Device and Information Security Abroad

When traveling internationally, the security of your devices and data can be at greater risk. It’s important to follow best practices to protect your technology and the information it contains. 

Why is this important? 

When abroad, you should not assume any privacy when using Internet cafes, hotels, offices, or public spaces. Business centers in hotels and phone networks are frequently monitored in numerous regions, and in some places, hotel rooms may be subject to searches. Any electronic communication you send—whether by fax, Personal Digital Assistant (PDA), computer, or phone—can be intercepted, with wireless devices being particularly susceptible. Consequently, transmitting sensitive government, personal, or proprietary information while abroad carries significant risks. 

Follow UTD policies and guidelines for International travel 

• Obtain appropriate travel authorization before departure. 
• Register your trip with On Call International. 

Before your Trip 

For assistance on Devices Security and Encryption contact the Information Security Office (ISO) at infosecurity@utdallas.edu. 

• Only carry required Data and Devices. If you won’t be accessing your data stored on your device or the device itself, then it’s better to just leave it at home in a secured place. Avoid carrying any form of sensitive information including digital and paper files, email, text and voice messages, unless required. 
• Backup your data and media. Making a copy of important data and storing it in a safe place may safeguard against loss of data or device itself. 
• Use Secondary devices. While traveling aboard to a country with extreme surveillance or no data privacy laws, it’s better to leave your devices at home and take secondary devices with zero to minimal information on them. 
• Sanitize your devices and social media. Make sure you remove any documents, content, or media that could be perceived as provocative or inflammatory at your destination country. 
• Install and update anti-malware software. Keep your software and operating systems updated to prevent cyber criminals from exploiting known loopholes. 
• Encrypt your devices (If allowed by destination country)
  • Any mobile UTD-owned device or personally-owned device in which UTD sensitive data is stored or created, should be encrypted to protect the device and data from unauthorized access. 
  • Some countries will not allow entry with encrypted devices. Countries who have signed the Wassenaar agreement do allow entry with encrypted devices. Identify participating countries.
  • Contact UTD’s Information Security Office at infosecurity@utdallas.edu to check out an unencrypted laptop for travel, if the destination does not allow encrypted devices. 
• Set up device managers that can help locate a device when lost or stolen. Install and configure an application that allows you to locate the device if lost or stolen, and erase it remotely if needed, such as: Find my iPhone/iPad/Mac and Find My Device (Android). 
• Use UTD Box.com to store information. Box is a UT Dallas cloud-based service where staff and faculty can store information in the cloud securely if needed when overseas. 
• Install and configure campus VPN software. Find instructions at UTD VPN. Use a Virtual Private Network (VPN) if using hotel or public Wi-Fi to create a more secure connection between your device and the resources you access. 
• Protect your accounts and devices
  • Enable 2-step verification, like UTD’s DUO, on all of your accounts, if possible. 
  • Use strong passphrases and use different passwords for different accounts. 
• Lock your devices with password. Configure your device to require authentication after a period of inactivity.  Authentication can be based on a PIN, passcode, or biometric scan in order to unlock the screen and access the device. 
• Update your devices and all applications. Updating devices and application will install new security patches made to the OS and other applications to protect against known venerability. 

During your Trip 

• Don’t leave your devices unattended. Devices should be physically secured in situations where theft is likely. This includes checked bags and hotel safes. If you ever leave your computer, make sure it is turned off. 
• Do not plug in non-trusted accessories to your device. Try to take all necessary accessories with you. If you need to purchase an accessory abroad, make sure it is from a reputable source. Malware can be transferred to your device through thumb drives (USB sticks), computer disks, chargers, and other “gifts.” 
• Do not enter your credentials into public computers. Public computers usually have minimal security protection leading to compromised security of its users. 
• Do not connect to public Wi-Fi networks without VPN. Connect only to known Wi-Fi networks. Turn off your Wi-Fi and Bluetooth when not in use or when crossing through security checkpoints. 
• Use VPN Software. Always make use of a VPN software to establish a secure network connection and avoid eavesdropping. 
• Use a non-privileged account on device. This ensures that even if your devices gets into wrong hands, changes to your information can be avoided. 
• Ensure your connection to website is secure. Make sure that you connect to websites on HTTPS especially when sending or receiving information for safe web browsing. If your browser displays a certificate error it may mean the security certificate for the site has been revoked and the site cannot be trusted. 
• Do not click on suspicious links or prompts. Think before you click. Some links or prompts pose malware threats. 
• Clear your browsing session information or Use Private Browsing Mode. Always try to use a private browsing session or clean up after each use. Browsing on websites creates significant data on your device. 
• Get Rid of Data. Before giving a personally-owned device to a third party for maintenance, re-use, or trade-in, remove University Data from the device. Contact infosecurity@utdallas.edu for help on how to do so. 

Managing Incidents 

• Report security incidents: If you believe your device, account, or confidential information may have been compromised or accessed by another party during your travels, immediately contact the Information Security Office at infosecurity@utdallas.edu.
• In case of Missing or Stolen UT Dallas computer equipment:
  1. Contact the local authorities at your destination immediately to report the missing or stolen computer. 
  2. Call On Call International at +1-978-651-9722, to report the missing or stolen computer. On Call will notify UTD’s International Risk and Safety, who will notify your department, Export Control, and the Office of Information Security. 

After your Trip 

• Run antivirus software to scan your device for malware, and follow the instructions to correct any issues. 
• Change passwords for accounts you accessed while abroad: If you logged into a service with your UT Dallas NetID and password, your password can be changed via the self-service portal at netid.utdallas.edu. If you logged into personal services, such as banking or personal email, it is recommended that you consider changing those passwords, as well. 
• Return any IT equipment that was used for travel purposes only: Your travels may have required you to carry a temporarily assigned computer that is not your assigned device for everyday work. Please return this device to the IT team that provided the equipment for device cleaning and future travelers.

Sources 

• Berkeley University of California: Security Tips for International Travel 
• Harvard Global Support Services: Keeping Your Data Safe Abroad 
• The National Counterintelligence and Security Center: Traveling Overseas with Mobile Phones, Laptops, PDAs, and Other Electronic Devices 
• U.S. Federal Trade Commission: Protecting Personal Information: A Guide for Business 
• FBI: Travel Tips brochure. 
• U.S. Department of State: Country Specific Information 
• UTD Information Security Office – Resources 

---

Tags

---

Related Posts

---