Security Guidelines for International Travel

travel security

International travel can pose significant risks to information stored on or accessible through computers, tablets and smartphones that we take with us.  This risk is associated with:

  1. Increased opportunities for the loss or theft of the device, and
  2. Increased exposure to untrusted Internet connections.

Approach international travel like a home repair or painting project.  Preparation takes a little more time, but it will go a long way to making your trip easier and more enjoyable, and hopefully prevent a major cleanup project after your return. 

Before Your TripCheck List

  • Travel light:  Don't absolutely need to take a device? Leave it at home!  This includes laptops, tablets, cell phones, USB thumb drives, and cameras with flash media capability.
  • Get a loaner:  Take a loaner laptop with you on your trip, if your department can provide this. 
    • An encrypted loaner device drastically reduces the likelihood that theft or compromise will expose data, which isn't needed while you travel.  
    • Upon your return, after backing up relevant data from your travels, the device can be wiped clean (erased), helping to prevent malware from arrive home with you.
  • Travel with "clean" devices:  If your department can't loan you a laptop, make sure that you travel with “clean” machines.  You should not travel with regulated or confidential data, unless it is absolutely required.  To remove the sensitive data, do the following: 
    • Backup any sensitive data that you still need to a secure location.  Consult with your local IT support on the appropriate storage method and location.
    • Remove the sensitive data completely and securely from your device.  Consult with your local IT support or the 24/7 IT Support Center on methods for secure data removal.

PLEASE NOTE:  MAKE SURE THAT YOU HAVE NOT STORED REGULATED DATA ON ANY DEVICE WITH WHICH YOU WILL BE TRAVELING.  Refer to the University’s Data Classification and Handling Standard for more information.  If the data is a necessary part of the trip, your device must be encrypted.  Consult with your IT support for the appropriate encryption tool and procedure. 

  • Erase history:  Clean your computer’s history, including:
    • Browser history, especially saved passwords.
    • Stored passwords from other applications, UNLESS you store them in a secure password management application designed to secure, store and handle login credentials.    
  • Use strong passwords and device timeouts:  Set up strong passwords for all accounts.  Also, set up your devices to time out and require a password when idle.
  • Set up a wipe: Consider setting the device to “wipe” the device’s content after 10 incorrect login attempts. 
  • Go disposable:  If you require a cell phone while overseas, consider purchasing a “burner” or disposable phone in the destination country.
  • Clean other mobile devices, too:  If you must take your cell phone or tablet with you, securely erase all sensitive data, including stored passwords.  
  • Encrypt devices:  All devices, whether University-owned, personal, or “loaners,” should be encrypted. 
    • Consult with your local IT support for appropriate encryption applications.  
    • Contact your cell phone provider for encryption options.

NOTE:  Some countries, such as China, Israel, and Russia, have restrictions on the import and use of encryption tools and do not allow cryptography tools to be imported or used within their borders without a license, or in some extreme cases, at all.  

  • Install Antivirus Software and keep it up-to-date on all devices:  If you do not have endpoint security on your laptop, you can download and install Sophos Endpoint Security and Control (free to all faculty, staff and students).  
  • Update all operating systems and applications:  Work with your local IT support or the 24/7 IT Support Center to ensure that all necessary applications are updated with all security patches.  If you no longer need an application, uninstall it.  
  • Use the UA Virtual Private Network (VPN):  UA’s AnyConnect VPN provides a secure connection from your computer to the Internet.  The VPN can be used on Windows, Mac and Linux platforms, and mobile devices.
  • If available, use eduroam for wireless service:  eduroam is a consortium of institutions from the international education and research community that allow members to use each other's secured wireless networks by logging in with their home institution ID. The University of Arizona is a member of this consortium.  
    • Configure your device for eduroam access while on the UA campus, then test eduroam access before departing.  
    • Check the eduroam international map for availability.
  • Sign up for Global NetID+:  Put an extra layer of protection around your sensitive information by signing up for Global NetID+ two-factor authentication.  Doing so decreases the risk that your UAccess and other sensitive personal information will be accessed, should your UA NetID become compromised while traveling.
  • PLAN AHEAD TO USE NETID+ DURING YOUR TRAVELS: There are several ways that you can use two-factor authentication while traveling (especially internationally) that won't break your bank with roaming charges, or put your mobile device at risk, but it requires some action prior to traveling.  Recommended methods for NetID+ when traveling are:
    • Use Bypass Codes:  The easiest and most cost-efficient (free) 2nd factor method is to generate and use bypass codes.  You can download Bypass Codes in groups of 10 at a time.  Store these in a secure place while you're traveling.  When you are up to the 9th bypass code, login to your NetID+ Management Console again, and generate 10 more codes.  Instructions for generating and using bypass codes can be found on UA's IT website
    • Purchase a Yubikey hardware token:  Yubikeys plug into USB ports on your computer, and can generate a code for your second factor of authentication.  You will need to configure your Yubikey prior to logging in with itNOTE:  Yubikey 4, Yubikey 4 Nano and Yubikey Neo will all work with NetID+. 

During Your Trip:

  • Use the lowest possible privilege level:  While traveling, do not use an administrator account as your primary account.  Running as a non-administrative user will defeat a significant number of malware and browser exploits, because your computer is less likely to allow software, including malware, to be installed without you (1) clicking "install" and (2) typing your administrative password.  
  • “Opt out” of automatic connections:  In most countries, you have no expectation of privacy in Internet cafes, hotels, airplanes, offices, or public spaces.  All information you send Relaxing on a beachelectronically can be intercepted, especially wireless communications.  
    • Turn off “join wireless networks automatically” on all of your mobile devices (computers, tablets, mobile phones, etc.).
    • Always manually select the specific network you want to join, only after confirming its name and origin with the provider. 
    • Turn off wireless and Bluetooth, when not actively being used.
  • Use care when using a “public” device:  Do not log into sensitive accounts (e.g., bank accounts) when using publicly available computers.  Be aware that keyloggers, “shoulder surfing” and cameras pointed toward keyboards are common ways that credentials are compromised.
  • Keep track of what credentials you use while traveling:  Whether you sign into personal or University accounts while traveling, keep track of the services you've accessed. If you are on an extended trip, change your credentials periodically, and only while connected to a secure network (e.g., eduroam, UA VPN).  Never use the same password for multiple services.
  • Keep your technology with you:  Do not leave electronic devices unattended. All items should be stored in your carry-on luggage, and within reach at all times.  Conceal your devices when they are not with you.  
  • Clear your Internet browser after each use:  Delete history files, caches, cookies, and temporary internet files. 
  • Report when something goes wrong:  If your phone or laptop is stolen, report the theft immediately to the following:  
    • The local US Embassy or Consulate
    • Your department head
    • Your departmental IT support or the 24/7 IT Support Center.    

After Your Trip:  

  • Change your passwords:  Using a trusted computer and network, change passwords for ALL services you accessed while away.  When changing passwords, remember to pick strong, complex passwords, and do not reuse the same password for multiple services. 
    • For tips on how to create a strong password, go to UA Information Security’s Online Security page
  • Scan your devices:  Scan all of your electronic devices for malware.  Should you need assistance with this, consult with your local IT support, or contact the 24/7 IT Support Center

UA International Travel Information and Resourcesinternational travel direction sign with sky background

Other Resources