Information Security at the University of Hawaii
Be on the Lookout for Spearphishes
The University of Hawaii has experienced an increase in spearphishing attempts on our users. These attacks take the form of malicious emails seemingly from trusted senders containing links or attachments carrying malware that can steal any information on the computer.
An example of a suspicious attachment could be a Microsoft Word document that contains a malicious script.
To read more about spearphishing, see more examples, and learn what to do if you receive a spearphish, please visit https://hawaii.edu/infosec/spearphishing/
Protecting Your Data and Devices While Traveling
Traveling today is so much easier with technology. You can stay productive, entertained, and in touch. For many, having a cell phone or other electronic devices is a critical part of having a great travel experience and is an integral part of daily life. Unfortunately, traveling with devices can mean increased risks for keeping your personal data private as well as the potential for device theft. Experts often suggest leaving your device at home or using a loaner device when traveling, but that isn't always a viable option.
Due to enhanced security measures in most countries, travelers with tech should be prepared for possible disruptions or additional wait times during the screening process. Here are some steps you can take to help secure your devices and your privacy.
Good to know:
- While traveling within the United States, TSA agents at the gate are not allowed to confiscate your digital devices or demand your passwords.
- Different rules apply to U.S. border patrol agents and agents in other countries. Federal border patrol agents have broad authority to search everyone entering the U.S. This includes looking through any electronic devices you have with you while you are traveling. They can seize your devices and make a copy for experts to examine offsite. Learn more from the Electronic Frontier Foundation about digital privacy at the U.S. border.
- Travel only with the data that you need; look at reducing the amount of digital information that you take with you. This may mean leaving some of your devices at home, using temporary devices, removing personal data from your devices, or shifting your data to a secure cloud service. Authorities or criminals can't search what you don't have.
- Most travelers will likely decide that inconvenience overrides risk and travel with electronic devices anyway. If this is the case, travelers should focus on protecting the information that they take with them. One of the best ways to do this is to use encryption. Make sure to fully encrypt your device and make a full backup of the data that you leave at home.
- Before you arrive at the border, travelers should power off their devices. This is when the encryption services are at their strongest and will help resist a variety of high-tech attacks that may attempt to break your encryption. Travelers should not rely solely on biometric locks, which can be less secure than passwords.
- Make sure to log out of browsers and apps that give you access to online content, and remove any saved login credentials (turn off cookies and autofill). This will prevent anyone from using your devices (without your knowledge) to access your private online information. You could also temporarily uninstall mobile apps and clear your browser history so that it is not immediately apparent which online services you use.
- Change your passwords or passphrases before you go. Consider using a password manager if you don't use one already, like Keepass.
- Set up multifactor authentication for your accounts whenever possible for an additional layer of security.
- Delete apps you no longer use.
- Update any software, including antivirus protection, to make sure you are running the most secure version available.
- Turn off Wi-Fi and Bluetooth to avoid automatic connections.
- Turn on "Find My [Device Name]" tracking and/or remote wiping options in case it is lost or stolen.
- Charge your devices before you go.
- Stay informed of TSA regulations and be sure to check with the State Department's website for any travel alerts or warnings concerning the specific countries you plan to visit, including any tech restrictions.
- Clear your devices of any content that may be considered illegal or questionable in other countries, and verify whether the location you are traveling to has restrictions on encrypted digital content.
- Don't overlook low-tech solutions:
- Tape over the camera of your laptop or mobile device for privacy.
- Use a privacy screen on your laptop to avoid people "shoulder surfing" for personal information.
- Physically lock your devices and keep them on you whenever possible, or use a hotel safe.
- Label all devices in case they get left behind!
Source: STOP. THINK. CONNECT. 5 online security tips for smarter travel infographic