“I think that it's reasonable to say that every company regardless of size has some level of risk, and that's the fundamental of the world,” says John Padgett, Chief Experience and Innovation Officer at Carnival Corporation, one of the world’s largest travel operators. “You align with the brands that you trust to do the right thing, and that means to protect you at the highest level possible.”

But individuals also bear some responsibility for their own data security. Nearly two-thirds of Americans have been victimized by data theft of some kind, according to a Pew Research Center report on cybersecurity released last year. And while the proliferation of encrypted networks and websites using HTTPS have made the internet safer in general, cybersecurity experts say there’s no such thing as being too careful. Some of the most basic measures can be the most effective in keeping your devices secure, and they’re so easy to set up that you really don’t have any excuse.

“I like to analogize it to using the shower at the gym. It's probably hygienic, but not always,” says Jake Williams, a former hacker at the National Security Agency for the Department of Defense and the founder and president of the cybersecurity firm Rendition Infosec. “Think of it [data protection] as wearing some shower shoes or flip flops.”
Here are six ways you’re putting your data at risk, and what to do instead.

You’re traveling with your everyday credit cards.

Consider a separate credit card that you use exclusively for travel, suggests Max Eddy, who writes about cybersecurity for PC Magazine. “It makes it easier to keep an eye on the transactions, since you’re presumably only going to use it a few times a year.”
Eddy also recommends letting your bank and credit card companies know that you’re going out of town so they can monitor your accounts during this time. “They’ll give you an extra layer of scrutiny for all of your transactions,” he says. Many banks will even send you a text alert every time your card is processed somewhere, so you can keep track in real time and know immediately if something is amiss.

You’re not using your device’s built-in safeguards.

In the Pew Research Center study, more than a quarter of smartphone owners reported not using a screen lock. Nearly seven in ten respondents weren’t worried about how secure their online passwords are, even though 39 percent said that they use the same passwords for many of their online accounts.

Not bothering with the easy stuff is a headscratcher for cybersecurity experts. “It's really important that people make sure that they're locking their phone, so use a biometric lock, use a PIN—whatever, but do something,” says Eddy.

Bryan Montany, a research analyst in security technologies at IHS Markit, says travelers shouldn't let their passwords get stale. “You should also change your passwords immediately before and immediately after a trip, so that you're basically just using a different password for the duration of a time when you are not at home,” he says.

You haven’t made sure your devices are encrypted.

Most newer smartphones and tablets are encrypted, which means data is an unreadable jumble unless you unlock the device with a password or biometric key. “The iPhone is encrypted by default, and Android is moving in this direction, too,” says Navin Manglani, Professor of Information Systems at the NYU Stern School of Business.

Laptops often come with a built-in encryption tool that the user can very easily set up. “For example, Macbooks come with FileVault, which users can turn on to encrypt the disk on their computer. It is very easy to do,” says Manglani. If you have a laptop that runs on Windows 10, it may include a built-in encryption tool called BitLocker, or you can use a free encryption utility called VeraCrypt.

You’re too lax about connecting to public Wi-Fi.

More than half of respondents in the Pew Research Center study said they connect to potentially unsecure public Wi-Fi networks, and one in five admitted to performing sensitive activities like shopping or online banking on these networks.

“If you see a free Wi-Fi network, just keep in mind who might be on it. If you're at an airport using free Wi-Fi, there are going to be a lot of people on that network,” says Manglani.

Williams agrees. “Airport Wi-Fi is not known for its reliability,” he says. “When a message pops up asking, ‘Do you want to make your computer discoverable to other computers on the network?,’ you should absolutely click ‘No.’”

Another mistake is leaving your smartphone’s default Wi-Fi setting on “Ask to Join Networks” when you travel. Automatic connections are particularly risky because hackers often set up a “rogue” Wi-Fi network that masquerades as a trusted network. (More on that here.)

“If your phone connects to a Wi-Fi hotspot, maybe it's one that you selected, but it’s just as likely that your phone connected automatically to a hotspot that it thinks it recognizes,” says Eddy. Cybersecurity researchers have repeatedly proven how easy it is to set up rogue networks at an airport or at a Starbucks. “They'll set up a fake Wi-Fi network with a name that is similar to an existing Wi-Fi network, and they'll get tens of thousands of people's phones connecting automatically,” says Eddy.

As an alternative to using free public Wi-Fi, you can create a personal hotspot with your smartphone. Just go to the settings menu on your iPhone or Android smartphone and look for “personal hotspot” or “mobile hotspot.” “You're really creating a personal Wi-Fi network and, unless someone's able to get your password, you're the only one on the network. It’s a lot more secure than joining free airport Wi-Fi,” says Manglani. (Note: Connection speeds can be capped on personal hotspots, and not all plans have unlimited data, as outlined in this USA Today report.)

But an even safer practice is to install a VPN, or Virtual Private Network, on your device that you can activate whenever you log on to the app.“While HTTPS secures your information when you're communicating directly with a web site, a VPN actually secures your information while it's traveling to that website,” says Eddy. “Essentially, it creates an encrypted tunnel between your computer or your phone and a VPN server.”

PC Magazine’s review of the best VPN services of 2018 found that a reputable VPN costs about $10 per person per month, on average, “and you can usually pay a lot less if you're going for longer-term subscription,” says Eddy. “Most VPN services will provide up to five simultaneous connections or devices on one plan, so one plan will usually cover most of the devices that you're going to have.”

You’re using Bluetooth to connect your phone to your rental car

When you connect your phone to a rental car's entertainment system via Bluetooth, your phone's information remains stored even after you return your car. The simplest prevention is to make the connection with an auxiliary cord instead of via Bluetooth.

If not, says Manglani, you'll need to go into the car’s settings before you return it, and delete your information. If you can’t find the vehicle’s manual in the glove box, a free app called Privacy4Cars can walk you through the steps to wipe your information from the car's digital memory.

You’re needlessly exposing your credit card information.

While it can sometimes seem that the digital age has made us less secure, some new technologies are making our personal information notably safer—but only if we embrace them.

For instance, using a credit card—especially one with fraud protection—is safer than using a debit card. But contrary to popular belief, the safest payment method of all is a digital wallet such as Apple Pay, Android Pay, or Samsung Pay.

“There can be a perception that mobile credentials are not trustworthy because it's not physical, it's not tangible, it's not something that we can hold in our hands like we can hold a credit card in our hands,” says Montany. "But the opposite is true.”

“Apple Pay is end-to-end encrypted, so it's much more secure than paying with your credit card,” adds Williams. That’s because your card information is never collected by the merchant. Instead, the digital system “tokenizes” your account information so that it is represented by a random transaction code. Even if the transaction is compromised somehow, your actual credit card information remains safe because it is never exposed.

Tokenization is also what keeps your personal data safe when you use, say, Princess Cruises’ new Ocean Medallion, a wearable device designed to customize the cruise experience for each individual passenger. The medallion can unlock your stateroom door and even give the bartender a heads-up on your favorite cocktail, “but the Ocean Medallion itself has zero personalized personal information on it,” says Padgett. “Within our platform, the guest information is anonymized and encrypted, and financial information is tokenized.”

That means travelers have it backward when they assume they are safest carrying a credit card. “The new technology actually decreases your exposure substantially because you're not presenting all your information to the world,” he says.