Staying secure while traveling, especially while traveling internationally, exposes you to some special data security risks. Before you travel, please review the following recommendations in order to avoid inconvenient or unpleasant incidents. These recommendations are especially intended to assist international travelers, but it is a good idea to be familiar with many of them even if you are only traveling within the United States.
Before You Leave
- Minimize the number of devices you take with you. Extra laptops, tablets, or smartphones you will not absolutely need on your trip only increase the risk that something will be lost or stolen.
- Remove any private or confidential data you do not want anyone else to see. If you need any of this data for your trip, saving it in cloud storage provides you with an extra layer of password protection if a device is stolen and means that the data will remain available to you even if you lose the device.
- Ask your host if there is anything special you should be aware of regarding best security practices in the country or region you are visiting. Also be sure to inquire about local laws that may affect the kinds of devices or software you are allowed to bring with you or use during your stay.
- Perform a full backup of all devices before you leave to make sure you will not lose important information if any devices are stolen or lost.
- Make sure all of your devices are secured with a strong password and encryption.
- Configure full disk encryption
- Create a password at least four characters long for your mobile devices. If your devices support longer passwords, use the maximum characters permitted to decrease the odds that someone can break the password.
- Set different passwords for multiple devices or applications. Consider setting new passwords for your devices and for key applications for the duration of your trip, and change them again when you return.
- Configure your devices to wipe automatically after a set number of failed login attempts. Review the instructions for wiping your device remotely in case it is lost or stolen.
- Confirm that all your device operating systems, antivirus programs, and other software are up to date with the latest security patches.
- Carry only essential identification documents and credit cards. Leave the rest in a secure location at home.
- Inform banks and credit card companies of your travel plans, including all dates and locations on your itinerary. This will help them monitor for fraudulent activity and help you avoid the inconvenience of flagged transactions and declined payments when you are making legitimate purchases.
- Consult with the University Research Administration’s Export Controls experts to make certain any technology, research materials, or other travel arrangements are in compliance with relevant local and international laws.
- Visit the U.S. State Department travel website to familiarize yourself with travel conditions in your destination country.
- Check for travel alerts that may affect your itinerary at the U.S. State Department’s travel alerts page.
- Review all safety and security recommendations.
- Check customs and local law requirements concerning sensitive equipment, software, and technology, including hacking tools and encryption. Consider taking a loaner device if encryption is not permitted in the country you are visiting.
- Consider signing up for UChicago Traveler, where you can register your travel itinerary and contact information for your trip. This will make it easier for the University to assist you overseas in case of an emergency or crisis.
While You Are Traveling
- Do not take privacy for granted. Customs officials may ask you to present your devices and removable media upon entering or exiting the country. They may also ask you to decrypt data for inspection. Failure to comply with these requests could result in legal consequences, so the best policy is to not carry any data with you at all.
In some areas, phone calls and electronic communications may be monitored at hotels as standard practice. Keep sensitive or confidential conversations, transactions, and data transfers to a minimum.
- Use secure ATMS in public areas during daylight hours. Conceal PIN entry and cash output from view as much as possible.
- Consider purchasing a SIM card or cell phone from a local provider for use during your stay. This adds a layer of anonymity and enhances your privacy and security.
- Use the UChicago VPN connection as much as possible. When you cannot use the UChicago VPN, be sure to use secure (https://) connections when working online.
- Use a non-administrator account on your computer unless absolutely necessary to prevent unauthorized system access when using public networks.
- You should always consider Wi-Fi networks and computers at cyber cafés to be insecure, and always use a VPN when you use them. If VPN is not available, keep your sessions short and do not access private or confidential data, or use sensitive accounts such as banking or credit card accounts.
- Use airplane mode to keep your device wi-fi connectivity suspended in public spaces unless you are actively working online.
- Disable wireless when not in use. Ad-hoc wireless or wireless file sharing such as Apple AirDrop can inadvertently provide direct access to your device.
- Do not loan your device to anyone.
- Do not leave your device unattended.
- When using your device, stay aware of the people around you. Be careful not to give anyone the opportunity to snoop what you are reading on your screen or typing on your keyboard, especially if you need to use a password.
- Disable Bluetooth or set it to Hidden, not discoverable to further protect your device from unauthorized access.
- Do not attach unknown removable media such as thumb drives to your devices, and do not allow anyone else to plug your removable media into their devices. This is a notorious vector for viruses, malware, and spyware.
- Do not click on suspicious links or system prompts while you are browsing the web or checking your email.
- Report lost or stolen devices to local authorities and IT support as soon as possible. This is the best way to protect your data and recover your device.
After You Return Home
- Return any loaner devices.
- Have your devices, thumb drives, and any other removable media scanned for malicious software. Do not connect any devices or media to a network until they are tested!
- If you discover any malware infection, reformat and rebuild with help from your local IT support desk, and restore your data from backups.
- Inform your bank and credit card companies of your return. Be sure to review all of your financial transactions for suspicious activity.