By Maryann Lawlor
AFCEA Signal Connections
January 16, 2007
Securing valuables while traveling is about more than suitcase locks,
money belts, travelers checks and hotel safes. These days, information
is one of the most precious commodities that people carry with them
everywhere. Whether on the road for pleasure or on military, government
or commercial business, professionals are laden with laptops, cell
phones and personal digital assistants filled with data just ripe for
the picking by information thieves.
But according to Robert J. Bagnall, chairman and chief executive
officer, Maverick-Security LLC, 80 percent of the information security
breaches that people face every day can be averted by using common
sense, employing information security products and being aware of their
Threats to information differ depending on the region of the world,
Bagnall states. China, for example, has an open hacking policy; however,
citizens go to jail if they are hacking in an attempt to overthrow the
government, he explains. Because the Chinese military trains personnel
to hack into computer systems, travelers may be targeted if they are
carrying military information.
Russian hackers are motivated by a different desire: greed. In the past,
Russian hackers specialized in identification theft. They would steal
credit card information then sell it in bulk. But Bagnall says there is
a new specialty in Russia of selling boutique data. If someone wants
access to specific data in the military, for example, they can go to the
guys who have it and buy just what they want. Pricing is based on the
quality and reliability of the data, he explains.
In Israel and France, Bagnall notes, hacking is all about economic
espionage. The thieves aim to steal corporate secrets or to access
By staying informed about the type of data hackers in the destination
country are most interested in grabbing, travelers can take appropriate
precautions to protect particular information. On its Web site,
Maverick-Security has published its top 10 security tips  for
protecting data while traveling. The list is divided into three
categories: mild, medium and paranoid. Travelers should choose the
security level they need for their specific travel plans. By employing
as many of these tips as practically possible, the vast majority of
security risks can be alleviated, Bagnall says.
Four of the recommendations fall in the mild category. First, travelers
should use removable storage media to store critical data. Second, all
dataincluding the information on the removable mediashould be backed up.
Third, before leaving on a trip, firewalls, intrusion detection systems
and antivirus applications should be updated. Fourth, any equipment that
is not needed or not in use should be turned off. The safest computer is
the one thats not on and not connected, Bagnall points out.
The first recommendation in the medium security category is to trim down
the information that will be taken on a trip to the bare minimum.
Documents should be duplicates, not originals. When you travel, you must
assume that your data is at risk, Bagnall says. To minimize the risk,
bring only the data necessary to accomplish your goals while you travel.
Using encryption to protect critical data is the second suggestion in
the medium category. Because wireless capabilities enable hackers to
burrow into hard drives, travelers can no longer assume that data is
safe even if it is on a hard drive that is in their possession.
Encryption will help ensure that data is not lost, compromised or
In addition, like all other valuables, digital devices should never be
left unattended in hotel rooms. Removable media should be carried;
laptops or other hardware should be locked in a hotel or room safe.
The paranoid category includes three suggestions. First, travelers
should not use free connections without employing encryption and should
never perform work-related tasks using public Internet kiosks. Second,
upon returning from a trip, all passwords should be changed. Finally,
when traveling, a more restricted user account should be established on
a laptop, and the regular user account should be suspended until
returning home. The temporary account should be wiped clean before
plugging a laptop into a home or office network.
Maverick-Security plans to update its list of travel tips this year. We
just want to tell people to look at themselves from the standpoint of
what they bring with them. Also, look at the information about yourself
that youre putting out on the Internet in places like MySpace.com. This
information could lead to identity theft or stalking, Bagnall says.
Some security problems can be solved with technology; others have to be
solved by working with people, he adds. For example, users must update
software programs and apply security patches in a timely manner, and
information security personnel need to be included at the beginning of
the planning process of information system projects.
The bad guys are no less lazy than the rest of us. Thats why computer
system break-ins are 80 percent preventable, he explains.
Copyright 2007 AFCEA International. All rights reserved.
Subscribe to InfoSec News