The HHS’ Office for Civil Rights‘ December newsletter gave cybersecurity travel tips for the holidays.
“Cybersecurity threats don’t take a holiday when you do,” the newsletter begins. “In fact, some threats may be [more likely] if you’re outside the familiar protected environment of the office or home.”
The guidance is directed at healthcare officials, their employees and business associates who may be taking work with them on trips in the form of phones, laptops, tablets and other devices that may hold or have access to sensitive information.
Of course, the best way to ensure a holiday free from data breaches is to leave your devices behind while you travel. But we understand that’s not always possible, particularly for officials in the security space.
So if you’ll be working on the road (or in the air), be sure to review these 10 cybersecurity travel tips.
1.Bring your own power adapters and cords
Charging your devices with unknown power adapters can create vulnerabilities.
“Cyber thieves may install malware onto hotel lamps, airport kiosks and other public USB charging stations,” the OCR states.
If you must charge your device on a foreign charging station, power it down before plugging it in.
2. Back up your electronic files
Back up your contacts, photos, videos and other data using another device or the cloud (just make sure those backups are encrypted).
3. Install security updates and patches
Out-of-date operating systems and software represent potential vulnerabilities on your devices, and it can be difficult to install updates while traveling.
4. Create new passwords and change passwords
The OCR recommends changing passwords for trips and changing them again upon return. It also suggests adding multi-factor authentication if possible. All the usual password standards apply.
5. Lock devices down
Most smartphones, laptops and tablets come equipped with security settings that will enable you to lock the device using a PIN or fingerprint ID. Th OCR suggests healthcare officials do this on every available device.
“This will be the first line of defense against a security breach.”
6. Remove or encrypt sensitive information on mobile devices
If you don’t need to access sensitive information on your trip, don’t bring it! Of course, encrypt any device you bring. The OCR urges full-disk encryption for laptops.
7. Turn off WiFi auto-connect and bluetooth
Connecting to a public WiFi network is dangerous and less secure than connecting to your mobile network like 4G or LTE.
“Always log into your work networks through VPN, and only use sites that begin with “https://” when online shopping or banking,” the guidance states.
8. Ensure physical security of your devices
If you cannot physically lock devices in your hotel room safe or other secure place, take them with you.
“There are no good hiding spots in your hotel room,” the OCR states. “Many breaches occur because a device was left unattended when an opportunistic thief struck.”
9. Create unique PINs
Don’t use the same PIN for the hotel safe and your mobile device (particularly if your mobile device IS IN that safe).
10. Use geo-location cautiously
Most social media sites automatically share your location when you post things, telling thieves you’re away from home.
For more information on the HIPAA Security Rule and for other OCR newsletters as well as additional OCR cybersecurity guidance can be found here.
Safe travels!