The same is true for where you go online to book your travel, says Epstein. "If you pick the wrong site, you've just handed over everything to someone."
Sticking to known companies there too, whether that's with hotels or airlines or cruise companies themselves or well-known online travel agents, is your best bet. Deals that look too good to be true probably are. Read the find print too, and make sure that if your booking is cancelled — especially by the booker — that the entire amount isn't considered a non-refundable deposit.
Epstein also suggests calling the hotel to make sure they have the booking in case something went awry.
While on the road
The scams don't stop there, of course. Traveling presents more ways that criminals can get into your life, especially if your guard's down because you're on the beach, drinking margaritas, or both.
"Free Wi-Fi is the most dangerous cyber vector" for travelers says Epstein. Even if your hotel offers it for free, don't use it. If you can't create your own Wi-FI network by tethering, Epstein says stick to your phone. If you must use your laptop, make sure you use full tunnel encrypted VPN. That way, what you're sending or receiving is protected.
Securing your laptop and phone might sound basic, but Epstein says it's something that travelers can forget about — especially the laptop.
"If you don't know where something is, even if you get it back, it may not be what you thought it was," he says. That's because someone could put malware on it. "It's a path into your company. It's a front door."
If you can, he says, leave the corporate laptop at home. If you must bring it with you, have it locked away in a place where only you know the password.
Besides, it's a vacation. Who wants to bring their laptop with them on that? Now you have a security reason not to work with you.
Sign up for CIO Asia eNewsletters.