Digital Security for the Daily Commuter: 9 ways to Stay Digitally Secure on the Move

Introduction

A knowledge of digital security is vital for living and working in the modern world. Unfortunately, even if you have learned ways to stay digitally secure, it can be easy to forget to apply them when out of the office. Whether commuting for business or leisure, staying digitally secure while on the move can be more complicated than it is at home or in the office!

With so many people having been working from home for a while due to the pandemic, many digital security measures have become a little rusty. If you are wondering how to keep your devices, software and confidential information safe while commuting back to the office, or working remotely in public spaces such as cafes or libraries, we have put together this handy guide to remind you.

Young people browsing online via laptop and smartphone, users staying digitally secure while using Wi-Fi hotspots

How secure are public networks?

When commuting or working in a public space, you are much more likely to use publicly-accessible Wi-Fi networks, such as those offered on trains or in cafes.

Over half of respondents to a survey by Norton reported using a public network to access personal email or social media accounts, with most believing this to be secure and less than half knowing how to identify the security level of a network. However, according to a survey carried out by Kaspersky, almost 25% of public W-Fi hotspots use no form of encryption whatsoever.

Although you may expect older generations to be more at risk, it was in fact millennials who shared the most information over public Wi-Fi networks, with a staggering 95% having done so!

According to Verizon, almost half of all data breaches are breaches of web applications—the kind commonly accessed by commuters using unsecured public Wi-Fi networks. As the number of companies incorporating remote working models has increased sharply since 2019—in response to both the pandemic and technological advancements—web application breaches have doubled in this short time.

Why do hackers target commuters?

It is well-known that people who travel around the world are often targeted by thieves or scammers. However, this does not apply only to people travelling overseas. Any daily commute or public space can leave you vulnerable to hackers; even the bus home from work or the cafe down your street!

There are a few reasons why commuters are often at greater risk of hacks and data breaches.

1. Your digital security may be more vulnerable outside of the office

Not only can it be easy to forget company security protocols when on the move, but it is also common for company smartphones and laptops to lack the powerful cybersecurity software installed on the office computers. You are also much less likely to be connected to your company’s internal network—which is usually more secure than those you may connect to out of the office—when out in public.

In addition to the potential lack of cybersecurity software, your devices can also be much more visible than at home or in the office—both digitally (e.g., on public WiFi networks) and physically (e.g., if you are using a laptop on a train or in a cafe).

2. You are likely to be less aware of your surroundings

Places like busy train stations or airports can be overwhelming, and thieves can take advantage of commuters, especially those in a rush! Less stressful spaces—like the cafe you visit every lunch break—can also carry risks if you let your guard down. You may be so comfortable with your armchair and latte that you forget to be vigilant.

Zebra crossing Pedestrians crossing city street commuting to work

3. Hackers / thieves are less noticeable in crowds

Hackers often target public places that draw crowds, especially in areas where commuters are likely to be carrying devices with sensitive company data stored on them. They may even target specific individuals by observing them over time and learning their daily commuting routines!

Whether physically stealing devices or hacking into them, theft can be much easier in public than it is to gain access to devices or data in a locked office or home. What’s more, thieves can disappear without a trace in busy public places before the target even knows a theft has occurred.

Digital travel security: risks and preventative measures

There are numerous specific digital security risks that commuters and travellers face. Here we have listed the main ones, and what steps you can take to address them.

1. Hardware theft

Theft of physical devices such as smartphones and laptops is a particular danger to look out for when in public. Be wary of pickpockets (storing your device in a closed bag or case can be better than keeping it in a loose pocket when it is not in use) and don’t leave your device unattended (that includes in your locked car!) or with someone you don’t know and trust.

2. Unauthorised access of unattended devices

Unattended devices such as phones or laptops are prime targets for hackers and thieves. Not only can a thief access the data stored on the device, they may also be able to use your device to hack any MFA measures you have set up to protect your company's systems.

To help prevent this avoid leaving devices unattended unless absolutely necessary—don’t trust the librarian, ticket inspector, or cafe owner to guard your belongings!

Always remember to lock your device before leaving it with someone you know and trust, and don’t have your password written down somewhere (physically or on a word processor or Notes app) easily accessible.

3. Shoulder surfing

“Shoulder surfing” is when people look at your device screen over your shoulder. Many of us find it rude when someone reads over our shoulder, but if you are interacting with potentially sensitive data or putting in a password then it can be more than just an annoyance.

If you need to use your device in public, you can stop people shoulder surfing by tilting the screen away from them, positioning yourself so that a wall or other barrier restricts others’ view, or using a screen filter.

Man and woman having a private confidential discussion

4. Private conversations

It is not just shoulder surfers that you should be aware of. Spoken conversations can also be a potential security risk. Do not share or discuss private information over the phone when in public. You never know who could be eavesdropping!

5. Data interception

Publicly-accessible Wi-Fi may seem convenient, but it can often be insecure and vulnerable to hacking. When possible, avoid using public Wi-Fi. If you do need to use public Wi-Fi or hotspots, always access confidential information via your company’s virtual private network (VPN) so that any data transferred is encrypted. A VPN is recommended even for non-work-related tasks carried out online!

Another way that data can be intercepted is through a Rogue Access Point (often known as an Evil Twin). These access points often appear legitimate from the SSID—however, they are used by hackers to impersonate a legitimate network. A good way to mitigate against this is by verifying the network name with the hotspot provider and, as always, using a VPN to encrypt traffic.

6. Insecure third-party USB ports

USB charging ports, such as those in airports, can be used by hackers to access the information of any device using that port. Avoid using these when possible—make sure your devices are fully charged before you travel with them, and if you do need to charge your device then consider investing in a portable charging bank, or using a physical wall plug to charge through the mains instead.

7. Bluetooth and Wi-Fi sharing

Bluetooth and Wi-Fi sharing are also channels that can be targeted by hackers and thieves. Before travelling, always remember to disable Bluetooth and turn off Wi-Fi sharing on your device to protect against yourself being discoverable on any public-facing network.

If you need to share data with another device (e.g., a colleague’s laptop while you work together in public), a PAN—or Personal Area Network—may be a useful solution. PANs usually consist of only two devices, such as connecting two Laptops together via Bluetooth. While they can remove the need for using public networks, it is important to make sure that a PAN is itself secure and only accessible by those authorised.

8. HTTPS Encryption

If you do need to enter sensitive information into a site or app when in public, always make sure that the site or app encrypts information using HTTPS (the HTTP protocol with added encryption from TLS/SSL). If a site or app does not use this encryption, hackers could potentially access sensitive information in cleartext form using packet sniffing.

9. Social media

Careless use of social media can be taken advantage of by unscrupulous individuals. Don’t post your location on social media when working—not only can this give competitors clues into your business dealings, but it can also leave you open for a spearphishing attack (a personalised phishing attack directed solely at one person).

Posting your location on social media could also result in data leakage, especially if you're in the location for a confidential or private reason.

Woman posting social media post online the could contain sensitive information

Why should you take preventative measures?

It is essential to take preventative measures to protect your data while on the move. Data breaches can result not only in invasions of privacy, but also in the theft of funds from bank accounts. In some cases, you may not even know your data has been compromised until much later in time.

Staying digitally secure while travelling is especially important if you are carrying out work-related tasks, either on your personal devices or using those belonging to the company you work for.

If a security breach occurs as a result of you neglecting company security protocols, you may be considered liable for the breach yourself. Data breaches can seriously negatively affect the reputation of the company you work for, and result in a loss of revenue. The last thing you want is to be held responsible for losing the company money!

In addition to the bad publicity and loss of business that can come from insufficient digital security, there can also be potentially severe legal ramifications. Not following data protection legislation such as GDPR can put companies at risk of legal action from clients or customers. Compliance with data protection policies and legislation is perhaps the Number One reason to take preventative measures to protect digital security.

If you do not follow all device software and data protection policies and procedures your company has put in place, you can get into a lot of trouble with your superiors and even potentially lose your job!

Any company should have a cybersecurity policy. If you are in doubt about the safety of any action using company devices while travelling, you should check with your superiors first. Your company may even have a Data Protection Officer who is qualified in all matters relating to digital security.

What should you do if sensitive information is breached while you’re travelling?

Unfortunately, data breaches can sometimes occur even if every preventative measure has been taken. In the event of a data breach for any reason while you are travelling, it is important to read your company’s policy on device, software and data protection and follow the necessary steps.

Inform your company’s IT team and your line manager immediately so that the appropriate steps can be taken. Your IT team may require additional information on what could be potentially leaked, so they can address this accordingly. Make a note of the time you noticed the information breach and what you believe may have been the reason for it.

You may be embarrassed or worried about the reaction, but attempting to cover up the breach can make things even worse and even potentially land you in legal trouble! Transparency is always the best way when it comes to addressing a breach and carrying out damage limitation.

If you notice anything suspicious about the way your device is functioning during or after using it in public, you should also notify your IT team—it’s better to be safe than sorry!

Cookie	Duration	Description
__cf_bm	30 minutes	This cookie, set by Cloudflare, is used to support Cloudflare Bot Management.
bcookie	2 years	LinkedIn sets this cookie from LinkedIn share buttons and ad tags to recognize browser ID.
bscookie	2 years	LinkedIn sets this cookie to store performed actions on the website.
lang	session	LinkedIn sets this cookie to remember a user's language setting.
lidc	1 day	LinkedIn sets the lidc cookie to facilitate data center selection.
tve_leads_unique	1 month	This cookie is set by the provider Thrive Themes. This cookie is used to know which optin form the visitor has filled out when subscribing a newsletter.
UserMatchHistory	1 month	LinkedIn sets this cookie for LinkedIn Ads ID syncing.

Cookie	Duration	Description
_ga	2 years	The _ga cookie, installed by Google Analytics, calculates visitor, session and campaign data and also keeps track of site usage for the site's analytics report. The cookie stores information anonymously and assigns a randomly generated number to recognize unique visitors.
_gid	1 day	Installed by Google Analytics, _gid cookie stores information on how visitors use a website, while also creating an analytics report of the website's performance. Some of the data that are collected include the number of visitors, their source, and the pages they visit anonymously.
c3po.jpg	Session	This pixel tracker, set by metricool.com, collects data on the user’s navigation and behaviour on the website. This is used to compile statistical reports and heatmaps for the website owner.
CONSENT	2 years	YouTube sets this cookie via embedded youtube-videos and registers anonymous statistical data.

Cookie	Duration	Description
_fbp	3 months	This cookie is set by Facebook as part of their embedded services on our websites (likes, sharing etc.).
fr	3 months	Facebook sets this cookie to show relevant advertisements to users by tracking user behaviour across the web, on sites that have Facebook pixel or Facebook social plugin.
VISITOR_INFO1_LIVE	5 months 27 days	A cookie set by YouTube to measure bandwidth that determines whether the user gets the new or old player interface.
YSC	session	YSC cookie is set by Youtube and is used to track the views of embedded videos on Youtube pages.
yt-remote-connected-devices	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt-remote-device-id	never	YouTube sets this cookie to store the video preferences of the user using embedded YouTube video.
yt.innertube::nextId	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.
yt.innertube::requests	never	This cookie, set by YouTube, registers a unique ID to store data on what videos from YouTube the user has seen.

Cookie	Duration	Description
AnalyticsSyncHistory	1 month	No description
ClientId	1 year	No description available.
li_gc	2 years	No description
OIDC	6 months	No description available.
OutlookSession	session	No description available.
tl_1206_1206_4	1 month	No description
tl_544_544_1	1 month	No description