Half-term holidaymakers sharing highlights from their travels with friends and family on social media are putting themselves at risk – an expert from cyber security firm CSS Assure has warned.

After the government announced it would be scrapping testing and self-isolation rules for people arriving in England from 11 February, airline Jet2 reported a 30% surge in bookings for Spain, Italy and Portugal, while TUI also saw a spike.

With international travel starting to look like it once did pre-pandemic, thousands of families are set to travel abroad this February half-term. However, cyber criminals will be looking to exploit holidaymakers during the break, Mike Wills, director of strategy and policy at cyber and data security firm CSS Assure, has warned.

Mike said: “The threat of Covid-19 and rules around testing and self-isolation have meant that holidays abroad have been off the cards for many families for almost two years. The relaxation of testing rules will have provided a huge boost for half-term breaks – as well as cyber criminals.

“Whether staying at home or heading abroad this February, people tend to put themselves at risk while they are on holiday without even realising it. Social media is a great way to connect and share with people, but unless it is used sensibly and cautiously, your friends and family may not be the only ones viewing your posts.

“You would hope that for whatever social media platform you choose to use, the privacy settings are turned on by default. Unfortunately, they rarely are, and this can mean that anything you post – be it thoughts, photos, videos or locations – could be seen by anybody with an account for the platform.”

Cyber criminals actively use social media for opportunity and intelligence gathering – whether to find individuals to target or bolster information to enable them to successfully socially-engineer an attack, Mike said.

He added: “If your privacy settings are not set, they could be able to see the information you are posting. While information in isolation does not amount to much, if you combine it with other pieces of data, it becomes intelligence and can be used to develop a strategy to target someone.

“People post all kinds of information on social media: email addresses, mobile numbers, address and more. But it is not always about what is written – it is also the information that pictures and videos can present, such as jewellery, expensive cars or other luxury assets, as well as the fact you are away from your home and it could be unoccupied.”

How to protect yourself

Mike said: “Start by turning on privacy settings for all your social media accounts. The information for how to do this for each platform is readily-available on Google and doing so can ensure only those people you are connected with can see what you post.

“Of course, this only controls what you post, so it is worth setting boundaries with friends and family over what they post regarding you – particularly if their privacy settings aren’t up to scratch.

“Next, avoid tagging your location in real-time. If someone is watching, they can easily see you are not at home or that you are in a particular place wearing an expensive piece of jewellery, for example.

“Using strong passwords is a critical cyber resilience practice. Doing so means cyber criminals are unlikely to gain unauthorised access to your account, which could enable them to change your privacy settings or gather information for social engineering purposes.

“It is also important to never use the same password across multiple accounts. If one site is breached and your credentials are exposed, your risk is amplified exponentially if you use that same password across multiple other accounts.

“Finally, turn on two-factor authentication. This will enable you to know whether someone is trying to access your account and take appropriate action.

“Safe social media use is now a life skill and one that everyone should take some time to learn. As the old adage goes, prevention is always better than cure. Act now, rather than experiencing regret later.”