Christel Cao-Delebarre, the global privacy officer in London for Carlson Wagonlit Travel, a travel management company, advises being “very careful about speaking with colleagues and possibly sharing confidential information in public places.” She also urges travelers not to leave confidential documents unattended either in conference or guest rooms at hotels and elsewhere.
When it comes to working online, Mr. Rubin advises using two-factor authentication on all Internet-accessible accounts. He suggests locking and password-protecting your mobile phone and configuring it to automatically lock after a period of inactivity, and using secure passwords, with a different password for each device and account. Password managers like LastPass and Keeper can help you remember and manage these.
As for making purchases online, consider signing up for a credit card to be used only for such transactions. You also can set up a virtual credit card for a one-time purchase whose cost you can limit. Some of these can also be used to pay for recurring charges; those amounts can also be limited. Virtual credit cards are issued by companies such as Bank of America, Citi, Capital One, American Express and Privacy.com. According to Mr. Rubin, if the virtual credit card is compromised, it should have no impact on your physical card.
Another payment option, possibly more secure than credit cards, is PayPal, said Robert Austin, president of KoreLogic, a cybersecurity company.
BCD Travel, another travel management company, advises against posting pictures online of your itineraries, tickets or boarding passes. It also urges travelers to never leave their boarding passes and tickets on an airplane or in a hotel room, and to shred these once you’ve used them, all steps to keep cyberthieves from obtaining your travel details. Another protective measure is to use digital boarding passes issued by the airline, and apps like BCD’s TripSource, TripLingo, Apple Wallet and Google Pay. This information will be protected by the security code on your mobile phone even if the phone is lost or stolen.
John Reed Stark, former chief of the S.E.C.’s Office of Internet Enforcement and author of “The Cybersecurity Due Diligence Handbook,” advises setting up your credit card account to automatically notify you of all transactions via email or its app, which he said will make you aware of every transaction as it occurs. He also suggests setting up a separate email account for these alerts, so you can easily track them and not clog up other accounts.
To further track any suspicious activity, he advises subscribing to a credit and identity monitoring company — such as Experian, TransUnion or Equifax — that can provide alerts relating to your credit rating, credit cards and banking.