IT Security for Traveling Domestically and Internationally
The Information Security Office strongly recommends that when traveling on university business the following measures be taken to ensure your personal data safety and the security of University information.
"The willingness of US scientists and scholars to engage in academic exchange make US travelers particularly vulnerable not only to standard electronic monitoring devices – installed in hotel rooms or conference centers – but also to simple approaches to foreigners trained to ask the right questions."
---Annual Report to Congress on Foreign Economic Collection and Industrial Espionage, 2003.
Before you travel
Reserve a "loaner" laptop. To limit the amount of data at risk should your laptop be lost, stolen or searched, consider taking a "loaner" or rental device. Windows laptops with appropriate up-to-date security protections are available for checkout from the Information Technology Service Desk.
Unable to take a loaner device? Then prepare your laptop/tablet for travel.
Sanitize your device. Back up all information, then remove what is not essential. Take the least amount of information needed for your travel. Leave the backup in a secure location.
Ensure that all protection for antimalware, security patching and firewalls is up to date.
Do not take sensitive information (electronic or printed) with you as you travel. Evaluate the sensitivity of the information you are considering taking with the knowledge that in many countries/cultures there is no expectation of privacy. If in doubt, contact the Information Security Office to discuss your plans and check the sensitivity of your data.
For questions or assistance with preparing your device for travel, contact the UWSP Information Security Office at Information.Security.Office@uwsp.edu / 715.346.4408.
Review your University and personal passwords. Do not use the same login credentials for University and personal business.
Familiarize yourself with local laws and security. Visit the U.S. State Department's web site to obtain information about the safety and security of the country you are visiting and to enroll in the Smart Traveler Enrollment Program (STEP).
During you stay
Have no expectation of privacy. Eavesdropping is routine in some countries. Limit electronic and face-to-face discussion of sensitive information. If possible, wait to discuss sensitive matters upon return or using a known secure mechanism.
Treat "courtesy" and shared electronic devices as compromised. Do not use computers or faxes at foreign hotels or business centers for sensitive matters. Do not allow foreign storage devices e.g. USB, CDs, etc. to be connected to your computer or phone.
Always carry your electronic devices with you. Do not leave your devices unattended e.g in your hotel room, in hotel safes, in your checked baggage. Don't ask someone to "watch it" for you.
Disable your device's network capabilities when not in use. Turn off Bluetooth and Wifi capability on your device when you are not using these services. Consider turning off your cellular phone when it is not in use - particularly if you have a data plan enabled.
Avoid accessing systems with sensitive or restricted information. This is particularly advisable in countries where there is no expectation of privacy. See the U.S. State Department's web site for country specific issues. In general, when accessing University systems while traveling, minimize the length of time and amount of information accessed.
Immediately report loss or theft of electronic devices or suspected theft of information to the Information Technology Service Desk.
When you return
Clean and/or rebuild all electronic devices. Return the loaner laptop to Information Technology for cleaning. If you took your personal computer, it is your responsibility to ensure that the laptop is scanned for malware, and if necessary, re-built before next use.
Change passwords for all systems you accessed while traveling.
If you have any comments or questions about this document, please contact the Information Security Office at Information.Security.Office@uwsp.edu or 715.346.4408.