Security tips for travelling

Create a backup of your data that you can keep secure at home. Also, leave behind any information or devices you don’t need. This limits how much data is at risk if someone steals or compromises your devices.

Learn more about backups.

Turn on multi-factor authentication (MFA) for your accounts. MFA is when you need 2 or more steps to verify your identity before you can log in. For example, using your login details as well as an authentication code. Learn more about MFA.

Avoid using SMS as an MFA method as it is less secure. Also be aware you need to enable international roaming to get SMS overseas.

Where MFA isn’t an option or you need to disable it before travel, use a strong password such as a passphrase. A passphrase is a string of random words like 'crystal clay onion pretzel'. It should be long, unpredictable, unique and should not include personal details.

Secure your devices with a PIN or passphrase. Make it hard to guess and don’t include personal details such as your date of birth. Make sure your devices are set to lock automatically after a short time (less than 5 minutes).

For more security use biometrics if your device supports it, such as your fingerprint. But check the laws of where you are travelling. Some countries may force you to unlock your device if you use biometrics. To avoid this, you can disable biometrics and use a PIN or passphrase instead. To get travel advice for your destination, visit Smartraveller. 

For more protection against unwanted access, encrypt your devices. It means if a device was compromised your data stays secure. If you do encrypt your devices, make sure to back up your recovery keys. If you lose the keys, you won’t be able to use your device until you factory reset it or reinstall the operating system.

Learn more about how to secure your device.

Update any devices you are travelling with so they have the latest security. Check automatic updates are on and install updates as soon as possible. The longer you leave it, the more vulnerable you could be to a cyber attack.

Learn more about updates.

Confirm you have installed antivirus software and that it is working. Your devices may already have it installed by default.

If you decide to use third-party antivirus software, make sure to research and choose a reputable provider.

Learn more about antivirus software.

Consider using a device that is only for travel, such as a burner phone (a cheap phone you can dispose of). This should not have any personal data on it, including accounts or password managers. If someone gains unauthorised access to your device, there is less sensitive data at risk.

Lock your devices whenever you leave them unattended. Even if it is only for a short period. Make sure your devices are set to automatically lock after a short time (less than 5 minutes).

Try not to leave your devices in your room when you go out, even if there is a hotel safe. When in transit, always keep your devices on you or in sight.

Avoid using public devices such as computers in a hotel business centre. These devices could have malware installed and using them can put your accounts at risk.

If you must use a public device, try not to log into your accounts or input personal information. If you do log in, don't save your login details and remember to log out when done.

Never use someone else’s peripherals such as chargers, cables and other removable devices. Public charging stations and ports could also put your data at risk. Buy peripherals from reputable stores if you need them.

Avoid using portable storage devices such as USB drives. These are easy to lose, steal or infect with malware. Use more secure methods of file transfer and storage such as cloud services.

Avoid accessing sensitive information in public spaces such as airports and hotel lounges. You could expose information to anyone passing by. Wait until you are in a more private location or consider using a privacy screen protector.

Make sure to back up your data often while travelling. If something happens to your device, you can restore important data such as photos and files. Create backups using a secure cloud service or an external storage device. You can turn on automatic backups to reduce the risk.

Learn more about backups.

Be careful of sharing your location and personal information on social media. This includes details such as your flight number, hotel check-in or photo metadata. Someone could use this information to target you.

Find out how to secure your social media.

Public networks are convenient but can also be unsecure. Cybercriminals will target public networks to gain access to your sensitive information. If you are working in public spaces such as an airport or café, avoid using their Wi-Fi or use a VPN. Before using a VPN, check local laws to make sure it is legal in your current location.

Only use trusted networks such as your mobile data and personal hotspot. Where this isn’t an option, think twice about what you share or access on a public network.

Consider turning off Wi-Fi, Bluetooth and near-field communication (NFC) on your devices when not in use. Cybercriminals could use these to hack your device or make unauthorised transactions.

Learn more about public Wi-Fi and hotspots.

Case study: Identity theft from using public Wi-Fi

A NSW man owed over $7000 in fees to a company for gift cards and subscriptions he didn’t buy. The recipients for these purchases went to unknown email addresses.

After investigating, he found several inquiries on his credit report. These happened around the same time as the sale of the gift cards and subscriptions. The first inquiry happened not long after he had used his laptop on a trip.

When connected to the public airport Wi-Fi, he had sent his ID documents to his parents. These included his passport and birth certificate. Using the airport Wi-Fi may have let cybercriminals access his IDs and steal his identity.

While travelling you should be alert for signs of compromise, such as:

• devices or apps keep crashing
• suspicious adverts or pop-ups
• unexpected activity on your accounts
• unknown emails in your sent folder
• excessive battery or data usage when using your device
• devices are hot to the touch when idle.

If you believe you may have been compromised, follow our advice on how to report and recover.