A significant portion of Blackbeard Biologic’s work occurs overseas, most frequently in the South Pacific. In the last several years it has become more and more essential that business travelers take extra precautions to avoid hacking, theft, and unethical government officials who may attempt to compromise sensitive business information. At Blackbeard, we take steps to ensure that we maintain information security and proper device hygiene while traveling.
Since Blackbeard operates in a unique space between science, policy, and technology, and since the question of information security while traveling has become increasingly part of the public discussion, I have been approached by numerous partners and professional colleagues to advise on simple, effective, and non-invasive steps to increase security while working or traveling overseas. Unfortunately, there is no easy, one-size-fits all solution, but, over the last few years, I have established a set of protocols that, once in place, have relatively little impact on your day-to-day activities while traveling.
All of these guidelines fall under the umbrella of our overarching policy: Never travel with more data than you need to get the job done.
What does this mean? Imagine your primary phone is stolen on the streets of Kuala Lumpur. If you’re like most Americans, that phone contains access to several payment options, possibly bank accounts, identifying information, and most importantly, social media and email accounts. Yes, it is far more hazardous to have you email or Facebook accounts breached than it is to have you bank account hacked. Banks are FDIC insured. A hack is frustrating and will take weeks to sort out, but you’ll get your money back. Lose control of your email and social media, and a hacker can take everything, with little recourse.
What does this look like in practice?
- Your Email: Since email is both the most critical account to protect and often the least protected on your smartphone (and probably also on your laptop), don’t travel with your main email account. At Blackbeard, we set up travel email accounts that can be used to contact people but are not linked to important personal accounts. If someone has your phone and access to you email, they can easily reset your passwords and lock you out of any critical account, forcing you to work through customer service while they drain whatever data they want. All my emails use 2-factor authentication, which means than when I travel now, I do not have access to my primary email, and no one else does either.
- Your Phone: Get a cheap smart phone (decent GSM phones can be found for $50) and an international pre-paid SIM card. This gives you a number that works everywhere you go without surprises on your credit card bill. Some cards will even give you a local number where you land, making it easier for collaborators on the ground to get in touch. Since social media is often part of the work we do, this phone is granted access only to public facing accounts. Since I only grant access to my travel email and don’t have my regular phone with me, it is not possible for me or anyone else to access my main email account until I am back home. Yes, that can occasionally be frustrating.
- Your PC: Before the trip, I make an image of my field computer in its current state and then perform a factory reset. From there, I only load the software and accounts that I need for the trip. This guarantees that there is no account information that is accidentally stored on the machine. It also means you’ll have a nice, fast, fresh computer for the trip, that’s not bogged down by bloatware (sometimes I even opt not to restore the image when I get home). I don’t connect to accounts like Dropbox, Google Drive, or Skype unless I need them for the trip, but, because it’s a windows machine, I do have to establish a OneDrive connection. Which is why, as a general policy, I don’t store anything sensitive in my OneDrive folders.
- Social Media: Here’s the thing, it’s hard to predict what different countries border agents will decide is important or warrants blocking entry. In some countries, it’s illegal to be homosexual; others have strict requirements about political statements; some have outlawed ponytails on men; in one city, it was temporarily illegal to be Claire Danes. Practice good social media hygiene when travelling. Assume even private messages can be made private and delete any direct messages that may contain sensitive or personal information from any linked accounts (which I already do since I hate using them). In general, only travel with public-facing, non-personal accounts. Unfortunately, since in many cases our name is our brand, carrying access to personal accounts can be unavoidable. If you are part of any private groups where personal or sensitive information is shared, remove yourself from those groups during travel.
- Back Home: Log out of everything on your home and work computers. None of these steps matter if you leave Gmail running on your home PC, with you primary phone sitting in a charging cradle, and your house gets burgled.
- In case of an Information Emergency: I carry an iTwin secure connection, with a matching partner in US. This allows you to access a remote PC, but it requires that someone insert the device and log it in to that PC. So, in an emergency, a partner stateside would need to have physical access to my PC, one half of the iTwin pair, and the login information for both the PC and the iTwin, which would then allow me to access remote files if necessary.
Paranoid? A little, sure. But an once of prevention is worth months of trying to recover you digital life if your accounts are compromised. It takes a bit of effort to get this system in place, but the beauty of it is that, once you’re travelling, you barely notice a change.