And it's easy, too. Irvine points out, "These measures used to be much more difficult to do just a couple of years ago; certain software didn't work well with VPN, encryption caused lots of problems on individual computers. Today, the software across all platforms is much stronger and easier to use, and cellphones can be encrypted once you put in a PIN."
The PINs (or passwords) themselves are worth setting up too, so long as they're alphanumeric and greater than 10 characters. It won't stop hackers, but it will at least slow them down. Even if it's for just the duration of your vacation, says Jones, they're worth setting up.
"Don't just have your computer turn on and login to Windows," he says. "Tablets and phones, same thing. Use facial recognition, swipe, or a number combo for entry. If you don't want to use it when you get home, that's fine. But don't just leave your stuff open while you're gone."
If you're actually using your device -- rather than just leaving it behind -- avoiding Wi-Fi or wired networks in your hotel room, can lower the odds of an attack greatly.
"They're all shared networks," says Irvine. "Everybody who gets on them can see what you do."
One might be tempted to think that an attractive alternative would be to use the hotel's business center instead, assuming that the facility is equipped with one. The reality, however, is that they may be just as risky -- if not more so -- than the internet connection in your room given that the process involves a shared machine.
"The data that you've typed into the computer, it can be saved using a keylogger," says Irvine. "And most of [the business centers] that I've seen, they don't wipe the information after a person uses it. Anybody who wants to can go back into the PC and look at user IDs, passwords...they can grab that info and use it."
Instead, Irvine proposes that people use their own network instead of somebody else's. People can tether their PCs to their phones and use their mobile data connection to gain internet access so other people can't eavesdrop on their activity. If they don't have that option, he says, they should at the very least ensure that all communications are done using HTTPS.
The best way to protect yourself, however, is to simply abstain from taking risks in the first place.
"You should always avoid using any kind of personally identifiable information when on any public network," says Irvine, reiterating that people should use their own networks. "You just shouldn't do it."
Jones expresses similar sentiments, stressing prevention over damage control.
Sign up for Computerworld eNewsletters.