Protect Personal/Sensitive Information During Travel
When you’re traveling—whether domestic or international—it is always important to practice safe online behavior and take proactive steps to secure Internet-enabled devices. The more we travel, the more we are at risk for cyberattacks.
- If it’s not required, consider leaving it behind.
- Leave behind devices, media, or documents that are not absolutely required for the trip. This is especially important if the device has confidential or sensitive data.
- If documents are required, make copies, and store in a secure location or keep an electronic copy on university-approved cloud storage—Microsoft OneDrive in the event the original is lost, and access is needed while abroad or to facilitate secure sharing and collaboration.
- Consider using RFID-blocking wallets or bags to protect credit cards and passwords.
- Do not save personal information such as credit card numbers or passport information on devices or other media.
- Are you traveling with sensitive or confidential information? – Only travel with the data that you absolutely need. If you don’t need it, don’t
- Check with the HUB to obtain a loaner laptop that you can use while traveling instead of bringing your own.
- Loaner devices are hardened and with minimal installation of software—this makes it challenging for bad actors to compromise your data or access your device.
- Inventory and back up your data. Take note of what’s on your device in case it is lost or stolen. Even if you are taking some files with you, back it up before you leave. Make sure to store the data in a secure location, such as Microsoft OneDrive.
- Secure your device. Some additional reminders:
- Disable file and print sharing, Bluetooth, and network connections when not in use.
- Run an anti-virus scan using Cylance or Kaspersky to set a baseline for a clean system.
- Ensure your operating system and software are up to date with the latest security patches.
- Bring your own charger(s).
- Some chargers can be altered to infect a device or take data, including chargers for smartphones or tablets.
- Criminals can access information on your devices through the USB cable since it has two wires – one for power and the other for data transfer.
- Rather than using a USB charger, find an AC power brick that plugs into a power outlet directly. For added safety, bring your own chargers for all devices.
International Travel Information
International travelers should limit the amount of sensitive information that is stored on or accessible to any mobile device taken on the trip, and travelers should avoid contact with the university network in general, specifically when traveling to high risk countries ( U.S. State Department's Alerts and Warnings).
Traveling internationally can pose significant risks to information stored on or accessible through computers, tablets, and smartphones. Some of the risk is associated with increased opportunities for the loss or theft of the device and just merely the distraction of traveling. Additionally, devices are put at risk because they will use networks that may be managed by entities that monitor and capture network traffic for competitive or malicious purposes.
Accessing Computer Resources:
It is the traveler's responsibility to ensure that his/her electronic devices and presentations do not contain any export-controlled technical data or other export-controlled information.
- Prepare for limited access.
- Email access may be spotty or very slow. It may be easier to access email from a phone via a cellular network than from a computer. Check with your phone carrier about international data plans or consider getting a local phone with a pre-paid card.
- Use a Virtual Private Network (VPN).
- Using a VPN service before accessing Clayton State University websites and applications will help protect yourself and university assets. It can also help bypass countries’ firewalls, allowing you to access the sites listed above, and many others. Use it when connecting from your laptop, tablet, or smartphone.
- Be aware that some countries may copy data from your computer and/or log your internet activity without your consent or knowledge.
- VPN access may be blocked in some countries. Never attempt to bypass the block, as it may be considered an act of cyber espionage!
During The Trip
- Be aware of your surroundings. Cameras and people can steal information or passwords. To ensure this doesn't happen
to you, consider the following:
- Be aware of who and what's around you when working with sensitive information.
- Do not accept or use portable media given to you.
- Cover cameras and muffle mics during confidential meetings.
- If you travel to a confidential area, remove the battery of your cell phone, as cell phones can provide location information, even when powered off.
- Use the STOP THINK CONNECT Approach:
- Avoid free Wi-Fi services, including cyber-cafes, libraries, and business centers. These networks are not secure and you could even be a victim of a low-tech attack such as shoulder-surfing. Your hotel room will be the safest place to use the internet.
- Do not enter or access university data when using a shared or public computer.
- Never accept software updates on hotel internet connections or public Wi-Fi or autoconnect.
- Always lock your screen.
- On Windows computers, press Control-Alt-Delete and select Lock Computer. It will prompt you for your login information the next time you need to access it.
- On Mac computers, in the Security section of the Security Preferences panel, check the Require password to wake this computer option, then go to the Desktop and Screensaver section in System and Preferences and turn on a screen saver.
- Keep your device and charger with you.
- Whenever possible, keep your device(s) on your person rather than leaving them behind. Never place your device(s) in a checked or gate-checked bag when boarding an airplane.
- Try to be discreet – for example, keep your laptop in a backpack instead of a purpose-built laptop bag. If you must leave your devices in a vehicle, lock them in the trunk or on the floor in the back seat, covered with a jacket or similar.
- The loss of physical proximity to your device increases the odds a bad actor can gain access to data, device credentials, or steal your device. Do your best not to leave devices unoccupied at a hotel and bring devices with you in your carry-on baggage.
- Report Information Security Incidents if devices are lost or stolen.
- Immediately change your password if you suspect it has been compromised. Contact the HUB for assistance, if needed.
- Clayton State University faculty, staff, and researchers should report suspected or actual breaches of sensitive university information by contact the HUB. This includes loss, theft, or breach of both Clayton State-owned and personally-owned devices that store sensitive information.
- Contact local authorities to report losses or thefts.
Protecting Devices and Information
- Use encryption. The ITS group can help you encrypt your device to provide an extra layer of protection in case it is stolen. See the associated guides for Windows computers and Mac Computers to make sure your computer is protected.
- Consider purchasing tracking software in case of theft or loss.
- Do not access sensitive information. Confidential information can be captured in an increasingly large number of ways and will occur when you least expect it. When in high-risk areas, do not use systems that provide access to sensitive data, even when using a VPN.
- Disable Bluetooth, Wi-Fi, and GPS when not in use. This will limit access to your device and data.
- Turn devices off when not in use. Powering off devices and even removing batteries can mitigate the risk of cameras or microphones being turned on remotely.
When You Return
- Change your Clayton State password. If away for an extended period or traveling abroad, change your password immediately upon your return.
- Clean your device when you return. Running Cylance scan or completely wiping your device upon your return can help to ensure that malicious software does not infect the university network. Taking a loaner device can make it easier to do this without losing needed information.
Assumptions when traveling
- No device can be protected against all possible forms of system and information compromise, especially when its members travel to countries that are deemed as high risk. So, we must assume that any device taken to a high-risk country will be compromised in some, potentially undetectable way. The only truly secure option is to refrain from using digital devices when traveling.
- Information of particular interest to someone intent on compromising your devices not only includes university data but also the traveler’s ID and password that could be used to directly access Clayton State’s systems and information resources.
- When a device is compromised, the attacker may install software on the device that could compromise other systems and data on the university’s network when the traveler reconnects his or her device to our network upon return, unless measures are taken to completely restore the device to its pristine state before the network connection is established.
- The U.S. Department of State's Country Specific Information website: Allows a user to specify his or her destination country for which it provides information such as, the location of the U.S. embassy and any consular offices; whether you need a visa; crime and security information; health and medical conditions; and local laws.
- The FBI's Travel Tips brochure: Measures that the FBI recommends taking before, during and after traveling internationally in a compact, printable document.
- US CERT's Holiday Traveling with Personal Internet-Enabled Devices website: Tips from the US Computer Emergency Readiness Team for protecting your mobile devices when traveling.
Associated Federal Agencies
Export control laws are federal regulations that control the conditions under which information, technologies, and commodities can be transmitted overseas to anyone, including U.S. citizens, or to a foreign national on U.S. soil.
Federal agencies and regulations most associated with research activity at U.S. academic institutions:
- Department of Commerce through its Export Administration Regulations (EAR)
- Department of State through its International Traffic in Arms Regulations (ITAR)
- Department of the Treasury through its Office of Foreign Assets Control Regulations (OFAC)
Items, information, and software that are generally subject to export control laws and used in a university environment are set out on these two lists:
Often referred to as controlled exports, these items generally fall into these categories:
- Nuclear materials, facilities, and equipment
- Chemicals, microorganisms, and toxins
- Electronics and computers
- Telecommunications and information security technology
- Sensors and lasers
- Navigation and avionics technology
- Marine technology
- Aerospace technology and related equipment
Liability and Potential Penalties
Researchers may be personally liable for violating export control laws and regulations. The penalty for unlawful export and disclosure of export-controlled information under is up to twenty years in prison and monetary penalties per criminal violation.