International Travel

International travel with electronic devices brings many unique cybersecurity risks. It is crucial to take special precautions to protect both the devices and the sensitive information they contain.

The ITS office of Information Security can help you prepare for international travel. We advise you to start these preparations several weeks before your departure.

Mobile electronic devices such as laptops, tablets, and cell phones are targets and susceptible to malware and automated attack tools when taken abroad. Even with up-to-date security software, these devices might not fully resist some types of attacks.

Some countries, (Examples here), have strict regulations regarding the importation and use of encryption tools. In some cases, cryptography tools may not be allowed at all, or a special license may be required.

To minimize these risks, we strongly recommend using loaner devices. The Information Security Office can assist you obtaining and setting up loaner equipment for use while traveling to these destinations.

When traveling internationally, it's essential to take precautions to protect both your electronic devices and the sensitive information they contain. The following guidelines will help you minimize security risks during your travels.

Before You Travel

1. Use Loaner Devices: If possible, use a loaner laptop, tablet, or phone to avoid taking personal or work devices that contain sensitive data. If not take only the devices you need.
2. Back Up Data: Ensure all important files are backed up securely before traveling. Store backups in a secure cloud service or an external drive left at home.
3. Update Software: Install the latest security updates for your operating system, applications, etc.
4. Enable Encryption: Use full-disk encryption on all devices to protect data in case of loss or theft (if allowed by the destination country).
5. Limit Data Storage: Remove unnecessary sensitive data from devices before traveling.
6. Use Strong Authentication: Enable multi-factor authentication (MFA) on all critical accounts and use strong, unique passwords. Use strong PINs, passcodes and biometric locks such as FaceID or fingerprint scans on all devices.
7. Check Local Laws: Some countries restrict encryption tools and VPN usage. Research applicable laws before departure.
8. Cell Service: If traveling with your college provided cell phone notify the telecom office at least 2 weeks prior to departure. Your number will need to be put on an international travel plan.

During Your Travel

1. Avoid Public Wi-Fi: Use a personal hotspot or a VPN when accessing the internet. Do Not log into sensitive accounts over public networks. Turn off auto-connect for Wi-Fi and Bluetooth.
2. Disable Unnecessary Connections: Turn off Bluetooth, Wi-Fi, and location services when not in use to reduce exposure to cyber threats.
3. Use a VPN: If permitted, use The Cisco Secure Client VPN (Virtual Private Network) provided by the college to encrypt your internet traffic.
4. Be Wary of Public Charging Stations: Use your own charger and avoid public USB charging ports to prevent "juice jacking."
5. Keep Devices with You: Never leave devices unattended in hotel rooms or public places. Use a physical lock if necessary.
6. Monitor Device Activity: Be alert for signs of tampering, such as unusual pop-ups, unexpected restarts, or settings changes.
7. Limit Online Activity: Avoid accessing sensitive accounts, such as banking or work-related systems, while on unsecured networks.

After You Return

1. Change Passwords: Update passwords for all accounts accessed while traveling.
2. Scan Devices for Malware: Run a full security scan on all devices before reconnecting them to home or work networks.
3. Check Account Activity: Review login attempts and account access logs for any suspicious activity.
4. Erase Loaner Devices: If you used a loaner device, return it to ITS.
5. Remove unused travel apps: If you downloaded apps to a personal device (ie. ticketing apps for trains, etc.) Delete them - the app will no longer have access to your data. You can always get the app again if you go back.

Report Suspicious Incidents: If you suspect that a device was compromised, report it to ITS immediately.

Several countries have strict regulations on the use of encryption tools and may require special licenses or outright ban certain encryption technologies. Here are some notable examples:

Countries with Strict Encryption Regulations

1. China – Strong restrictions on VPNs and encryption tools. Only government-approved VPNs are legal, and unauthorized use may lead to penalties.

2. Russia – VPN services and encryption tools are regulated, and the government monitors online communications closely. Some encryption methods may require approval.

3. Belarus – Similar to Russia, VPNs and encrypted communication services face restrictions, and unauthorized use can result in legal consequences.

4. Iran – The government bans many encrypted messaging apps and VPN services unless they are officially approved.

5. Turkey – While encryption itself is not banned, the government frequently blocks access to VPNs and encrypted communication services.

6. United Arab Emirates (UAE) – Unauthorized use of VPNs can lead to fines and penalties, particularly if used to bypass government restrictions.

7. India – Requires VPN providers to log user data, and encryption use may be subject to government scrutiny.

8. Pakistan – Encrypted communication tools may require government approval, and VPN services are often restricted.

9. North Korea – Very strict controls on internet access; encryption tools and VPNs are generally not allowed for citizens.

10. Saudi Arabia – Restrictions on VPN usage and encrypted communication tools, particularly if used to bypass content filters.

Please refer to the U.S. Export Administration Regulations (EAR), for specific items and destinations. Certain technologies, software, and encrypted devices may require licenses to be brought into or used in some countries. “Deemed exports” can also apply if sensitive software or research data is accessed abroad.

• FCC: Cybersecurity Tips for International Travelers
• CISA: Cybersecurity While Traveling Tip Sheet
• ID Theft Center: Travel Safe Blog
• State Department: High-Risk Area Travelers