A Pineapple Walks into a Coffee Shop: Cyber Protection on the Road

Vacations are a time to kick back and forget about the worries of everyday life. But that doesn’t mean you should forget about what cybersecurity risks you’re exposed to. In fact, traveling can present unique cybersecurity risks. Whether you’re at the beach or even just at your local coffee shop, carrying sensitive information on the go can open you up to additional vulnerabilities.  

Here are some tips to keep in mind when traveling

Backup data and update your software before you go

Packing shouldn’t be the only thing you do when preparing to travel. Before you go, be sure to back up your data and update the software on your devices.  

There is a lot to keep track of when you travel, and sometimes things get lost. Creating a backup of important information will ensure you can recover anything important on that iPad you left in the seat pocket of the airplane.  

Checking for any software updates on your devices is also essential. Keeping your systems and apps up to date will ensure you have latest security patches and help defend against malware attacks.  

Be careful about using public wi-fi

Whether at the airport, hotel, or coffee shop, public Wi-Fi might not be as secure as your connection at home or in the office.  These can be good spots for hackers with “pineapples” — wifi devices which intercept traffic and can perform “man-in-the-middle” attacks where you connect to the pineapple thinking you are connecting to the public wifi and the pineapple logs all your traffic (keystrokes, websites visited, login info, etc).

If you have to use vulnerable connection, avoid accessing sensitive accounts or anything containing personal information. Only use sites that begin with “https://” when online shopping or banking. Using your mobile network connection is generally more secure than using a public wireless network. However, your best bet for any public Wi-Fi is to use a Virtual Private Network (VPN). VPN’s will hide your IP address and reroute your connection through a private server.  

Disable auto-connect

Often, your devices will automatically scan and connect to available networks or other devices. This could lead you to unintentionally connect to an unsecure network, which bad guys with pineapples can use to gain access to your devicesMake sure to turn this feature off on all devices and always double check that you’re only connected to devices and networks you trust. 

Don’t use public computers

Using public computers at a hotel work center or an internet café can pose some serious risks. You can’t be sure the computers are up to date and have proper security software installedThere have been a number of cases where public computers contain malware that logs your keystrokes. This can be used to steal passwords, card numbers, and any other sensitive data you might enter into the computer.  

Lock and guard devices

We often think about information getting stolen by someone who remotely hacks into our device. But it’s also possible for this to happen if someone steals the device itself. Along with keeping a close eye on your belongings, make sure you use password protection, fingerprint authentication, or other types locks for all your devices. This will help prevent someone from accessing sensitive information in the event your device gets stolen.  

Scan for malware when you get home

Even if you follow all these tips, you can’t always be 100% certain that you weren’t exposed to some sort of attack. After you get home, use an anti-virus software to run a full scan of your device to ensure there isn’t anything fishy lurking anywhere.  


Is MFA necessary or just a PIA?

Are the days of simply keying in a login name and password coming to an end?  Perhaps not, but increasingly, cybersecurity standards and certain regulations are requiring that you need to have more than a password to log in to areas that contain sensitive data or critical processes.  MFA or “Multi-Factor Authorization” is a log-in process that provides the ability to do just that.  In fact, you may already be using it when you are asked to key in a code that is texted to your cell phone in order to log on to your credit card account as an example.

In essence, MFA requires a minimum of two authentication protocols:   (1) something you know (e.g., password); (2) something you have (e.g., a  a mobile app on a smart-phone that generates a one-time password or code; and (3) something you are (e.g., a biometric like a fingerprint or retinal scan.

The US Department of Defense requires MFA for its contractors and any service which adheres to NIST 800-171 of NIST 800-63-3 will have similar MFA requirements.  In addition, the New York Department of Financial Services has issued Cybersecurity Regulations which include the requirement that MFA must be used when accessing internal networks from an external network, unless the CISO (Chief Information Security Officer) has provided written approval to use reasonably equivalent, or more secure, access controls. It is not difficult to imagine that MFA will be a staple part of future regulations.

MFA does require an extra step, and most of us are used to technology decreasing the time it take to get things done.  However, it greatly reduces the ability of a bad guy to leverage your login account name and password to get in to your system.  And that is a good thing.

Even if you are not currently required to use MFA,  Consider adding MFA to any site may have key data you would want to protect, like client information, employee information, your bank accounts, credit cards, insurance, social media, email and even travel sites (that may be storing your passport info).  Most of these sites will provide MFA.  If not, they are certainly working on it.

MFA might be a PIA, but it’s also good CYA, as in “Cover Your Assets”!



Technology has radically altered our lives, democratized abilities and possibilities and has subsumed itself in virtually everything we do.

But perhaps we should not confuse technology with the possibility of more freedom or increased liberty. In fact, technology might more often get in the way.

I think Independence can be best felt walking in the meadow or along a stream on a sunny morning, measuring my breath against the songs of the insects and the birds.

And I see Liberty in the smiles of family, friends and neighbors when we get together and do nothing but enjoy each other’s company.

In other words, on this Independence Day, what a great time to set down our phones and laptops and desktops and relive freedom, relive independence, relive what it means to be human.

Happy Fourth of July!