Security Guidelines for International Travel
International travel can pose significant risks to information stored on or accessible through computers, tablets and smartphones that we take with us. This risk is associated with:
- Increased opportunities for the loss or theft of the device, and
- Increased exposure to untrusted Internet connections.
Approach international travel like a home repair or painting project. Preparation takes a little more time, but it will go a long way to making your trip easier and more enjoyable, and hopefully prevent a major cleanup project after your return.
Before Your Trip
- Travel light: Don't need it? Leave it at home! This includes laptops, tablets, cell phones, USB thumb drives, and cameras with flash media capability.
- Get a loaner: Take a loaner laptop with you on your trip, if your department can provide this, and request that it be encrypted.
- Travel with "clean" devices: If your department can't loan you a laptop, remove sensitive data from any devices your choose to take. You should not travel with regulated or confidential data, unless it is absolutely required. To remove the sensitive data:
- Backup the data to a secure location (consult with your local IT support).
- Remove sensitive data completely and securely from your device (consult with your local IT support or the 24/7 IT Support Center on methods for secure data removal).
PLEASE NOTE: MAKE SURE THAT YOU HAVE NOT STORED REGULATED DATA ON ANY DEVICE WITH WHICH YOU WILL BE TRAVELING. Refer to the University’s Data Classification and Handling Standard for more information. If the data is a necessary part of the trip, your device must be encrypted. Consult with your IT support for the appropriate encryption tool and procedure.
- Erase history, including, browser history, especially saved passwords.
- Use strong passwords and device timeouts: Set up strong passwords for all accounts, and set your device to "time out" when idle.
- Set up a wipe: Consider setting the device to “wipe” the device’s content after 10 incorrect login attempts.
- Go disposable: If you require a cell phone while overseas, consider purchasing a “burner” or disposable phone in the destination country.
- Clean other mobile devices, too: If you must take your cell phone or tablet with you, securely erase all sensitive data, including stored passwords.
- Encrypt devices: All devices, whether University-owned, personal, or “loaners,” should be encrypted.
- Consult with your local IT support for appropriate encryption applications.
- Contact your cell phone provider for encryption options.
NOTE: Some countries, such as China, Israel, and Russia, have restrictions on the import and use of encryption tools and do not allow cryptography tools to be imported or used within their borders without a license, or in some extreme cases, at all.
- Install Antivirus Software and keep it up-to-date on all devices.
- Update all operating systems and applications. If you no longer need an application, uninstall it.
- Use the UA Virtual Private Network (VPN): UA’s AnyConnect VPN provides a secure connection, and can bee Internet. The VPN can be used on Windows, Mac and Linux platforms, and mobile devices.
- If available, use eduroam for wireless service: eduroam is a consortium of institutions from the international education and research community that allow members to use each other's secured wireless networks by logging in with their home institution ID. The University of Arizona is a member of this consortium.
- Configure your device for eduroam access while on the UA campus, then test eduroam access before departing.
- Check the eduroam international map for availability.
- Use 2-Factor authentication for any account where it is available.
- PLAN AHEAD TO USE UA's NETID+ DURING YOUR TRAVELS: There are several ways that you can use two-factor authentication while traveling (especially internationally) that won't break your bank with roaming charges, or put your mobile device at risk, but it requires some action prior to traveling. Recommended methods for NetID+ when traveling are:
- Use Bypass Codes: The easiest and most cost-efficient (free) 2nd factor method is to generate and use bypass codes. You can download Bypass Codes in groups of 10 at a time. Store these in a secure place while you're traveling. When you are up to the 9th bypass code, login to your NetID+ Management Console again, and generate 10 more codes. Instructions for generating and using bypass codes can be found on UA's IT website.
- Purchase a Yubikey hardware token: Yubikeys plug into USB ports on your computer, and can generate a code for your second factor of authentication. You will need to configure your Yubikey prior to logging in with it. NOTE: Yubikey 4, Yubikey 4 Nano and Yubikey Neo will all work with NetID+.
During Your Trip:
- Use the lowest possible privilege level: While traveling, do not use an administrator account as your primary account. Running as a non-administrative user will defeat a significant number of malware and browser exploits, because your computer is less likely to allow software, including malware, to be installed without you (1) clicking "install" and (2) typing your administrative password.
- “Opt out” of automatic connections: In most countries, you have no expectation of privacy in Internet cafes, hotels, airplanes, offices, or public spaces. All information you send electronically can be intercepted, especially wireless communications.
- Turn off “join wireless networks automatically” on all of your mobile devices (computers, tablets, mobile phones, etc.).
- Always manually select the specific network you want to join, only after confirming its name and origin with the provider.
- Turn off wireless and Bluetooth, when not actively being used.
- Use care when using a “public” device: Do not log into sensitive accounts (e.g., bank accounts) when using publicly available computers. Be aware that keyloggers, “shoulder surfing” and cameras pointed toward keyboards are common ways that credentials are compromised.
- Keep track of what credentials you use while traveling: Whether you sign into personal or University accounts while traveling, keep track of the services you've accessed. If you are on an extended trip, change your credentials periodically, and only while connected to a secure network (e.g., eduroam, UA VPN). Never use the same password for multiple services.
- Keep your technology with you: Do not leave electronic devices unattended. All items should be stored in your carry-on luggage, and within reach at all times. Conceal your devices when they are not with you.
- Clear your Internet browser after each use: Delete history files, caches, cookies, and temporary internet files.
- Report when something goes wrong: If your phone or laptop is stolen, report the theft immediately to the following:
- The local US Embassy or Consulate
- Your department head
- Your departmental IT support or the 24/7 IT Support Center.
After Your Trip:
- Change your passwords: Using a trusted computer and network, change passwords for ALLservices you accessed while away. When changing passwords, remember to pick strong, complex passwords, and do not reuse the same password for multiple services.
- For tips on how to create a strong password, go to UA Information Security’s Online Security page.
- Scan your devices: Scan all of your electronic devices for malware. Should you need assistance with this, consult with your local IT support, or contact the 24/7 IT Support Center.
UA International Travel Information and Resources
- SecureCat Courier Summer 2015 (Travel Issue) (PDF)
- International Travel Safety and Compliance Policy
- UAGlobal International Travel Office
- Export Control Program
- Risk Management International Travel Information
- Travel Health Clinic