A woman holding a tablet computer

The summer travel season is underway, with millions of people set to pack their bags for a Memorial Day weekend trip.

But whether you’re jumping on a plane for an exotic vacation abroad or just road-tripping it to grandma’s house, data security experts say it’s important to think before you click—both when planning your vacation and after you hit the road.

More on Data Privacy

Just keeping tabs on your own behavior is a big first step toward protecting your digital security when away from home, says Josh Yavor, director of corporate security for Duo Security, a cybersecurity firm based in Ann Arbor, Mich.

When at home or at work, most people are connected to secure networks, most of the time, but that often changes when they’re away, according to Yavor. “Hypothetically, when people are traveling they’re more likely to connect to networks that they shouldn’t,” Yavor says.

These tips from Yavor for will protect your digital security and privacy while traveling.  

Book Your Trip Safely

Secure travel starts with secure booking. Kaspersky Lab, a provider of anti-virus software for both businesses and consumers, says there’s no shortage of fake travel websites out there offering deals on flights and hotels that are just too good to be true.

As a result, you should stick with travel sites you know and trust. And, even then, give the site’s URL a good look. Scammers will often spoof a site’s address by creating a fake site that looks almost exactly the same.

For example, instead of the legitimate airbnb.com, a fake site might be “Airbnb.com.rooms-long-term-rent.online,” Kaspersky says.

Be aware that other scam websites masquerade as major airlines, and others offer free or steeply discounted flights. And if you get an email that looks like it’s from a major airline offering amazing deals, don’t click on the link. Instead, go directly to the airline’s main website.

These emails are often phishing scams, trying to trick you into handing over log-in, credit card, or other personal information, Kaspersky says. 

Lock Your Devices Down

Before hitting the road, make sure the software on all of your devices is up to date, Yavor says. 

Why is this so important? When companies find security flaws, they issue a software patch to fix them. But if you don’t install the update, it’s not going to help you.

The operating systems on both your laptops and mobile devices should be your first priority, but web browsers are important, too, because that's where many people run into trouble. And update any antivirus software you use, as well.

And when using your browser on the road, don’t ignore any warnings that pop up flagging potentially malicious websites. “They’re really good indicators that consumers should stop and think about what they are doing,” Yavor says.

And don’t forget about your apps, especially those that could hold precious personal information, such as those used for banking. They need to be updated, too.

Next, make sure you have strong passwords for all of your accounts and that your laptop and mobile devices are secured with a password or PIN, too.

And if you haven’t done it already, check that you have multifactor authentication enabled. This extra layer of security has become a standard option for everything from Gmail to credit cards. It basically requires you—or anyone else trying to access your account—to enter a second form of identification, such as a code texted to your smartphone, in addition to your password, to access your account.

Multifactor authentication gives you an extra layer of protection just in case your password gets compromised, Yavor says. 

Beware of Free WiFi

When you’re away from your home and work networks, it can be tempting to jump on whatever free WiFi you can, especially if you’re traveling overseas and trying to avoid hefty roaming charges. Don’t do it, Yavor says.

Never use WiFi that isn’t secured with a password. It could be a fake hot spot set up by cybercriminals.

And even legitimate WiFi, such as the free networks at airports, can be dangerous if it’s unsecured, because hackers can log on to it just as easily as you can. 

Many security experts and companies, including Kaspersky, recommend using a VPN, or virtual private network, to protect yourself. Ideally, a VPN masks your location and encrypts, or scrambles, the data sent from and to your device, making it worthless to anyone who might intercept it.

As another option, Yavor suggests using the data connection on your smartphone, which is much less vulnerable than WiFi to hackers. 

Take Advantage of Tokenization

There’s nothing worse than finding out while you’re on vacation that your credit card or bank account number has been stolen. While you aren’t on the hook for fraudulent charges, a compromised card will get shut down immediately and could leave you without cash or credit until you can get a replacement back home.

Yavor notes that even with the introduction of microchipped banking cards in the U.S., cards here still aren’t as secure as those used in most of the rest of the world, because they don’t require the input of a PIN when used.

In addition, skimmer devices placed in ATMs, which are designed to steal card information, continue to be a problem and have become much more sophisticated and less noticeable.

One good way to minimize the chances of your card numbers being stolen is to use payment apps, such as Apple Pay, Google Pay, or Samsung Pay, instead of your actual credit card. The services don't transmit your credit card number when you want to pay for something; instead, they provide the vendor with a randomly generated token in its place.

That information would be worthless to any hacker that might intercept it, Yavor says. 

Special Tips for Overseas Travel

You normally don’t have to do anything special to protect yourself when traveling overseas. But there are exceptions, Yavor says.

If you have sensitive material on a device that would be valuable to state-sponsored hackers, see whether you can just leave the device at home. For phones, laptops, or other devices that you are taking on a trip, first delete any information that concerns you. That includes anything you don’t want to share with customs officials in the U.S. or another country.

“If you don’t want them to see your Facebook, Twitter, or email, make sure you sign out of those apps, or just uninstall them completely,” Yavor says. “Make it incrementally harder to disclose that information.”