For members of the campus community, a trip to a foreign country presents unique data security challenges. The nature of international travel requires you to use your device (laptop, tablet or smartphone) in various unfamiliar places that may expose your data and device to malicious people and software. Beyond the physical loss of your device, staying digitally connected often means that you will connect your devices to public networks in hotels, airports, train stations, and conference halls, which employ minimal security measures. These public networks often harbor malware from cyber criminals looking to steal your data for identity fraud, as well as nation state actors targeting academic and business travelers for intellectual property. In some cases, education networks are broadly targeted by government agencies for the benefit of data theft.
To protect your data and device, whether it’s for work or personal, the rest of this KB article will outline a list of data security safeguards you should add to your travel checklist before, during and after your trip.
In addition, please review the FAQ for International Travel with Encrypted Mobile Devices.
If you have any questions about securing your data on your trip, please send an email to IWU-ITSecurity@indwes.edu.
Before You Leave
- If you are an employee, notify the Information Security Office (IS) and IWU Risk [firstname.lastname@example.org] at least 7 days prior to leaving for your trip.
Once notified IS will add rights to your IWU ID that will allow for added VPN security while on the road. This is extremely important so please contact us at
IWU-ITSecurity@indwes.edu. and supply:
- your name
- email address
- dates of travel.
- Leave your data and/or device at home.
The best way to safeguard your data or device is to not bring them on the trip. If you don’t need to access data stored on your computer, leave your computer in a secure location at home and bring along a loaner computer instead.
Employees: Request a loaner laptop by emailing email@example.com and note any special requirements you may have for the laptop. By default the laptop will include: Microsoft Office, VPN, Microsoft Edge, Firefox, Chrome. Please allow 5 business days for delivery.
- Backup your data.
Whether you are traveling with a loaner computer, your regular computer, tablet or smartphone, you should always backup your data. In case you lose your data along with your device or some malware corrupted your data during the trip, you can be sure you have a good copy from which you can recover your data. The best way to back up your data is to do so via IWU's OneDrive feature. Learn how to setup OneDrive File Protection to backup your data.
- Install and configure encryption software.
In the unfortunate scenario where your device is lost or stolen, disk encryption software can help encode your data such that only you and people you authorized can decode and read the encrypted data. If you are utilizing an IWU laptop it comes preloaded with full disk encryption and there is no further action required. If you have your personal laptop, Full disk encryption software, which is freely bundled with recent Microsoft Windows and Mac OS X operating systems, is easy to use and setup. Some foreign countries do restrict the use of encryption software, so please research the software import laws of your destination country. If you are not able to use encryption software at your destination, please strongly consider leaving your data and device at home, and bringing a loaner device instead.
- Configure device according to minimum security standards.
The following requirements are especially critical for foreign travelers:
- Update your operating system and application software to the latest versions possible
- Install and update anti-malware software
- Choose strong passwords
- For laptops, setup and use a personal account that does not have superuser (root, administrator) privileges
- ALWAYS use a VPN after connecting to any public or hotel hotspot.
For employees this means using the Global Protect client on your IWU issued device at all times.
- Do NOT leave your device unattended.
Physically having control of your device is the easiest way for someone to access your data. Do not leave your device unattended, lend it to someone you just met or leave it in your checked bag on your flight. If you ever leave your computer, make sure to turn it off instead of just hibernating it or putting it to sleep.
- Do NOT plug in untrusted accessories.
Untrusted accessories, those that came from questionable sources, can be infected with malware intended to steal your data. Avoid plugging in any untrusted accessories (flash drive, charging cable, SD cards, etc.) to your device. Try to plan ahead and take all the necessary accessories with you, but if you must purchase an accessory abroad, make sure it is from a reputable source.
- Do NOT enter your credentials into public computers.
Public computers such as hotel business center workstations and internet cafe computers are often poorly managed and provide minimal security protection for its users. If the need to use public computers arises during your travel, avoid entering your credentials at these public computers.
- Connect only to known wifi networks.
It’s tempting to stay in touch with friends and colleagues as you travel by connecting to wifi networks. However, anyone can create a network and give the network a legitimate sounding name, hoping to lure unsuspecting travelers to connect while capturing personal information transmitted through the network. This is especially prevalent at public cafes, hotel lobbies and airports. When connecting to a network, find out the correct network name from the staff at the business and connect to it. Remember to use a VPN at all times.
- Turn off your wifi when not in use.
Attackers can easily spoof Wifi network names to connect to devices within range for eavesdropping. To help you avoid accidentally connecting your device to rogue wifi networks at a later time, once you are finished using the network, turn off wifi on your device
- Use a non-privileged account.
Just as software installation requires elevated privileged accounts, malware often requires elevated privileges to infect your computer. Use a non-privileged account and only elevate privileges when necessary on your device. This will provide additional protection against malware infection.
- Practice safe web browsing.
The websites you visit online hold valuable data about you. They are also becoming gateways thru which hackers can steal your data by infecting reputable or seemingly reputable websites with malware. This threat is magnified during foreign travel as you connect to public networks in hotels, airports, cafes, etc at your destination. To protect yourself while browsing websites abroad:
- Connect to only HTTPS websites.
Web pages you connect to using HTTP exchange information unencrypted. This could expose your information to attackers on the public networks you use during your travel. Before sending or receiving any sensitive information, make sure the internet address(URL) in the web browser starts with HTTPS.
If your browser displays an error about the digital certificate used to encrypt the data, i.e. that it cannot verify identity of the HTTPS website, you should assume the website is fake and malicious. Stop connecting to the website and try from another location. Examples of such an attack targeting popular websites has been observed against academic institutions and a country's general population.
- Do not click on suspicious links or prompts.
Malicious websites commonly craft attacks to exploit a user’s curiosity, impatience or to scare them with malware threats. These malicious attacks might come in the form of links or pop-ups that present free offers too good to be true or imminent malware infection if you don’t install the product. Think before you click a link or “Yes” to a prompt.
- Clear browsing session information when using devices that do not belong to you.
Some web applications do not log you out entirely, even when clicking the logout button or closing the browser. Such behavior allows the next person who uses the device to browse to the same page or click the back button to access your data as if you are still login. To prevent others from accessing your account and data, clear all the web browser session information following steps outlined for each type of browser here: CHROME - INTERNET EXPLORER - FIREFOX - SAFARI
- Connect to only HTTPS websites.
- Take note of credentials you are using during the trip.
Regardless of whether you are using them on your device or public computer, they may be compromised. To be safe, take note of the credentials you used so you can change them on a trusted and secure device once you return.
After Your Trip
- Reset credentials you used during the trip.
As noted above consider credentials you used during the trip to be compromised. Use a trusted computer, whether it’s your own or one provided by your IT support staff, to reset credentials that were used during the trip. For example, if you use your Indiana Wesleyan credentials during the trip, go to the IWU password reset portal, once you return, to reset your IWU password.
- Re-image your devices.
Upon returning, if you were required to bring your IWU device, immediately open a support case to have it re-imaged with a fresh OS image. Prior to this you will need to make sure any data you wish to be retained is copied to your IWU network personal share or OneDrive. In addition, it may be wise to reset your mobile devices to their factory defaults. All of these measures are extreme and can be construed as over protective, but they will ensure that your devices are free from any potentially harmful hidden software/viruses that may have made their way onto them during your trip.
Import Restrictions on Encryption Software
Encryption software is a very effective tool to strengthen the protection of your data. However, a number of foreign countries do not permit encryption software to be imported or used without prior approval. For example, China requires foreign travelers to apply for a license to use encryption software prior to arrival. To learn more about background information and details of import restrictions on encryption software, follow the links below to external websites:
- Wikipedia article discussing restrictions on encryption software import (link is external)
- Crypto Law Survey website with a list of countries and their respective encryption software import restrictions. (link is external)
If you are not able to use encryption software at your destination, it is strongly recommended to leave your data and device at home, and bringing a loaner device instead. If your information is sensitive and it is illegal to secure your devices/data and communication, contact the IWU IT Security office for advice.
Please review the FAQ for International Travel with Encrypted Mobile Devices for more detailed information.
March 2021 ISO
Sept 2018 ISO
Partial Source Material Reference - Berkley, Kansas State University