June 1, 2019
Traveling today is so much easier with technology -- whether it’s to the coffee shop around the corner or to a café in Paris. You can stay productive, entertained, and in touch. For many of us, having a cell phone or other electronic device is an integral part of daily life. Unfortunately, traveling with devices can mean increased cyber risks for keeping your personal and University information private, as well as the potential for device theft.
Here are some steps you can take to help secure your devices and your privacy.
Good to know:
- While traveling within the United States, TSA agents at the gate are not allowed to confiscate your digital devices or demand your passwords.
- Different rules apply to U.S. border patrol agents and agents in other countries. Federal border patrol agents have broad authority to search everyone entering the U.S. This includes looking through any electronic devices you have with you while you are traveling. They can seize your devices and make a copy for experts to examine offsite. See below for resources to learn more about digital privacy at the U.S. border.
- Also see “SPECIAL NOTES FOR INTERNATIONAL TRAVELERS” below.
Before you go:
- Travel only with the data and devices that you need – especially for international travel. If you don’t have it, it can’t be stolen or confiscated. This may mean leaving some of your devices at home, removing personal or University data from your devices, or shifting your data to a secure cloud service. If possible avoid traveling with any sensitive or confidential information on your laptop, USB drives, mobile devices, etc.
- TIP: One common recommendation, including from UC (see next tip, too), is to use a temporary or loaner device that has minimum information, i.e. not a regular work computer, but rather one that is slimmed down/configured cleanly just for remote access.
- If you’re traveling on UC business, check with your IT support staff about the possibility of getting a clean, encrypted laptop and/or phone that contains no sensitive data, no local passwords, etc. Also check with your department for specific policies about device use and traveling abroad.
- Encrypt all devices and data that you take with you.
- Note: Encryption is not a guarantee of security. With time, someone in possession of your device may be able to break the encryption. Additionally, international travelers can be required to decrypt devices and files at border crossings, including when leaving or re-entering the USA. The best advice is not to carry information that would be a problem for others to obtain or access.
- International travelers: You may need to verify whether the location you are traveling to have restrictions on encrypted digital content. See “SPECIAL NOTES FOR INTERNATIONAL TRAVELERS” below.
- Keep prying eyes out! Password protect all of your devices. Use strong passwords, passcodes, or smart-phone touch/facial ID to lock and protect your devices.
- Back up your data before you go.
- Set up multifactor authentication for your accounts whenever possible for an additional layer of security.
- Update your operating system and apps/software, including antivirus protection, to make sure you are running the most secure versions available.
- Turn on "Find My [Device Name]" tracking and/or remote wiping options in case of loss or theft. Make sure you know how to use these tools before you go.
- Log out of browsers and apps, remove any saved login credentials, and clear your browser history. This will help prevent anyone from accessing your accounts or information without your knowledge. Also delete apps you no longer use.
- Clear your devices of any content that may be considered illegal or questionable in other countries.
- Don't overlook low-tech precautions:
- Use a webcam cover or tape over the camera of your laptop and mobile device for privacy.
- Label all devices in case they get left behind!
- Stay informed of TSA regulations and be sure to check with the State Department's website for any travel alerts or warnings concerning the specific countries you plan to visit, including any tech restrictions.
- Avoid posting on social media about your travel plans. This can make you an easy target for scammers and thieves.
- Power off your devices before you arrive at the border. This will help resist a variety of high-tech attacks.
- Do not put devices into checked baggage. Checked baggage can be lost, stolen, stolen from, or tampered with.
- Always keep your devices with you. Carry them on the plane, train or bus, and keep them nearby, within your sight. Avoid putting devices underneath the seat or in the front pocket of your seat. Devices can easily become lost, stolen, or tampered with, especially if you step away or fall asleep. If you become separated from your equipment, there is a possibility that it has been compromised. If your equipment is confiscated or inspected by any foreign authority, then it should be considered compromised.
- Be careful when using public wireless networks or Wi-Fi hotspots; they’re not secure, so anyone could potentially see what you’re doing on your computer or mobile device while you’re connected. If you need Internet access, make sure you know who the reputable carriers are and only connect to them.
- Use a VPN (virtual private network) when you’re traveling to make sure your network connection is secure (encrypted). Check with your location’s IT support to see if one is available to you through the University.
While you’re there:
- Connect to the Internet securely. The above advice about avoiding public Wi-Fi and using a VPN also apply after you arrive.
- Physically protect yourself, your devices, and any identification documents. If you’re traveling in a location where your devices may not be safe in your hotel room or in the hotel safe, keep them with you at all times.
- Do not plug in untrusted accessories. Accessories that come from questionable or unknown sources can be infected with malware intended to steal your information. Avoid plugging in any untrusted accessories (flash drive, charging cable/station/port, SD card, power stick, etc.) to your device. Try to bring all necessary accessories with you, but if you must purchase something abroad, make sure it is from a reputable source.
- Never log into anything when using public computers. They may be loaded with keyloggers and malware. If you use a device belonging to other travelers, colleagues, or friends, do not log in to email or sensitive accounts.
- Disable Wi-Fi and Bluetooth when not in use. This protects you from harmful connections and some types of tracking technology.
- Wait to post about your trip on social media until you return home.
When you return:
- Change any and all passwords you may have used abroad. Regardless of whether you used them on your device or a public computer, they may be compromised.
- Run full antivirus scans on your devices.
- Check your statements. If you used a credit or debit card while traveling, check your monthly statements for any discrepancies for at least one year after you return.
- Delete unneeded apps. If you downloaded any apps specifically for your trip and no longer need them, be sure to delete them and the associated data.
- If you had a loaner device, don’t connect it to the network when you get home. Return the device immediately to your IT support staff so they can help you access it safely.
SPECIAL NOTES FOR INTERNATIONAL TRAVELERS:
- There are special rules for bringing electronic equipment, research, intellectual property, and encryption technology abroad. Consult with experts at your campus/location well in advance of your trip if you are planning to take University equipment, data or technology outside of the United States.
- Campus export control contacts
- Encryption: Although encryption is recommended to protect sensitive information in case your device is lost, stolen, inspected or confiscated, some countries restrict the use/importation of encryption software. The USA may also restrict its export.
- UC's "International Travel" web page for information including lists of countries with travel restrictions, and links for additional help.
- If you are not able to use encryption software at your destination, contact your IT department for guidance.
- Traveling with Electronic Devices (UC site)
- UC Ethics, Compliance and Audit Services (ECAS) “International Compliance” site
- Updated UC guidance in ECAS' April 2018 Compliance Alert newsletter (see "International Compliance" on page 3)
- UC Global Operations (UC GO) website: https://www.ucgo.org/
- FBI brochure: Safety and Security for the Business Professional Traveling Abroad. Includes but is not limited to cybersecurity