone or tablet. Stay away from these apps; you should install only the apps in your mobile device manufacturer's online store. Installing apps outside app stores increases the risk of a hacker infecting your mobile device, obtaining all your personal information, and gaining remote access to government facilities systems and data to which they are connected.
  • The most obvious security risk is device theft. With physical access to your device a cyber criminal can break your password in minutes. It might be tempting to take a quick dip while leaving your tablet or smartphone on the beach towel or chaise lounge but it's plenty of time for someone to walk away with it. Don't leave your laptop or phone unattended in a locked hotel room or in your car. Most hotels provide an in-room safe for your valuables: use it.

Cyber crime isn't limited to device data theft, of course. Travelers are also vulnerable to credit card crimes and theft of their financial information. Be wary of ATMs and POS systems. You should use only the devices of companies you know. Cyber criminals have gone as far as to place counterfeit ATMs in public areas to get credit and ATM card data and PINs.

Even when using known companies' machines you should be careful. Cyber criminals frequently place "skimmers" in ATM and POS systems to gather unsuspecting users' personal data. Look closely at the machine to see if there are unusual or loose parts on it. Plastic card readers might be pushed into the card reader to gather your data and transfer it wirelessly. If an ATM or POS system looks strange in any way, do not use it and notify the company.

Finally, never let your credit or ATM card out of your sight. Waiters and cashiers should be able to use portable devices at your table so you can see what they are doing. Portable "skimmers" are easily acquired from the Internet and your service person could steal all your information with a single swipe of your card.

Losing your personal information or devices to thieves affects not only you but your organization or governmental facility. Fortunately, observing these precautions can keep vacation time the carefree downtime you deserve.

Join us at GTEC, Canada's government technology event. Over 6,000 participants attend GTEC -- Government Technology Exhibition And Conference each year to exchange ideas and advance the business of information and communications technology (ICT) in government. Don't miss thought-provoking keynotes, workshops, panels, seminars, and roundtable discussions on a comprehensive selection of ICT topics presented by leading public sector and industry experts. Register for GTEC with marketing code MPIWKGTEC and save $100 on entire event and conference passes or for a free expo pass. It happens Oct. 27 to 30 in Ottawa.

Jerry Irvine is a member of the National Cyber Security Task Force and the CIO of Schaumburg, Ill.-based Prescient Solutions, an IT outsourcing firm. View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service