[music]
Wendy Battles: Welcome to the Bee Cyber Fit podcast, where we're simplifying cybersecurity for everyone, where we cut through confusing cyber speak and make cybersecurity simple and easy to digest. I'm one of your hosts, Wendy Battles.
James Tucciarone: I'm James Tucciarone, together we're part of Yale University's Information Security, Policy and Awareness Team. Our department works behind the scenes to support Yale's mission of teaching, learning, and scholarly research.
Wendy Battles: Ready to get cyber fit with us? Hey, everyone. Welcome to another episode of the Bee Cyber Fit podcast. We're excited you're here and hope you're ready to get cyber fit with us. If you're a new listener, welcome aboard. This is the place to come for information and inspiration to stay safe online and outsmart cybercriminals. This podcast is one of the many tools in our toolkit that we use at Yale University to help our faculty, staff, and students build their cyber muscles.
James Tucciarone: Hey, Wendy. So, the weather is warming up, and I'm sure a lot of our listeners are getting excited about travel plans. Are you planning any trips this summer?
Wendy Battles: Great question, James. I hope to be going to Montreal. You know that I'm a big jazz fan, and I haven't been to the Montreal Jazz Festival in about 15 years, so that's my current plan. And then I hope to extend the trip a little bit and go to Quebec City, which I've never been to before. So, I've got Canada on my mind this year. What about you?
James Tucciarone: That's a long time, and both of those sound pretty amazing. Unfortunately, I'm not doing any travel for pleasure this summer, but I am looking forward to attending a few work-related conferences with you later this year.
Wendy Battles: Me too. We are thinking all things cybersecurity awareness, and I'm really excited that we have the opportunity to see colleagues, learn new things, and just generally get out there and help us build our program.
James Tucciarone: And actually, that's what this episode is all about, travel. And I'm really excited because we're doing something kind of special today. We recently surveyed the Yale community to find out their questions on traveling securely, and we're going to be answering some of those questions.
Wendy Battles: I like it, James because it's different than what we typically do. So, keeping it fresh and very timely, because I know a lot of people are gearing up for a busy summer of travel, whether for work or pleasure. So, hmm it's going to be good. But first, let's hear a little teaser for our buzzword of the day.
[music]
James Tucciarone: Do you know if your passport, credit card, or even your pet has a microchip. Did you know those chips could be holding sensitive data? Today we're diving into RFID, a technology that might sound futuristic but is actually all around us. Stay tuned to learn about RFID technology and how to shield yourself from digital thieves.
Wendy Battles: Whether traveling for business or pleasure this summer, it's important to strengthen your cyber defenses. I don't know about you, but when I'm traveling, the first thing in my mind isn't usually cybersecurity. I'm getting ready for the trip, dealing with last-minute details, and checking my list two and three times. The truth though, is that cybercrime costs the global economy more than 1 trillion, James. More than $1 trillion every year. And travelers are often prime targets due to their reliance on public Wi-Fi and unfamiliar networks.
James Tucciarone: That's a lot of money, Wendy. But I will say one of the most common questions that we saw in our survey was specifically about using public Wi-Fi when traveling. So why don't we dive in?
Wendy Battles: Perfect. So for our first question, can public Wi-Fi networks, like in your hotel or in the airport, can those networks be trusted? James, why don't you weigh in on this?
James Tucciarone: One of the main things with public Wi-Fi is we don't always know who's actually putting it out there, whether it's a trusted vendor or even a cybercriminal. Another thing with public Wi-Fi networks is that they're not always password protected, and they can also be easier for cybercriminals to snoop on. Aside from public networks, something else I'll mention is public computers, because we have to be really careful about leaving our credentials in there. When we log into something if we make sure that we don't log out, the next person who uses that computer after us could get right into our information.
Wendy Battles: Those are all valid concerns. And, James, I'm going to tell you, from my perspective, I totally get how it is that any of us could say, “Oh, I'm just going to jump on the free Wi-Fi. It seems super convenient. Not everybody has unlimited data. So, if people are like me and I do not have an unlimited data plan, you know, you get to a certain point in the month where you're pushing up against that limit and you don't necessarily want to buy more. So you're like, “Oh, great, I could just jump on a Wi-Fi network. And so, I totally understand the lure and the why of how it is that we can find ourselves in these situations. And I appreciate what you just shared about the concerns about using Wi-Fi. And especially when we're traveling, we're traveling in a foreign country.
It's not always easy sometimes to get on the networks. We think, “Oh, I'm going to just-- I'll just use this. I have a signal right now. I want to communicate with my family or text people.” So, it's definitely allure. So, then the question gets to be, “Well, what can we do?” If we are going to use public Wi-Fi, how do we make it safer? And we make it safer by using a VPN or a virtual private network. And a VPN actually secures and encrypts the traffic that's going back and forth. So that means that when you use a VPN, you're able to safely use a Wi-Fi network because the communication is protected. And I know that when we're using, for example, our Yale laptop and we're traveling to a conference, we can easily use the Cisco VPN when we're in the hotel.
So, yes, we're on the hotel Wi-Fi. But again, we still don't always know, is it completely trustable? Probably if it's like a Hilton. But still, it's always much better to use that VPN. But we can apply the same principle when we are traveling for fun this summer, or we're going to a conference, like you and I are going to be doing. We can, on our phone, even use the Cisco VPN that we use at Yale, and we can really ensure that all of that traffic is being encrypted. So, when you're going to use Wi-Fi, pair that with VPN.
James Tucciarone: Absolutely. That's a really great point. And I will also say, verify your hotspot before you connect, and whenever possible, avoid sensitive transactions when you're on public Wi-Fi.
Wendy Battles: James, those are great points. Really important, because have you ever had that feeling like, “Well, I'm only going to be on for a few seconds. I'm sure it's going to be okay.” Like, we can tell ourselves these things, but as we often tell our community at Yale, better safe than sorry.
James Tucciarone: Well, Wendy, our next question is about data security, and this one is, “Should we remove sensitive files from our hard drive before taking our laptop on a trip?”
Wendy Battles: 100% yes, James. 100% yes. Yes, you should remove sensitive files from your hard drive before you take that laptop on a trip. It's a basic principle. We don't want that sensitive information getting into the wrong hands. So, if you don't need it, don't take it. And I know it's an extra step when you're planning your trip. But the reason why this is so important is that things get lost. I know that these days we're very distracted. We're trying to multitask. It's easy to put down your phone or your laptop. You get distracted by something and you get up and walk off and leave it. I feel like it's harder for me to do that with my laptop because it's so big. But certainly, I have left my phone behind at places many times, just recently that happened to me.
I can't remember where I was, James, but I was somewhere, and they came running after me. I was at the grocery store. I actually left my phone at the checkout, and I was in the parking lot when I realized I'd left my phone behind, because, you know, you can't go that far without realizing our phone. I was like, “Where's my phone?” I go back in and someone was actually walking it to the customer service desk. But that's an honest person. You know, people steal phones all the time or we might lose our devices. So that is why it is so important that we remove that highly sensitive information. Don't take with you what you don’t need.
James Tucciarone: Wendy, I have to say, you are probably one of the luckiest people I know [Wendy laughs] in terms of getting your devices back when you have misplaced them.
Wendy Battles: No kidding. I am highly favored in that area, amazingly so. So, you know, but maybe it's because I return other people's phones if I see they've left them behind, right.
James Tucciarone: Honesty is key.
Wendy Battles: Paying it forward. Paying it forward.
James Tucciarone: So, I will say you're absolutely right. Only taking what we need is a great idea. You know, pack light and travel smart. The other thing I'll say as well is backing up our data is also really important because in those instances where we do lose our device and don't get it back or it's actually stolen, having a backup of our data allows us to restore that data when we need to. So, backups are also really great to have and to plan ahead for.
Wendy Battles: Right. I am 100% with you. Okay, James, now let's talk about our next topic. Protecting our actual devices and data while we're traveling. So the question is, “What are the three easiest things to do to protect my devices?
James Tucciarone: This is a really great question. One of the reasons why is that it's something that we can do before our trip before we're caught up with everything else that we're going to be doing. So for number one, I would say making sure that you have the latest updates applied to your systems and to your software, because as we know, Wendy, it's really the number one way to keep our devices safe.
Wendy Battles: Second, James, store your devices in a secure location. Do you think that we can trust leaving our devices out in a hotel room? I know that seems like, “Well, it's like a nice hotel. It's got a good reputation.” Do you think we should actually do that, James?
James Tucciarone: No, probably not the best idea.
Wendy Battles: I know. And I'll say I've been guilty of this before. It's like, “Well, I'm here for a while. I'm getting settled in. It's okay to leave my devices out, and it may be, but it also may not because crime happens everywhere and we just have to be really careful.” And again, it goes back to worst-case scenario. If someone was really trying to get your data. And let's say you're in a foreign country somewhere, there are many things that they can do. So, we want to be sure we are securing our devices. And all I'll say is, “Hello, room safe.”
James Tucciarone: That is probably the perfect spot to keep them when we're not using them. And in addition to physical security, I'll say that we should also, for our third tip, think about strong password security. Because once again in those instances where a device does become stolen, having that password protection on our laptop, on our cell phone, either a strong password or even a biometric, like a fingerprint or face ID, makes it just a little bit harder for cybercriminals to be able to get into our devices once they actually have them in their hands.
Wendy Battles: Absolutely. And the thing I'm going to say to all of you that are listening, if you're thinking, I already know all these things, I'm already doing all these things. But we're talking about traveling this summer. Some of you are traveling for business. Some of you are traveling for pleasure. When you are traveling for pleasure, you are likely traveling with other people, your friends, and your family. Do they know all these things? Are your teenagers paying attention to where their devices are? Are they keeping track of them at the airport, or are they always with them? It's just some good food for thought. We encourage you to share this episode and these tips with the people in your life who could really benefit from hearing some of this advice about secure travel.
James Tucciarone: Absolutely. And as we talked about way back in Season 1, we know that no matter what our age is, we are all susceptible to cybercrime. Okay, Wendy, for our last question, let's talk about travel websites. And the question here is how can you tell if a booking website is real?
Wendy Battles: Hmm. It's hard to tell because we can Google and see that there are all kinds of scams. Or you may have heard or read about someone who booked an Airbnb or some other accommodations and arrived there to find out someone else was already occupying it and it was a fake website. So, it really does happen and we do need to be careful. One way we can identify a real website is by checking the URL to make sure you are where you expect to be. I know that sometimes it's convenient to just put in Google, Airbnb or some other site. And the challenge of that is that you can get results that end up at the top, that are a website that looks very close to Airbnb or some other travel website. That's not exactly it. That could be a fake website. So, it's always best for us to type in our desired URL destination as opposed to googling it to ensure we're going to the right site. And once you get there, you just need to check carefully because even fake websites, they'll look so close to the real ones, it will be very, very similar. So that's why it's always best to double, and triple check and make sure it's the right place or perhaps use the app. The app that you know is the real app and do it that way.
James Tucciarone: That's really great advice. And it applies outside of travel too. We should always be checking our URLs when we're on websites to make sure that we are where we expect to be. A couple of other tips I'll mention is to ignore deals that seem too good to be true, because they probably are. And as you mentioned, sticking to official channels is also really fantastic. You know, in addition to official apps and making sure that we're on those official websites when we need to contact our airlines, our hotels, our booking services, you know, we can also reach directly out to them with the phone number. And as with many types of phishing, I'll also say beware of urgent requests. Many times, we might see that a deal is something that we have to react to immediately and before the deal is no longer available. And we know that cybercriminals, want to get us to act quickly, to get us to do something that we normally wouldn't do.
Wendy Battles: Yeah, it's very, very true. I appreciate all those different suggestions that you just shared, James. And I know one way that we could end up on a fake website is that we get an email, so we look on our personal Gmail account, and we have this email about travel specials or something like that. And imagine you're thinking, “Well, I wouldn't do that, but what about your parent or a grandparent?” What if they saw that and they said, “Oh, I'm very money conscious. This seems like a good deal.” And they click on a malicious link or somehow it is enticing them to spend their money. And then they find out that there aren't really any tickets for this trip or this resort that sounded so good. So, there are many different ways that this can happen, and many different ways that cybercriminals can trick us. So, increasing our vigilance and being on the lookout for all these things can make a big difference. James, another question that came up a few times related to our credit and debit cards was about whether or not bad actors can really scan our cards while they're sitting in our pockets. We didn't talk about that in our discussion, so let's hear a little bit about it in our buzzword of the day.
[music]
James Tucciarone: Here's the buzz on RFID or Radio Frequency Identification. RFID uses a tiny chip, smaller than a grain of rice embedded in an object. This chip called an RFID tag holds information that can be wirelessly scanned by a reader. Think of it like a secret code that unlocks a specific message. And these chips are everywhere. Most of us probably have a credit card that has one. You may have seen a little gold or silver rectangle or a logo that looks like a Wi-Fi symbol turned on its side. These indicate an RFID tag, allowing a scanner to identify you and zip you through checkout. You might also find them in your debit card, passport, and other everyday objects. They can even be used for tracking inventory in stores, managing access control in buildings, and monitoring shipments.
RFID makes life smoother, but as with most technology, also introduces cybersecurity risks. Here’s the catch with a powerful enough scanner, a bad actor could potentially read information available from RFID within a distance of about a foot. This is called RFID scanning. Imagine a person walking down the street with a hidden device, skimming credit card details from unsuspecting people’s wallets. It’s like a pickpocket for the digital age. The stolen information could be used for fraudulent purchases or even identity theft. Now, this doesn’t mean we have to ditch RFID altogether. The key here is knowledge. By understanding how RFID works, we can take steps to secure our information. Here are a few tips to help stay cyber-safe. Block the signal by investing in an RFID-blocking wallet or phone case. These use materials that block the radio waves that could otherwise access your chip. Carry only the cards you need. Consider leaving less frequently used cards at home to reduce the number of chips a potential scanner could target. Be mindful of your surroundings, especially in crowded areas. If you suspect someone might be using an RFID scanner, move away and consider contacting the appropriate authorities. And keep listening to the Bee Cyber Fit podcast, where we help you to be aware, to be prepared, and to be cyber fit.
Wendy Battles: James this was such a fun episode. I loved it. I loved it. It was a little more informal that we got these questions, that we answered with information that we hope will be helpful to everyone who's listening, and we wanted to wrap this episode up with three simple takeaways and then three calls to action. Number 1, be wary when using public Wi-Fi and use VPN for extra protection. 2, begin with the end in mind to avoid rushing. Be mindful when considering the devices and data that you need to bring with you and only take what you need. And have a plan for where you’ll store your devices when they’re not in use. And 3, click with caution when you're purchasing travel online as you're planning your trip. We can never be too careful. But James, that's not it. We've got three calls to action too.
Number 1, we have a really fun, self-paced trivia game about travel so you can test out your knowledge about secure travel. We also have our secure travel webpage, and we are pointing to that in the show notes. Finally, we recently wrote an article about secure travel in our recent Bee Cyber Fit newsletter, and we encourage you to take a read of that. Three simple actions you can take to build your cyber know-how when it comes to safe and secure travel this summer.
[music]
James Tucciarone: Well, that's all we have for today. So until next time, I'm here with Wendy Battles. and I'm James Tucciarone. We'd like to thank everybody who helps make this podcast possible. And we'd also like to thank Yale University where the podcast is produced and recorded.
Wendy Battles: Thank you all so much for listening. We truly appreciate it. And remember, it only takes simple steps to be cyber fit.
[Transcript provided by SpeechDocs Podcast Transcription]
