Speaker 1: 0:04

great. So, uh, welcome to the audit. My name is joshua schmidt, your co-host and producer today. We are joined by the usual cast, eric brown and nick mellum, and we also have a guest, matthew wold, here today. And, uh, math, you work for ramsey county, correct? That is correct. I also heard you were an ethical hacker. What's that?

Speaker 2: 0:22

oh, well, I it depends on the day, I suppose. But you know, just doing a little internal pen testing, a little bit of you know trying to see what we can break in our own environment, seeing what's kind of out there, I guess that's ethical.

Speaker 1: 0:42

Yeah yeah, I guess that's ethical, yeah, yeah. Well, we wanted to rehash kind of an older topic, but it hadn't been spoken about since April 13, I think of 2023. We did a cyber safe travel episode with you before I even joined the show, but we wanted to update that today for our new listeners and maybe kind of shed some light on some updates that have happened in that world. I know Eric had some insights there and kind of refreshed the topic. So thanks for joining us today, matt, can you give us just a little bit of a background about how you got into cybersecurity and how you started working with Nick and Eric?

Speaker 2: 1:18

Yeah. So I got into cybersecurity officially about five or six years ago. I was working for Ramsey County. I saw what the cybersecurity folks were doing, got a little bit of background about it, realized that I've been kind of, you know, doing some cyber stuff for a really long time but didn't really know that it was cyber and was just absolutely fascinated by it and went back to school and got a degree and joined the cyber team at Ramsey and that's when I met Eric and soon thereafter Nick, and yeah, we've been working together a lot ever since. Can I share a fun fact?

Speaker 1: 2:00

about Matt, please do. I got a fun fact about Matt actually I learned today, but go ahead, Eric. Well, I have actually two fun facts about Matt, Please do. I got a fun fact about Matt. Actually I learned today, but go ahead, Eric.

Speaker 4: 2:06

I have actually two fun facts about Matt. The first is he is on the team. I think he's undefeated in the game of Coup, I believe. Oh yeah, that's fun. Is that a good thing or a bad thing? It's a good thing because he's a great social engineer. And the second thing is matt. Almost two years ago to the day, back on december 12th 2022, the podcast episode of unquoted service paths was published, and matt did that one with us those.

Speaker 2: 2:44

Those are both true stories, so how?

Speaker 1: 2:47

come he hasn't been to game night, Eric.

Speaker 4: 2:49

He has. I just think it was maybe times that you weren't there.

Speaker 3: 2:53

It's because he doesn't want to lose his undefeated streak in Coup I missed it last Wednesday at a gig, but yeah, that's cool to know.

Speaker 1: 3:01

So I usually do an icebreaker question, matt Not that we need it, but it's always a fun little discussion to kick us off. And today's icebreaker question is if you had three items to bring to a desert island or deserted island, I should say no cell phones what would you bring?

Speaker 2: 3:18

Well, first off, I'm bringing my new hatchet, that's for sure, zs.

Speaker 1: 3:25

I was going to say my thing I learned about matt was, he's got a hatchet collection.

Speaker 2: 3:27

I mean, what do you do? You gotta have something. Uh, let's see what else would I bring um. You said no cell phone, right? No cell phone oh cool, well, I would bring uh, at least one of my radios. Okay, you know, I think that's a loophole. Did I find a loophole here?

Speaker 1: 3:45

no, I think that's good yeah that's fair.

Speaker 2: 3:47

You know, probably some sort of fire starter gotta gotta stay warm the radio is very brilliant I would assume nick has thought about this more than any of us.

Speaker 3: 3:55

Maybe going through, find a loophole myself, um, because he said no, no phone. So I was gonna say I'll take an ipad and a starlink hey, now you're taking mine.

Speaker 3: 4:07

So, I'm going to pack up the Starlink, an iPad and probably a bone arrow. But if I'm playing by the rules, you know I'd probably take a camera because you know I want to document the event. Right, somebody's going to want to see the shenanigans or whatever. I don't know if I think I care about a fire starter because I think I can get it done with, like the blow drill or whatever thing, pretty confident in those skills, so I'd probably take a bow knife. I don't need water because I can start a fire.

Speaker 1: 4:32

You can only have three things, Nick. I already said, I said two.

Speaker 3: 4:35

I'm only on. I'm on the third Starlink. Yeah, I'll take the iPad and Starlink then.

Speaker 1: 4:39

There you go. Okay, so you're. You're trying to get off the deserted island. Maybe anybody's goal? You're not preparing for this. I don't know we haven't heard from Eric yet. Maybe Eric wants to hunker down and just take a little break.

Speaker 4: 4:53

Eric doesn't even like to camp. I was going to take the Starlink solar panel to recharge and a laptop to recharge. Um and uh and a laptop, but um, in all seriousness, I think I'd have to take um a set of um clothing a-up between something to start a fire or something to provide shelter.

Speaker 1: 5:33

but I think you could make something yeah, it's a tough one if I was preparing for this day. You know I've done some time in the boundary waters and these uh filter straws are really useful.

Speaker 3: 5:43

I don't know how long they last.

Speaker 1: 5:46

Yeah, I'd probably bring a light straw and then probably some fire starting equipment, whether it's a flint or something that will last a long time, and then most likely a knife, trying to be utilitarian here. You know, don't want to end up like Tom Hanks and be talking to a volleyball for a couple of years, so you probably want to have something to start a fire, to maybe send some smoke signals or whatnot. So, but you know, we wanted to kind of talk about maybe some of the developments in the last couple of years. I know, eric, you had just called out that now they are syncing up air tags to Delta, correct? So if you're traveling with your luggage, you can throw your air tag in your luggage and then that's going to somehow connect up with the Delta experience.

Speaker 4: 6:30

Delta, united Virgin, maybe British Airways and a couple of others. Essentially, the sharing of location information is able to be shared with their applications where before you could you know, they could say your luggage was lost and you're like, no, it's right here, you know, and they didn't have any way of verifying that. But if, through Apple, you're able to share that location data with their luggage tracking system, then it can help the end user recover luggage faster.

Speaker 1: 7:10

Great. Has anybody tried that yet?

Speaker 4: 7:13

I throw an AirTag into everything when I travel.

Speaker 3: 7:16

I do the same AirTag and all my stuff, but I've never synced it up with the actual airlines before. That's new, though right it's coming out in 25,?

Speaker 4: 7:24

yes, it may be available in beta. I'm not sure actual airlines before that. That's new, though right, it's coming out in 25. Yes, it might be available in beta I?

Speaker 2: 7:26

I'm not sure do you need to do anything to sync it or does it just automatically?

Speaker 4: 7:31

you know, read the air tag, the nfc chip, and I'm not 100 clear, but I think you need to sync it up to give permissions to their application to to be able to just hijack your yeah, you wouldn't want them to unlawfully follow you or track you or whatever. I think the? U, the USPS, needs to have something like this right Cause I don't know how many packages I've had lost really the years.

Speaker 1: 7:57

So, when you're kind of assessing your travel plans and their situation, what kind of things are you thinking about? What kind of common security threats may you, you know, be prepared for when taken off?

Speaker 2: 8:07

Yeah, that's a really good question. You know I kind of have a kind of a go to that. I always kind of fall back on and bring with me. So you know I don't rely on hotel internet at all. So you know I have a mobile hotspot like a puck device that you know I bring with so that way we can all use that. You know I have a mobile hotspot like a puck device that you know I bring with so that way we can all use that. You know I don't really let let my family like charge devices in the hotel room. So we have power packs. You know that we'll that we'll use. And you know those are great too, cause you can you know if you're going someplace for the day you can throw them in a pocket or something as well.

Speaker 3: 8:43

So you know it's just some some basic stuff like that we were talking about the air tags, but for, like, if you're going to the airport, is there any precautions you take? Besides that, you know the air tag that we said, like an RFID wallet or you know, are you using anything else?

Speaker 2: 8:58

Yeah, you know, I've talked to some people who have RFID wallets. They work great. I don't personally have one, but I bought those cards that you can put into a wallet to create an RFID shield and I got those off of Amazon for, like, I think, $10 for a pack of four or something and I've tested them. They seem to work great.

Speaker 1: 9:21

Are you testing those with the Flipper Zero or some kind of a gadget?

Speaker 2: 9:25

Well, I haven't tested it with the flipper zero, but I know somebody who has, um, yeah, and so you know he. He tested and said it works great. Um, I've tested it with just some NFC readers and it's, it's worked great.

Speaker 4: 9:39

So you said you don't charge your devices in the hotel room. You bring the the battery pack, so you're charging the battery pack in the hotel room. You bring the battery pack, so you're charging the battery pack in the hotel room and then charging devices from the battery packs.

Speaker 2: 9:50

Yeah, exactly, it is because you never know what you're plugging into, right, like you plug your phone into some USB connector and I mean who knows what's on the other side of that or what it's doing. I think one of the things I was going to mention here is there's like the OMG cables and they're like a hundred dollars, but those things are so, so crazy that they have like wifi and like a tiny little computer built right into the cable. If you borrow a USB cable from somebody, you have no idea if that's what you're getting. And you know you plug your phone in and you think that everything's charging, but really it's.

Speaker 3: 10:26

you know wirelessly sending all of your data off to, you know to an attacker, and you know now they've got all your pictures and you know God only knows what happens then I do remember when I drove back to Minneapolis I think it was February, I'd make the drive quite often and one of the hotels I stayed in they had a. It was like a lamp and a power bank like or there was an outlet on there or whatever. And uh, they had a, uh, an ethernet port you could plug into on there, but it had the ethernet port coming out of it you could plug into. I think I sent eric and a couple other people the picture, just like you know.

Speaker 3: 10:58

Nice, try, holiday in or whatever, but it it is what you're saying, matt. It makes a lot of sense because a lot of people would just mindlessly plug into that and you have no idea what's on the other side of it. Yeah, and it's just like you know. I don't want to say a lack of education, but people just don't know better, right, so it's really no fault of their own in a lot of cases, but I guess that's why we're here having the conversation.

Speaker 2: 11:19

Right. I mean you think about it and you have a family, right, and you go on vacation and people want to charge their Apple Watch, they want to charge their phone, they want to charge their iPad. I mean there's like 6 billion things that you want to charge. You're not going to carry. You know connectors for all of this stuff, so it's you know. You walk in and you see all these USB ports and you think, oh, this is perfect. Like I can just plug everything in here.

Speaker 4: 11:44

Well, is it okay to plug? Say you know you have a charger. That is like a charging brick, right, like you know? Let's say it's an iPhone or an Android phone, the USB cable plugs into it, it plugs into the wall. Are those?

Speaker 2: 12:01

okay, is it yours. Did you bring it from home? I did, then I would say, yeah, it's, it's fine, you know, if you borrow it from somebody that you don't know, I, I mean, I'd steer clear.

Speaker 3: 12:13

So you're saying plugging into an outlet is fine, but if you're getting somebody's USB cable or something else it's right, yeah, I mean.

Speaker 2: 12:21

I mean, have you seen even on Amazon where they have those? You know the USB or you know the plug in and it's got like a tiny little camera on there and now you know you borrow that from somebody or from, like, the person at the front desk. I'm not saying everybody at the front desk is shady, but you know you plug that in and all of a sudden, you know there's a night crew.

Speaker 2: 12:43

You never know what you're going to get. Now you got a Wi-Fi camera staring right at the bed. You know, I'm just saying like.

Speaker 3: 12:53

Outside of the cyber realm. Is there anything else that you must take to fill out your kit that would go along with the cyber world?

Speaker 2: 13:01

They make things that you know that you can put into a suitcase where you can put it up against the door to just reinforce that door. And if we want to go down in a side tangent here about RFC and and doors, you know we were at wild west hack and fast and they had. They had the door with the NFC. You know reader and um cam was able to clone that thing in like five minutes and and get into his hotel room.

Speaker 1: 13:30

Where are you guys going on vacation?

Speaker 3: 13:33

Well, I, yeah, I think a lot of it too is. And what I'm thinking about with all the cyber stuff is is the physical security portion right? I think as security professionals, we think about that just as much. Uh, the physical security portion. So, you know, the weaponry, leave that at home. You know we're not advocating people try to get through security with any sort of devices like that. But the items that Matt's talking about to keep the doors stopped to, you know, stop somebody from reversing the peephole. You know things like that would be, you know, wise to look into.

Speaker 4: 14:04

You know there's and also the government restrictions of the country you're going to. I was on a trip to Mexico a while back and I'm the guy at the airport that needs, you know, like six, eight bins because I'm taking a bunch of laptops, ipad, you know just the whole thing. I'm all spread out. You want to be comfy, you need it right In Mexico you can't have I think it's more than two laptops. If I'm recalling, I think I went in with three. They didn't say anything, but I think they can fine you or whatever, which I found surprising, but I think they counted an iPad as a laptop. I don't really remember, really remember.

Speaker 4: 14:50

But the point being, check when you're going to go to that country, check what the restrictions are in that country before you show up. And if you're going to a country that's hostile to the US or doesn't allow encryption, then make sure that you're leaving those devices at home, because they could be confiscated. You could get into a lot of legal trouble with that as well. So just be cognizant of that. And then you can always check the State Department website and Matt, sorry if you're going to talk about this, I'm stealing your thunder but the State Department website to see what level country it is that you might be going to.

Speaker 3: 15:31

I would not have thought about the number of computers you could bring into a country, because that would be the same way I'd bring two computers and an ipad.

Speaker 1: 15:39

I would not have thought about that as being an issue or being fined they don't want, they don't want you getting too powerful with your cpu power, I guess, or I don't know, maybe they're afraid you're gonna sell it or something.

Speaker 1: 15:49

I'm not sure okay, okay, that makes sense. Well, that leads into my next question how does traveling to a different country affect you know, your, your security posture? You kind of already started to answer that, but let's say, um, I have to do some work, you know, and I need to bring my laptop and I need to get on teams or you know some other kind of um file sharing service. Um, what kind of precautions would it be taking as a business professional in that scenario? What would you recommend to organizations, or the messaging to an organization when giving advice for people traveling during the holidays or any time of year, really?

Speaker 2: 16:26

Well, I guess I would say, as a security engineer first check with your organization to see if they even allow you to take technology, their technology outside of the US. I mean, that might just be a no-go for them. So check first. Just if you take technology, I think it's your responsibility to be responsible for it and to lock it up and to have it with you. So I think that would be what I would say You're checking with your company.

Speaker 4: 16:59

Some companies have security restrictions about logging in from outside of the country and you may need to go through managerial approval in order to be able to log in remotely and they may have to enable things for the period of time that you're away so you can connect in, you know. Again, just to Matt's point, check that out before you take the company device.

Speaker 1: 17:25

So it sounds like it's pretty specific company to company, depending on their policy and what kind of information you may be at.

Speaker 4: 17:32

And there's also, you know, just kind of going down the rabbit hole of data. There's data sets that you may be entitled to view in the US but you aren't entitled to view when you're outside of the US. So, being cognizant of how identifiable information is treated in different countries that have different data privacy laws, if you're traveling for vacation, usually best to leave the work devices unless you've checked it out and you're approved to take it with you. But just to be cognizant of it. I think we saw a fair amount of instances where during COVID, people were working from other countries because we were working remotely during the pandemic, but some people took that remote to be further away than their house and that led to some interesting scenarios.

Speaker 2: 18:27

Another thing to remember is I think a lot of times people say, oh, I'll bring the technology with and if I don't need it I'll just put it in the hotel room safe, and it'll be safe there. But the reality is that those safes have a universal code that the hotel staff knows to open them up. So that way, if you set it and you forget the password that you put on there, that they can get your stuff back. So you put your stuff in there and you leave for the day and you think that it's safe. But it's really not. And they do make like a secondary, like lock that you can put on there. And that's something that you know you have to bring with you.

Speaker 2: 19:04

But I guess I would say you know, if you're leaving like a cell phone behind and you're going to put it in there, if you have a cell phone where you can take the SIM card out I mean, the SIM card's a lot smaller If you can just pop that out and put it in your pocket, don't lose it, but you know. Then you know what. If you have an eSIM Well, that's a whole different story Then you better stick that phone in your pocket.

Speaker 4: 19:27

What if?

Speaker 3: 19:27

you have a Neuralink chip. I think the best course of action is to, whatever technology you bring, plan on carrying it around so the neural link chip would work then so, eric, you're rocking three, three laptops on on vacation, huh, sometimes four.

Speaker 1: 19:46

So when you are uh trying to get uh, are you using starlink? When you're, you know, trying to work, or do do a little bit of maintenance there, a little housekeeping, are you using public Wi-Fi, using VPNs, to safeguard yourself, or what does that look like?

Speaker 4: 20:03

Usually I'll have a SIM card and hotspot from the country, similar to what Matt was saying, and then always VPN. So depending on the organization that I'm working with, it'll be a different VPN client, but coming back to the US over that VPN connection.

Speaker 3: 20:23

Always VPN.

Speaker 1: 20:24

Always VPN. And then I noticed the recent Apple update had a new password manager. You know it was a little bit more substantial than it used to be. Are there any thoughts around that? Versus using a Bitwarden, because I just recently got switched over? Now they have this new function, I'm going. Should I be paying for Bitwarden or should I migrate back to the native Apple password app?

Speaker 3: 20:47

I don't know Personally, these guys might feel differently. I don't know if one is probably better than the other. I mean, maybe Bitwarden is could be. I use Prot. I don't know if one is probably better than the other, right, I mean, maybe Bitwarden is could be right. I use Proton myself, but I also use the Apple password manager where I migrated them you know.

Speaker 3: 21:00

So they match each other and that's not a convenience, right. But I don't see the Apple password manager, the new application, as a threat, you know, to using that on my personal devices, just because I take other precautions, vpns and whatnot, if I'm going to be using any sort of public Wi Fi, which is very rare, but if it's the only option, if you don't have self service for whatever reason. Yeah, you know, I guess Eric or Walt, do you guys have any thoughts on if it's as secure?

Speaker 4: 21:29

I think it's as secure. It'd be interesting to hear what you think, matt. For me it comes down to how am I getting to the passwords? What if I don't have an Apple device with me and I need my password to get into something online With a Bitwarden? It's available anywhere there's an internet connection, where there's an internet connection.

Speaker 3: 21:53

So I I think I don't know this, but I would imagine there is access via the web if you go to iCloudcom and you'd be able to sign in with your credentials. I don't know that, but I wouldn't know my credentials. You wouldn't know your password to your iTunes or to your Apple ID.

Speaker 4: 22:09

No, because it's probably this long and it's in Bitward.

Speaker 3: 22:12

That's true, that is very true. Same with me. That's great, you got me. What do you?

Speaker 2: 22:17

think, wald, you know my Bitwarden password is quite lengthy and you know. But I tried to do something a little bit different. Where I didn't like take a whole bunch of scrambled letters and stuff, I tried to, you know, just make, like you know, a long passphrase with some numbers and some symbols, just so that way, I mean, even at the end of the day, how long would it take you to string all those words and numbers together, you know, in various locations?

Speaker 4: 22:47

I don't know, I'm looking in my vault right now and I have 689 passwords in the vault, so you know just the idea of remembering one long one like you're talking about, matt. You know a passphrase to get in, awesome. But then those that are in there, some are scrambled numbers and letters, some are passphrases. It just it's hard to even know what they are, because at least my brain can't keep track of all of the different more than like three.

Speaker 2: 23:23

Yeah, and that's what I was saying. Right, my Bitwarden password is something that's at least memorable, that I can remember, but everything else is just a scrambled mess of letters and numbers and symbols. And you know, I think that's the way it should be. But you know, I've been trying to slowly migrate over to sites that allow a ub key, to try to start doing passwordless sign on with with ub key.

Speaker 1: 23:48

So you know yeah, so you're carrying that around on your key chain then, or what does that look like?

Speaker 2: 23:56

Yeah, so I have two. I have one that's plugged into my keyboard and then I have another one that, yeah, that I just carry. You know, I try not to carry it on a key chain, but you know, it just kind of comes around. It's an NFC one, so I can just tap it to my phone.

Speaker 4: 24:12

When we were at defcon a couple of years ago there was a dude that had gotten the nfc chip embedded under his skin and then he could use that to open you know his hotel room or you know other um nfc. You reprogram it to the badge that would open that NFC reader. So he's kind of combining something you have and something you are with that implant. He said it was the size of a grain of rice, but that too you could probably do the same thing with the NFfc version of a password key like a ubp yeah, and if you remember they were, they were, um, doing that, that implant right there.

Speaker 2: 25:06

You had to sign the waiver and I think it was like was it like 200 or something or 100 bucks and they would. And they would inject you right there with it do.

Speaker 1: 25:14

Do any of your cats have chips? Nick Any any chips in the cats?

Speaker 4: 25:18

You got to chip them.

Speaker 3: 25:20

Oh, you got to. Got to chip them, Got to take care of the cats.

Speaker 1: 25:25

You guys had mentioned. Um, you know there's some danger in obviously getting on local networks and and public wifi and things like that. So, matt, someone with a pineapple they're sniffing the traffic. What are they seeing on there and that would kind of grant them any kind of credentials or access to your information.

Speaker 2: 25:45

Yeah, so the really cool thing about it is that you can set up basically like a fake Facebook login. So when somebody is connected to the Pineapple and they go to facebookcom, it redirects them to the fake Facebook login they put in their username and password. They have no idea that it steals those credentials and just sends them over to the real Facebook and it's seamless, right. But in that Pineapple you can build your own pages, so, like if you wanted to build, like a Wells Fargo or whatever you could, you could basically spoof anything and make the user think that that's what they're logging into, and so you know. You can just you can see. You know where they go.

Speaker 2: 26:34

So even if they don't go to, you know a site that you're trying to steal credentials to. You can see where they're going. If they enter data into any site, you can see the data that they enter. I mean there's just a ton of stuff that you can see. And this is again why I mean, even if you were connected to the pineapple and you didn't know it, but you used a VPN on your device, I mean you've just defeated the pineapple, so you know it's. It's really key, do you?

Speaker 3: 27:00

think you know on that topic. Well, do you see any you know in that threat landscape of Bluetooth, what would be a hacker's capability with that? Is there any concern with keeping your Bluetooth on, or would you recommend travelers turn that off if they're not actually using it?

Speaker 2: 27:27

Yeah, I mean, there's always. It's a threat vector, right? I mean it's a way to transmit data, you know. So if you don't need it, if you're not going to be, you know, if you're traveling and you're not going to be using Bluetooth headphones or something else, you know why, leave it on and and leave that door potentially open or vulnerable, just turn it off. I mean, it's so easy to do, just just shut it off and turn it back on when you need it. You know it's probably a good, unless you're using Bluetooth all the time. You know, maybe it's a good, good general rule of thumb anyways. But there's a lot of ways that you could do it. I suppose you know you could send some sort of request to another device and somebody may, you know, not even realize that they're, you know, they may just say, oh yeah, accept, you know. And then all of a sudden, you know they've downloaded some malicious file to their, to their phone, or Can I give you just my rundown of like quick hits on travel safety?

Speaker 4: 28:15

OK, so kind of, starting on the home front, make sure your credit's locked, and that's just a good practice overall. To make sure you've locked your credit so people can't open up credit in your name, but I think we'd advocate that for anything. And then when you're traveling, it's the air tags you know. So you know where your luggage putting your kid's backpack, what have you right, so you keep closer tabs on those sorts of things. We don't have to register our credit cards anymore until our credit card companies where we're traveling to, fortunately. But you have the number to the credit card company handy so that you can call them. They usually have a non-toll-free number so you can call them from out of country. Look up the country that you're going to call them from out of country. Look up the country that you're going to, especially if it's like a level three country Hopefully you're not going to a level four country and make sure you know where the US embassy is. You can go through the State Department's recommendations of registering with the embassy in countries where it may not be as safe for Americans to travel and then have a meetup plan for your family. So if you do get separated, where are you meeting? And then what is your plan of action from there? Quick aside story I was traveling with my mom to Japan. I had gotten onto the train and my mom was just getting, you know, just about to step on and the doors were closing and she would have been left behind on the platform. But you know, fortunately I was able to push the doors open. But just have a plan Like, if something like that happens between you know, your spouse, friends, kids, whatever that you're traveling with, and then it's always good too to have a passphrase so that if you get a call saying that you know, hey, we have something's happened to little Jimmy, and little you know they put little Jimmy on the phone that with voice spoofing these days it's really easy to sound like little Jimmy. So if little Jimmy can recite the passphrase, then you either know it's a problem or a scam. And then, as you get into more of the personal security side, you can make those choices about.

Speaker 4: 30:34

Do you get a hotspot in a foreign country? So, relatively cheaply you can get a hotspot. You can get a SIM card, put it in your phone or rent a device in that country. Usually they'll ship it to you ahead of time or you pick it up in the airport in that country. It's a pretty cheap way to keep your own your data contained, and Matt talked about using that hotspot. Get a VPN If you don't have one already from work.

Speaker 4: 31:04

Certainly go through the travel policies at work. Make sure that you, if you aren't supposed to be taking work equipment or viewing work-related files while you're out of the country, don't do that. Leave that stuff behind and avoid posting and celebrating you're out of. Like you know it's cool You're traveling, but then posting that all over Facebook. People know that you're not home, which is not always good, and encourage your family members. At least have the conversation with them, right, like you know, if you're traveling, then you know your mother's not posting. Oh, you know Matt's over in, you know Cancun or whatever, right, because she's happy for you, but now that's you know giving away information about you that you may not want to give away. Some people may be like oh you know, my trash is coming on Friday, I'm leaving on Wednesday, I'll be back on Saturday Leaving the trash out for that long of period of time if you're in an area where you're putting individual carts out to the street, may not want to do that because there are dumpster divers. I think he nailed it.

Speaker 3: 32:09

I'm sorry to everybody that waited that long for the real advice, but there you go there.

Speaker 2: 32:14

Liam neeson isn't, isn't coming to save you if something happens, but you know all the advice you know to the, to the international travel. There is that state department um website or that, the app that you can download for your device. You know so, that way, if, if you're in a level two country and it suddenly turns into a level three country, you know they'll. They'll alert you through the app and you know it does have the, the embassy information in there too, in case you weren't proactive.

Speaker 4: 32:46

Years ago I was traveling with a friend and you always think like this stuff's never going to happen to me and until it does. Traveling with with a friend, um, on vacation, and I was I was real young, this is like pre-security, like way pre-security, and just barely into it. We were going to a tropical location, um, and for some reason she thought it was a good idea to bring, like I don't know, eight, nine pair of shoes. I not sure why, um, but this I think she had two suitcases. One was was full of shoes and makeup and contacts, and then the other one had her clothes and then she had a carry-on and I had my suitcase and carry-on and it was a mess juggling all of this stuff. But we got it into the plane, got to the country, got out, went to the baggage to pick up the baggage.

Speaker 4: 33:45

And this is decades ago, way before air tags were even a thought from Apple, so it wasn't really possible to track luggage. Back then and this is before they, you know the airlines were putting those stickers that tracked baggage. You just kind of showed up at the carousel and hope for the best. Well, all the bags came out, except for the one with the shoes. We're not sure if it came out and was picked up or we got it and then kind of turned around and one of the bags was gone. So that made for an interesting experience, because the bag's gone and then you're spending like an hour looking for it and you got to report it in a foreign country and then dealing with the aftermath of not having contacts and you know other toiletry items and picking those back up in that foreign country was interesting to say the least. And we had to travel to places that probably wouldn't have gone to, that were kind of way outside the quote, unquote bounds of normal travel.

Speaker 4: 34:44

So I would say you know, be just be mindful. And now air tags can certainly help. Would say you know, be just be mindful, and now air tags can certainly help. But you know, criminals know that their tags are in there and they're gonna look for that and you know, yank them out too. So be careful, kind of where you put them, make it a little harder to find. And then I'd also say you know, some of us, like Nick um with those cats, sometimes travels with the cats not. So make sure you know the regulations around um pet travel and what it takes to get a pet in and out of the country and then nick also has. Is it louis vuitton luggage, nick, only louis vuitton. So if you're traveling with louis vuitton luggage, great, um, but just know that I mean, that's kind of setting yourself up to be a target. I don't know, are they two grand each? Two or three?

Speaker 3: 35:33

I forget.

Speaker 4: 35:35

I might not want to do that myself, because now it's if I can afford that on a bag. What's in the bag? It just seems to be?

Speaker 3: 35:43

You want to be a what is the word? You want to be a soft target, not a hard target. Right, I have it flipped around. You don't want to call yourself out or something flashy. I think the other thing, too, that I always do, and I've been doing this for years, like 10, 15, 20 years I've been carrying, I always carry my wallet, my front pocket.

Speaker 1: 36:00

Yes, that's a good one I would even take that one step further. And there are these necklace wallets you can get so it can sit under your shirt, right on your person, so you're not even in a pocket. Um, make it a little one step harder for people to get to. That's my one security tip I will add in and I got one more question here before we wrap today. So you know, eric, you mentioned the airlines. You know what kind of role do hotels and airlines assume in protecting their customers? Cybersecurity risks, if any is. It sounds like the onus is on on the individual. There's there's really no accountability there in terms of the hotel or or the travel agency, or whatever it may be I don't think, I don't think they would assume anything besides your data that they hold for your reservation or whatever are you rocking the insurance when you take off?

Speaker 2: 36:48

uh, matt uh, a little knr, insurance. Yeah look, it cannot run ransom. Uh, no what is that matt, I, uh, I haven't gone any place. I mean, I've thought about it, like at some point I'd like to take my family to, you know, outside of of the US, and I've thought, how much is this K&R insurance? Because, listen, if something happens I don't want to, like I said, liam Neeson's not there, so I'm going to need some help.

Speaker 3: 37:19

And you don't think the State Department's going to send Delta for us or anything like that.

Speaker 2: 37:23

I mean not for me.

Speaker 3: 37:26

We'll get you back at all costs, Matt. Trust me, we're coming in hot.

Speaker 1: 37:29

We can send Nick down there. Nick, were you in Afghanistan?

Speaker 3: 37:32

Yep, marja, that rings a bell. There's no safe travel tips for you to go there.

Speaker 1: 37:39

You're on your own.

Speaker 3: 37:42

Unless you got a Blackhawk and an Apache.

Speaker 1: 37:45

All right, well, I think that just about does it for today, and thanks again, Matt, for joining us. It was a fun conversation. You've been listening to the Audit presented by IT Audit Labs. My name is Josh Schmidt, co-host and producer. We have Eric Brown and Nick Mellum. You can like, share and subscribe. We are now hosting video on Spotify. You can find us on YouTube, Apple and wherever you get your podcasts. Thanks for listening.

Speaker 4: 38:07

You have been listening to the Audit presented by IT Audit Labs. We are experts at assessing risk and compliance, while providing administrative and technical controls to improve our clients' data security. Our threat assessments find the soft spots before the bad guys do, identifying likelihood and impact or all. Our security control assessments rank the level of maturity relative to the size of your organization. Thanks to our devoted listeners and followers, as well as our producer, joshua J Schmidt, and our audio video editor, cameron Hill, you can stay up to date on the latest cybersecurity topics by giving us a like and a follow on our socials and subscribing to this podcast on apple, spotify or wherever you source your security content.