Internet Security for Digital Nomads was originally published on www.xscapers.com
Welcome to my world, where bits and bytes fly through the air across the wire and (if I have done my job right) slam right into a firewall and “get injected, inspected, detected, [dis]infected,
neglected and selected” before being passed into your laptop, phone, or tablet. We are going to chat about the basics of Internet Security while you are on the road and how you can make sure to protect all your technological doodads.
Patch It!
The first thing, and I can’t stress this one enough, is PATCH YOUR SYSTEMS! Like RIGHT NOW!
This means:
- Turn on automatic patching on Windows
- Turn on “Automatically keep my Mac up to date” for your Mac
- Turn on automatic updates for your phones
- Update your apps on your phones
- And, if you are on a Google device that wasn’t built by Google and is more than 3 years old, it’s probably time to get a new one. (yes, I am Mac/Apple user and yes, I think they are more secure for the general user)
While I know many of you will be using some sort of cellular upstream connection (Wi-Fi puck, Wi-Fi tethering to a phone, cell card in a device in your rig, whatever) and I know those gigabytes are critical to survive, you still need to make sure your machines get their patches. You can set both Windows and Mac laptops to download the updates at certain times, maybe off hours in the middle of the night, when the bandwidth usage on the cell tower is low or possibly hold off until you are near somewhere with a good broadband Internet connection (like a coffee shop or library). Either way, I want you to promise me that you won’t go more than 14 days after the patches have been released to install them.
The patches that are being released will always include some security update for an application running on your machine. These security updates are being released because someone found a flaw and either has released it into the wild before the patch was released, at which point hackers are trying to use it to figure out how to exploit it and get onto your machine before the vendor releases the patch, or the security flaw is released concurrent to patch at which point you have some time (usually hours or days) before the hackers have a working exploit. This is why you have to install your dates quickly!
I would like to make a quick point about the Android operating system and how it gets patches and the economics of the “cheap” Android phone. If you have a Brand X Android phone sold by Verizon to get updates, this is what has to happen:
First Google releases a patch. They do this really well and often.
Then Verizon has to review the patch and make sure it works on your BrandX phone. In doing this, Verizon has to do a cost analysis of calls per hour into their call center from any potential failures from this patch, plus the cost of them doing testing to see if this patch works on a few thousand different variations of software and hardware, plus the cost of the infrastructure to keep patch servers up and running 24×7 versus the satisfaction they get from making sure you could be a bit more secure.
Yeah, they aren’t going to decide to help you very often. In the off chance they DO, its likely weeks or months behind and comes with some additional Verizon “features” to help sell you some more stuff.
On the other hand if you bought a phone from Google (ie if you have a Pixel device), then all you have to do is press update and your phone reaches out to Google Data Centers and downloads the patches for the hardware and software that they built from servers they are already using to send you search results and give you free email. Google takes this into consideration when selling you one of their phones (as does Apple) which is why they are about $800. They need to get enough cash out of you to make sure they can keep supporting your phone for 2-5 years.
Password Protect It!
Second thing I want you to do is promise me (and don’t lie because I will know) that you won’t use the same password on all the websites you use. As soon as one website gets hacked, the hackers then use any passwords they found and try about 5000 other websites they have in a list using the same username and password to see what else they can get into. They have scripts that do this for them, it takes them seconds to put a single username and password into all those sites and see if they get in anywhere else.
I know remembering passwords is hard. I use a password manager App called 1Password. In my opinion, it’s the best, but it costs money each month. You can also use LastPass. This one is free and they have a great security track record for fixing any issues that are uncovered.
Basically, humans are really bad at coming up with random passwords. Thankfully, machines are REALLY REALLY good at it. Use a password manager and you only have to remember a single password (and it better not be password123 or even “ifyourRVsarockinImstillcomingknockin”) then the password manager will generate random passwords for you and use those password to auto-log you in to every different website you visit. I have hundreds of passwords in my password vault and use a long passphrase that’s easy for me to remember. I don’t know any of my passwords because most of them are 26 character randomly generated strings of gibberish. When setting up your password vault password use something easy to remember but hard to guess like “I like Kyle because he has a pink bus” or “RVing is awesome because it allows me to meet people like Kyle” or a sentence from your favorite song “big lizard in my backyard cant afford to feed him any more” (Dead Milkmen, 1985). It doesn’t have to have caps or letters or numbers (better if it does, but it’s harder to type) it just needs to be long.
Third thing please also put passwords/passcodes on your devices just to make it harder for someone to login who might be in your rig for a few minutes. You don’t want your neighbor seeing those pics of you and the Mrs from your birthday last year, do you?
Lock It Down!
If you have a Windows PC and have it all patched and password protected, give yourself a little pat on the back. Good job! You have now become part of a small elite group whose machines will be a little tougher to exploit.
Sadly, however, the Windows operating system is the most attacked system on the market due to market share, age of the code bases, and complexity. You are also going to have to turn on some antivirus and enable the Windows firewall. The FREE windows defender Antivirus is great don’t buy anything else and if you already did then please uninstall that garbage and install Defender instead. Turn on Defender and allow it to get its updates and run a full scan of your file system. If you want I will happily wax poetic over a roaring camp fire and some whiskey about the pros and cons of third party antivirus but the reality is that ONLY Windows Defender gets access to the ooey gooey guts of the operating systems in a safe way. Every other solution is jamming its grubby little hands deep into the operating system to see what’s going on. Often, it gets it wrong and lets in attackers instead of keeping them out. As for the Windows firewall, it’s pretty great, too. Enable it and set your rig wifi to be “home” and anytime you join a new network, set it as a public network so that people at the coffee shop can’t make unauthorized incoming connections.
If you have a Mac machine then you are a bit safer here, there are no real viruses so no real need for anti-virus solutions, but I do run my Mac with the firewall turned on to keep the unauthorized applications from accepting incoming connection.
As far as other operating systems (Apple iOS, ChromeOs, Android, etc) go, just make sure your OS and applications are updated and you will be fine. There is no need to add antivirus or antimalware to your phone.
Finally, please make sure that your email client is setup to use and encrypted protocol (HTTPS, POPs, IMAPs, SMTPs). If you are using mainstream free email setups like Gmail or Yahoo with your browser, you are fine keep doing that. If you have it setup in your Outlook or Mac Mail, go into settings and make sure your that the client is configured to use SSL/TLS for the incoming and outgoing servers. If you don’t have this turned on, your email client is sending your username and password in the clear across the Internet every time you check your email or send an email. So, change it, then go change your email password.
Choose Your Networks Wisely!
Finally, take a moment to understand what network your device is connecting to and try to make an assessment as whether it is safe. In my bus, I have a WifiRanger (running on 12v power) that acts as my Wi-Fi when I am near the bus. I can connect it to my Wi-Fi hotspot for internet connectivity or use some other Wi-Fi network (like at an RV park).
I have my 2 AppleTV’s, my Network Attached Storage Array (for movies, music, and backup), my Victron gear, my phone and my iPad all connecting to the “Bussy McBussface” name on the Wi-Fi Ranger. When I got to a park or if I was moochdocking with a friend I would login to the Wi-Fi Ranger and have it reach out to my friend’s, or the park’s, Wi-Fi. That way everything in the bus was safe behind the WifiRanger and I didn’t have to change all my gear around every time the Wi-Fi name and password changed. When I was on the road, I definitely found myself connecting to some sketchy networks just to be able to get my email or stream something, but I would not have done so without the WifiRanger acting as a firewall for the bus.
Now, some of you know me know that my big pink bus does not stealth camp, at all. There were times that I would go into town to get fast Wi-Fi. In those cases, I was usually picky about where I was getting Wi-Fi, trying to stick to establishments where you had to ask for the password and it wasn’t just a signal that said “Free Wi-Fi.” I consider the “Free Wi-Fi” signal to be akin to a white windowless van with the hand painted cardboard sign that says “free candy.” Don’t do it, go to a Starbucks or the local Library or McDonalds.
That’s it! Really… There’s a lot more to do in my consulting practice but honestly if everyone, including every firm I have worked and consulted for in the last 25 years, followed these rules we would likely have a much safer Internet. If you want to chat in detail feel free to reach out, hit me up on Facebook or over email and hopefully I can help you out!
Authors
Kyle Starkey
Kyle has been in Internet Security for more than 25 years professionally and spent his youth hacking phone systems and logging into computers attached to modems before the days of the Internet. He spent a year full time on the road in his Prevost bus, towing his Jeep and seeing the county with his dog Zen. He has since come back to his sticks and bricks in Scottsdale, but continues to be involved with Xscapers Community for convergences and other RV adventures. Kyle also runs an Information Security focused consulting practice called Cyber Nomad Security helping customers to ensure their systems and practices are secure.
