Use safe travel practices

Use safe travel practices

University employees may often travel for research or other University activities, and they may wish to take personal devices while on vacation. While traveling, you are wholly responsible for the safety of your devices and the security of your data. Exercise caution while traveling, and consider how the security of your devices and data are affected by your practices.

Preparing for your trip

  • Assume that all devices—computers, laptops, tablets, and mobile phones—will be hacked.
    Don't allow your personal information or sensitive University assets to be taken for ransom. Sanitize devices of sensitive personal information or sensitive University information before taking them with you.

  • Prepare your device(s) for travel:

  • Extra precautions for mobile devices:
    • Turn on the passcode lock feature available on most devices.
    • Use strong passwords when possible: at least 8 characters, alpha-numeric and symbols.
    • Configure the auto-lock settings to lock your device after a few minutes of inactivity and require a passcode to unlock it.
    • Configure remote lock, remote locate, and remote wipe settings.
    • Consider obtaining a prepaid plan and an inexpensive phone (disposable phone) to use while traveling abroad or in the U.S. Enter only the data you need for the trip, such as important contact information or travel notes. This reduces the risk should your device be lost or stolen. You should wipe the device of all data before disposing of it. Apply safe practices to secure your device.

  • If traveling abroad for business or research, read up on data privacy, Export Control Laws and Trade Sanctions for the U.S. as well as for your destination.
    Certain devices considered dual-purpose for military and commercial use, such as global positioning systems (GPS), security software, encryption, computer programs, etc., are subject to Export Administration Regulations (EAR) or International Traffic in Arms Regulations (ITAR). The Office of Foreign Assets Control prohibits certain transactions with countries that have been sanctioned by the U.S. (e.g., Iran, Yemen, and North Korea). Consult the OFAC list for sanctioned countries at the U.S. Department of the Treasury website.

  • If you don't need it, don't take it! The less you carry, the less you have to worry about.
    Take only absolutely necessary vital documents and do not secure them anywhere you cannot monitor at all times. The same goes for electronics. If you bring either in a backpack, consider locking the zippers on the pouch to prevent pickpocketing.

  • Use covered luggage tags.
    Avoid exposing personal information, such as your name, home address, or phone number to anyone who does not need to know it.

  • Print several copies of this checklist and save a copy on your computer's hard drive to refer to as you plan your next trip.

While you are traveling

  • Avoid using public or untrusted terminals and computers for personal actions.
    Never log in to a public device to check your email, social media, or accounts. Don't open suspicious or unexpected email and attachments and avoid clicking on links inside of email.

  • Use apps to log in securely.
    A vendor or company app will typically authenticate your credentials locally and securely, which means that your login information won't be transmitted in an unsecure manner.

  • When logging in to University information systems, enable VPN promptly.
    This will establish an encrypted communication between your computer and the University's systems.

  • Connect to eduroam networks at other institutions.
    If you are traveling to a different university or college and plan on connecting to their internet, consider using eduroam. eduroam is a secure network that allows you to log in to another institution's network using your email address and password.

  • Don't accept any software, updates, downloads, patches or fixes
    Wait until you return home to update.

  • Familiarize yourself with acceptable and unacceptable computing practices.
    Specifically, you should know rules and regulations governing sharing and exporting certain types of information and technology.

  • Never leave your electronic devices unattended, even for a short time.
    Device theft is commonplace in many travel destinations, and the likelihood of recovering your device in an unfamiliar place is low.

  • Encryption is highly recommended.
    However, be prepared to decrypt if a request is made by U.S. or foreign customs, federal, or local government officials. This is another reason to remove confidential and sensitive University information from your devices prior to traveling.

  • Not all Wi-Fi networks are created equal.
    Avoid an unprotected network or Wi-Fi access that uses weak WEP keys. WPA2 is considered safe. Only log in to wireless networks where WPA2 is configured. Hint: You will need a key to use the Wi-Fi network.

  • Only use trusted Wireless Access Points (WAPs), to enter login credentials or access sensitive information, such as University work, personal banking, and e-commerce using credit cards.
    A VPN connection adds another layer of security protection if transactions involving sensitive data are unavoidable.

  • Avoid visiting websites that may present a security risk.
    Only visit secure web sites that use TLS/SSL certificates as noted by the presence of https, a lock icon, and/or a green address bar.

  • Be vigilant!
    Conducting personal business that involves discussing or providing personally identifiable information (PII) or personal health information (PHI) online or over the phone puts that information at risk. Assume that all conversations and electronic communications are subject to sniffing or eavesdropping,

  • Use caution when purchasing electronic devices and commodities abroad.
    Some foreign governments have strict laws prohibiting certain type of products from being taken out of the country. You may be required to obtain export permits or surrender your purchases before leaving the country.

When you return home

  • Reimage your machine.
    If you want to be certain that your device is free from malware, you can reimage it and restore your data and software from your backup.

  • Change all passwords for accounts used during your travels.
    This will mitigate the risk of compromised login credentials that may have been obtained by hackers.

  • Reinstall anti-virus software.
    Run the most comprehensive scans possible to inspect all files on your computer.

  • Install configuration management software.
    It will reveal any programs that are in need of patches or updates as well as programs that have reached end-of-life. Free software is available on the internet for non-commercial use.

  • Restore files and data from backups.
    After you have inspected and cleaned your computer's memory, you can restore all of your personal information and files. Remember not to do this until you have completely scanned your devices; don't connect secured or re-secured devices to ones that you have not yet re-secured. Otherwise, malware that may be on your computer could infect the backup as well.