Travel best practices for both domestic and abroad
Preparing for your trip
Assume that all devices—computers, laptops, tablets, and mobile phones—will be hacked.
Don't allow your personal information or sensitive University assets to be taken for ransom. Sanitize devices of confidential personal information or sensitive non-public University information before taking them with you.
Prepare your laptop for travel:
Install the most current updates and patches.
Install and run anti-virus and anti-malware software.
Create a backup disk and leave it at home.
Enable personal firewall protection.
Install and enable full disk encryption.
Secure all devices with unique passcodes.
Precautions for mobile devices:
Turn on the passcode lock feature available on most devices.
Use strong passwords: at least 8 characters, alpha-numeric and symbols.
Configure the auto-lock settings to lock your device after a few minutes of inactivity and require a passcode to unlock it.
Configure remote lock, remote locate, and remote wipe settings.
Consider obtaining a prepaid plan and an inexpensive phone (throw away) to use while traveling abroad or in the U.S. Enter only the data you need for the trip, such as important contact information or travel notes. This reduces the risk should your device be lost or stolen. You should wipe the device of all data before disposing of it. Apply safe practices to secure your device.
If traveling abroad for business or research, read up on data privacy, Export Control Laws and Trade Sanctions for the U.S. as well as for your destination.
Certain devices considered dual-purpose for military and commercial use, such as global positioning systems (GPS), security software, encryption, computer programs, etc., are subject to Export Administration Regulations (EAR) or International Traffic in Arms Regulations (ITAR). The Office of Foreign Assets Control prohibits certain transactions with countries that have been sanctioned by the U.S. (e.g., Iran, Yemen, and North Korea). Consult the OFAC list for sanctioned countries at the U.S. Department of the Treasury website.
If you don't need it, don't take it! The less you carry, the less you have to worry about.
Take only absolutely necessary vital documents and do not secure them anywhere you cannot monitor at all times. The same goes for electronics. If you bring either in a backpack, consider locking the zippers on the pouch to prevent pickpocketing.
Use covered luggage tags.
Avoid exposing personal information, such as your name, home address,
or phone number to anyone who does not need to know it.
Print several copies of this checklist and save a copy on your computer's hard drive to
refer to as you plan your next trip.
While you are traveling
Avoid using public or untrusted terminals and computers for personal actions.
Never log in to a public device to check your email, social media, or accounts. Don't open suspicious or unexpected email and attachments and avoid clicking on links inside of email.
When logging in to University computers, enable VPN promptly.
This will establish an encrypted communication between your computer and the University's systems.
Don't accept any software, updates, downloads, patches or fixes.
Wait until you return home to update.
Familiarize yourself with acceptable and unacceptable computing practices.
Specifically, you should know rules and regulations governing sharing and exporting certain types of information and technology.
Never leave your electronic devices unattended, even for a short time.
Encryption is highly recommended.
However, be prepared to decrypt if a request is made by U.S. or foreign customs, federal, or local government officials. This is another reason to remove confidential and sensitive information from your devices prior to traveling.
Not all Wi-Fi networks are created equal.
Avoid an unprotected network or Wi-Fi access that uses weak WEP keys. WPA2 is considered safe. Only log in to wireless networks where WPA2 is configured. Hint: You will need a key to use the Wi-Fi network.
Only use trusted Wireless Access Points (WAPs), to enter login credentials for University work, personal banking, and e-commerce using credit cards.
A VPN connection adds another layer of security protection if transactions involving sensitive data are unavoidable.
Avoid visiting websites that may present a security risk.
Only visit secure web sites that use TLS/SSL certificates as noted by the presence of https, a lock icon, and/or a green address bar.
Conducting personal business that involves discussing or providing personally identifiable information (PII) or personal health information (PHI) online or over the phone puts that information at risk. Assume that all conversations and electronic communications are subject to sniffing or eavesdropping,
Use caution when purchasing electronic devices and commodities abroad.
Some foreign governments have strict laws prohibiting certain type of products from being taken out of the country. You may be required to obtain export permits or surrender your purchases before leaving the country.
When you return home
Reimage your machine.
Don't trust that your system is uncompromised or that your anti-virus or anti-malware is all-protecting. Remember, you made a restore disk and a backup of your data.
Change all passwords for accounts used during your travels.
This will mitigate the risk of compromised login credentials that may have been obtained by hackers.
Reinstall anti-virus and anti-malware software.
Run the most comprehensive scans possible to inspect all files on your computer.
Install configuration management software.
It will reveal any programs that are in need of patches or updates as well as programs that have reached end-of-life. Free software is available on the Internet for non-commercial use.
Restore files and data from backups.
After you have inspected and cleaned your computer's memory, you can restore all of your personal information and files. Remember not to do this until you have completely scanned your devices; don't connect secured or re-secured devices to ones that you have not yet re-secured.
If you require further assistance with the instructions
or information on this page, contact the IT Support Center. If you have comments or suggestions about this Web page itself, contact the IT Communication Group.