Recognize Social Media and Travel Risks

Learning Objectives

After completing this unit, you’ll be able to:

Recognize behaviors that increase security risks on social media platforms.
Summarize the safeguards to use when traveling.

You probably wouldn’t tell a stranger on the subway your birthday or tell the person in front of you at the grocery store checkout line that you are leaving for a romantic vacation in Paris tomorrow. Just as you are selective about what personal details you tell others in real life, you should exercise similar precautions online.

As an executive, you can announce that you’ve started a new position, follow companies and organizations you’re interested in learning more about, and share about the latest conferences you attend or initiatives you’re working on, all through social media. Using social media can help expand your network, connect you to new ideas, and build your company’s and your personal brand. Malicious actors, however, can use social media to collect information about you and compromise your accounts. For this reason, it’s a good idea to put effort into protecting your privacy online and using social media judiciously.

The US Cybersecurity and Infrastructure Security Agency (CISA) offers advice and best practices about common security issues. Here are some additional tips for using social media securely.

Use Multi-Factor Authentication (MFA)

Many social media services can verify your identity in order to prove that the account under your name is really you. Using more secured layers of authentication makes it much harder for a malicious actor to gain access to your account and personal information.

Be Aware and Don’t Share Confidential or Proprietary Information

It’s best not to share business information on social media sites unless your organization has approved you to do so. Also, carefully consider the classification of the information you share on social media sites, and only share information that is public. Think twice before you post something and consider the audience. Is this something that should stay in the company or be kept private? Your social media account can have thousands of followers from all around the world, many of whom you’ve never met. You can also unintentionally share proprietary information that places the organization at risk. In our current climate, with many distractions and with people moving at a fast pace, you are bound to make mistakes. For this reason limit what you post, double-check information before you post it, and limit the audience using your account’s privacy settings.

Assume What You Post Is Public

Even if you are posting from a private account to only your close friends, you should still assume whatever you post is public. In this day and age, someone can screenshot what you have written by clicking a button and sharing it outside your immediate audience. For this reason, avoid posting anything on your private accounts that you wouldn’t want the world to know about.

Limit Sharing Your Travel Plans on Social Media

Sharing your location publicly creates risk. For example, if a malicious actor knows you are on vacation, they can launch an attack or send a spoofed email from your account, knowing you likely will not see it and react in time. It’s a good idea to disable location services in social media posts so you don’t divulge your location accidentally. If you do post about an event you attended or a trip you took, consider posting after the occurrence when you are no longer in that location.

Secure Your Family’s and Friends’ Accounts As Well

Just as you can inadvertently divulge personal information to a malicious actor through your own social media, your family and friends can also reveal private information about you. Tell them about the risks of social media, and share these tips with them. This reduces your risk all around.

Protect Your Information and Technology While Traveling

It is important to defend yourself from digital threats while traveling. Let’s meet Taylor, the CEO of Confidential Cloud Enterprises who has some security concerns. The busy nature of his work, his broad domestic client base, and his heavy reliance on cloud computing technology present special challenges for staying secure while he travels. He often takes calls, works on documents, and sends emails from his cellphone, tablet, or laptop while riding the subway, waiting in airports, or spending the night at a hotel before a conference the next day. He wants to protect his company’s confidential data and IT assets no matter where he is working.

It’s important to secure devices with organizational data when traveling or working abroad for business or personal purposes. In securing your data and IT assets while traveling, whether in your daily commute, or en route to another city or country, keep in mind some key considerations:

Your organization may have special policies and procedures in place for travel to high-risk countries, which require a heightened level of awareness due to the increased potential threats to your data. It’s a good idea to contact your IT or security department before you travel to find out about your organization’s specific policies.

Don’t Trust Public Wi-Fi

Free or paid Wi-Fi is often available in coffee shops, airport terminals, and conference venues. But even if the Wi-Fi network is password protected, your private information can still be viewed by other people using the network. Rely instead on a personal hotspot if possible. If you use public Wi-Fi, connect using a virtual private network (VPN).

Don’t Use USB Charging Ports

While the ports available in your taxi, hotel lounge, or airport terminal are convenient, they can be a source of compromise. Attackers can transfer data and infect your device with malware using USB ports. Protect your device by bringing your own charging brick.

Never Let Your Device Out of Your Control

Maybe you are in a hurry to meet a client for happy hour and decide to leave your computer on the desk in your hotel. Or a friendly woman at the airport watches your phone while it charges, as you grab some last-minute snacks before boarding. Or maybe the restaurant hostess asks you if you would like to store your laptop bag behind the bar while you finish dinner. While these anecdotes seem innocent enough, anytime your device is out of your control someone can compromise your account, install malware, or steal your device or data. Never leave devices unattended, even in seemingly secure locations such as hotel safes. If you suspect someone has accessed your device, contact your organization’s security team immediately.

For international travel, depending on the country you enter, border agents can exercise extremely broad discretion in demanding access to devices and information (including passwords). When crossing an international border at a security checkpoint, it’s a good idea to fully power your device off. If required by border security to turn on your device, or if you believe confidential information has been compromised, or if your device is surrendered to an authority and no longer in your sight and control, notify your organization’s security team as soon as possible, and immediately power down the device and do not use it further.

Implement Cyber Hygiene Best Practices

When you travel, protect yourself by securing your data and devices. Update any device that contains your organization’s data with the latest software releases and patches. Enable MFA on your personal accounts.

Be Aware of Your Surroundings and Associated Threats

When you work while traveling, you often use technology in public or in an unfamiliar place. Be aware of who is around you and what they can see as you work. Someone who sits near you at a conference can see the information on your screen, watch you type in your password, or overhear your phone conversation. Restrict visibility of your devices using a privacy screen, and avoid working on sensitive information in public. Only travel with essential devices, and consider use of a separate device when traveling abroad. In some high-risk locations, cameras placed over hotel desks can capture login credentials, or hostile foreign governments might access your device if you leave it in your hotel room or when you cross a border. Even industry events and conferences are ripe for intelligence operations. The bottom line: Be aware of your surroundings at all times.

By following these tips, you can protect your data and devices no matter where you are.

Recognize Social Media and Travel Risks

Learning Objectives

Use Social Media Securely

Protect Your Information and Technology While Traveling

Resources