A woman holding a tablet computer.

The summer travel season is officially underway, starting with millions of people hitting the road over Memorial Day weekend.

But whether you’re jumping on a plane for an exotic vacation abroad or just road-tripping to grandma’s house, data security experts say it’s important to think before you click—both when planning your journey and after you hit the road.

More on Data Security & Privacy

When people travel, especially when they fly, they’re often more focused on their physical safety than the digital threats around them, says Charles Henderson, global managing partner and head of the X-Force Red cybersecurity team at IBM.

And yet, they make for tempting targets, because they carry valuable items such as passports, credit cards, and devices with login information for travel rewards programs—all sorts of personal data that is becoming increasingly valuable on the black market.

“In a way, it’s sort of a perfect opportunity for hackers,” Henderson says.

But, he adds, if travelers make a point of following the same, responsible cybersecurity practices they employ at home, it will go a long way toward defeating cyber criminals, or at least making them pick someone else.

Need help? These tips will go a long way toward protecting your digital security and privacy while traveling.

Book Your Trip Safely

Secure travel starts with secure booking. Begin by making sure you’re working with a reputable online company, says Michael Reitblat, CEO of Forter, a security company that specializes in e-commerce fraud prevention.

If you've never heard of the website you're about to book through, do some research to see how long it’s been around. If it just popped up a few weeks ago, skip it.

By now, all legitimate e-commerce sites should be using encryption, as well. That protects your credit card number and other data by scrambling it in transit. How do you know whether a travel service uses encryption? Simply look for a lock symbol in the site's URL. If it turns out to be a legitimate company's website, just not encrypted, you shouldn't use that, either, Reitblat says.

Be wary of online ads for super-cheap, last-minute deals. And think twice before handing over information from your travel documents, Reitblat says. While most people would question a request from an online shoe store for a copy of a passport, they might not hesitate when booking a flight.

Some fraudulent sites are just looking to scam you out of your money, but others may actually book your travel, then use or sell your personal information down the road, Reitblat says.

Protect Your Points and Miles

Travel rewards have become a hot commodity. According to a study conducted by Reitblat's firm, cyber attacks against companies that specialize in land travel, including those that book car rentals, train tickets, and hotels, rose 19 percent last year. Sites that allow consumers to pay for their travel in advance were particularly risky.

Though the sheer volume of credit card numbers that passes through such sites is enticing to cyber criminals, Henderson says, rewards that can be sold online and eventually converted into cash are even more valuable.

“Loyalty fraud is exploding as big business,” he says. “The black-market travel industry just continues to grow.”

While consumers may make a point of keeping an eye on their credit card statements when they’re on the road, they generally don’t watch their rewards accounts, according to Henderson.

To play it safe, be sure to shred boarding passes, receipts, and other documents that your rewards number could be printed on.

Lock Down Your Devices

Before hitting the road, make sure the software on your devices is up to date.

Why is this so important? When companies find security flaws, they issue a software patch to fix them. But if you don’t install the update, you're not protected.

The operating systems on your laptops and mobile devices should be your first priority, but web browsers are important, too, because that's where many people run into digital threats like malicious pop-up ads or fake websites. Update any antivirus software you use, as well.

When using your browser on the road, don’t ignore warnings that pop up flagging potentially malicious websites. And don’t forget about your apps, especially those that could hold precious personal information such as banking and credit card numbers. They need to be updated, too.

Next, make sure you have strong passwords for all of your accounts and that your laptop and mobile devices are secured with a password or PIN.

And if you haven’t done it already, check that you have two-factor authentication enabled. This added feature is now commonly used as an extra layer of security for everything from Gmail to credit card accounts. But sometimes you have to turn it on yourself.

Two-factor authentication basically requires you—or anyone else trying to access your account—to enter a second form of identification, such as a code texted to your smartphone, to access your account after you've input a password. With it enabled, if the password gets compromised, the account is still hard to breach. 

Beware of Free WiFi and Power

When you’re away from your home and work networks, it can be tempting to jump on any free WiFi you can, especially if you’re traveling overseas and trying to avoid hefty roaming charges.

Experts agree that you should avoid unfamiliar WiFi. It could be a fake hot spot set up by cybercriminals. And while the rise of encryption has made secured, public WiFi a lot safer in recent years, it still presents perils.

Many security experts and companies recommend using a VPN, or virtual private network, to protect yourself. Ideally, a VPN masks your location and encrypts the data sent to and from your device, making it worthless to anyone who might intercept it.

You may also want to consider using the data connection on your smartphone, which is much less vulnerable to hackers than WiFi.

And if you’re low on battery power in a public place, Henderson says, you should try to avoid those public charging stations found in airports and stores. While it’s rare, they've occasionally been compromised by cyber criminals, who use them to extract data from smartphones, he explains.

In general, it’s a good idea to avoid using public USB connections to charge your devices, too, whether they're at a charging station, your favorite coffee house, or under your airline seat. Use a traditional electrical outset instead.

Take Advantage of Tokenization

There’s nothing worse than finding out while you’re on vacation that your credit card or bank account number has been stolen. Though you aren’t on the hook for fraudulent charges, a compromised card will get shut down immediately and could leave you without cash or credit.

And even with the introduction of microchips, banking cards here in the U.S. aren’t as secure as those in much of the world, because they don’t require a PIN for transactions.

Skimmer devices placed in ATMs, which are designed to steal card information, also have become much more sophisticated and difficult to spot.

So what do you do? Consider using an app such as Apple Pay, Google Pay, or Samsung Pay, instead of an actual credit card. Those services don't transmit your credit card number when you go to pay for something. Instead, they provide the vendor with a randomly generated token.

And that information is worthless to any hacker who might intercept it.