Device and Information Security Abroad

Traveling abroad with technology can pose increased risks to information stored on your devices. Learn best practices to safeguard your devices and information while traveling.

Why is this important?

In most countries you have no expectation of privacy in Internet cafes, hotels, offices, or public places. Hotel business centers and phone networks are regularly monitored in many countries. In some countries, hotel rooms are often searched. All information you send electronically – by fax machine, personal digital assistant (PDA), computer, or telephone – can be intercepted. Wireless devices are especially vulnerable. Transmitting sensitive government, personal, or proprietary information from abroad is therefore risky.

Follow UTD policies and guidelines for International travel

• Obtain appropriate travel authorization before departure.
• Register your trip with On Call International

Before your Trip

For assistance on Devices Security and Encryption contact the Information Security Office (ISO) at infosecurity@utdallas.edu.

• Do not carry data or devices if not required. If you do not need to access data stored on your device, leave your data or device at home in a secured place. Avoid carrying to the best possible extent any form of sensitive information including digital and paper files, email, text and voice messages.
• Less is better. Carry the least amount of data or information and fewest devices possible.
• Backup your data and media. In case your data or device is lost or corrupted you will be able to recover a good copy of your data. Leave your backed-up data at home.
• If possible, use a new/clean mobile phone or laptop.
• Sanitize your devices and social media. Clear them of documents, content, or media that could be perceived as provocative or inflammatory at your destination.
• Install and update anti-malware software. Keep your software and operating systems updated to prevent cyber criminals from exploiting known loopholes.
• Encrypt your devices
  • Any mobile UTD-owned device or personally-owned device in which UTD sensitive data is stored or created, should be encrypted to protect the device and data from unauthorized access.
  • Some countries will not allow entry with encrypted devices. Countries who have signed the Wassenaar agreement do allow entry with encrypted devices. Identify participating countries. Contact UTD’s Information Security to check out an unencrypted laptop for travel, if the destination does not allow encrypted devices.
• Set up device managers that can help locate a device when lost or stolen. Install and configure an application that allows you to locate the device if lost or stolen, and erase it remotely if needed, such as: Find my iPhone/iPad/Mac and Find My Device (for Android).
• Use Box.com. Box is a UT Dallas cloud-based service where staff and faculty can store information in the cloud securely if needed when overseas.
• Install and configure campus VPN software. Find instructions at UTD VPN. Use a Virtual Private Network (VPN) if using hotel or public Wi-Fi to create a more secure connection between your device and the resources you access.
• Protect your accounts and devices
  • Enable 2-step verification on your accounts, if possible.
  • Use strong passphrases and use different passwords for different accounts.
• Setup device locks. Configure your device to require authentication after a period of inactivity.  Authentication can be based on a PIN, passcode, or biometric scan in order to unlock the screen and access the device.
• Update your web browser with strict security settings.

During your Trip

• Don’t leave your devices unattended. Devices should be physically secured in situations where theft is likely. This includes checked bags and hotel safes. If you ever leave your computer, make sure it is turned off.
• Do not plug-in non trusted accessories to your device. Try to take all necessary accessories with you. If you need to purchase an accessory abroad, make sure it is from a reputable source. Malware can be transferred to your device through thumb drives (USB sticks), computer disks, chargers, and other “gifts.”
• Do not enter your credentials into public computers. Public computers usually have minimal security protection leading to compromise on security of its users.
• Do not connect to public Wi-Fi networks. Connect only to known Wi-Fi networks. Turn off your Wi-Fi and Bluetooth when not in use or when crossing through security checkpoints.
• Use VPN Software to establish a secure network connection.
• Use a non-privileged account to avoid automatic installation of software or malware, as they often require elevated privileges. Only elevate privileges when necessary.
• Ensure that you connect to HTTPS websites especially when sending or receiving information for safe web browsing. If your browser displays a certificate error it may mean the security certificate for the site has been revoked and the site cannot be trusted.
• Do not click on suspicious links or prompts. Think before you click.  Some links or prompts pose malware threats.
• Clear your browsing session information after each use or use your browser’s private browsing or incognito feature.
• Remove Data. Before giving a personally-owned device to a third party for maintenance, re-use, or trade-in, remove University Data from the device.  Contact infosecurity@utdallas.edu for help on how to do so.
• Take note of the credentials you used during your trip so you can change them on a trusted and secure device once you return.
• Report incidents when you believe your device or confidential information may have been compromised. Please contact infosecurity@utdallas.edu.
• In case of Missing or Stolen UT Dallas computer equipment:
  1. Contact the local authorities at your destination immediately to report the missing or stolen computer.
  2. Call On Call International at +1-978-651-9722, to report the missing or stolen computer. On Call will notify UTD’s International Risk and Safety, who will submit your report to your department, to Export Control, and to the Office of Information Security.

After your Trip

• Run antivirus software to scan your device for malware, and follow the instructions to correct any issues.
• Reset, from a safe device, credentials you used during the trip. Use different passwords for different accounts.
• Report incidents to infosecurity@utdallas.edu if you discover any breaches.

Sources and resources

• Berkeley University of California: Security Tips for International Travel
• Harvard Global Support Services: Keeping Your Data Safe Abroad
• The National Counterintelligence and Security Center: Traveling Overseas with Mobile Phones, Laptops, PDAs, and Other Electronic Devices
• U.S. Federal Trade Commission: Protecting Personal Information: A Guide for Business
• FBI: Travel Tips brochure.
• U.S. Department of State: Country Specific Information