Overview

University faculty, staff, and students, who travel internationally with laptops, phones, and other mobile devices, are subject to many risks, namely that of loss, seizure, or tampering with devices, software, or data. Please use these recommendations as a guide to reduce the risks associated with traveling with these devices. If you have any questions regarding these recommendations or where you are traveling, please contact informationsecurity@ur.rochester.edu.


Preparing for your trip

  1. Research your destination on the State Department website, and take the specific precautions recommended for travel to High-Risk Destinations (defined below).
  2. Ensure that any devices you carry with you are password protected. A password prevents others from accessing your data if your device is lost or stolen.
  3. Enable MFA (Multi-Factor Authentication) as available. To learn more about the University’s MFA solution go to Duo Two-Factor Authentication
  4. Be sure that any device’s operating system and software is fully patched and up to date with all University recommended security software (e.g. Antivirus).
  5. Devices should have encryption enabled. However, check with University IT before you travel abroad to ensure compliance with laws in foreign countries.
  6. Set Wi-Fi to “do not automatically connect to Wi-Fi” on all devices capable of wireless connections.
  7. DO NOT bring any devices or media that contain high-risk or moderate-risk data (e.g., social security numbers, protected health information, credit card numbers, raw or unpublished research data, experimental data generated under grants). For assistance with removing and securing such data on your devices, contact the Help Desk.
  8. Back up your device(s) before traveling and leave the backed-up data at home. For assistance in backing up your device, contact the Help Desk.
  9. Consider installing a (removable) privacy screen on any laptop you will be carrying to prevent people nearby from reading your display. Inquire at the UR Tech Store for the availability of a privacy screen for your laptop.
  10. DO store data that you need for your trip in a Box account or on the University’s network. You can access your files stored on the University’s network and other campus resources through the University VPN.
  11. Set your mobile device to be wiped after 10 failed login attempts.
  12. Ensure firewalls are configured and enabled on Windows and Mac laptops.
  13. Consider purchasing a “charge only” USB cable or USB Data Blocker to avoid any transfer of data when charging devices. Check with the UR Tech Store to purchase.
  14. Leave unneeded car keys, house keys, smart cards, credit cards, swipe cards, or fobs you would use to access your workplace, or other areas, and any other access control devices you may have at home.
  15. Clean out your purse or wallet of any financial information such as bank account numbers, logins, and passwords, any RFID cards (including U.S. Government Nexus “trusted traveler” cards) should be carried inside an RF-shielded cover.

While you are traveling

  1. Security Checks: Airport or other security officers may ask you to start your device to prove that it works. Comply by starting your system and entering the password yourself. If the security officer wants you to give them the password, state that it is the University’s policy to NOT share passwords. If they still require you to provide the password to them, give them the password, and change it immediately following the check.
  2. Avoid transporting devices in checked baggage.
  3. Never connect to the internet using public Wi-Fi networks unless using a trusted VPN client.
  4. DO NOT update your computer while connected to a public or hotel wireless network.
  5. When not in use, turn off or lock the devices.
  6. Disable Bluetooth on your laptop, mobile phone, and other devices.
  7. Avoid using public workstations. When you use a public workstation, anything that you enter into the system – IDs, passwords, data – may be captured and used, so limit your activity to the devices that you bring.
  8. Tape over any integrated laptop cameras or disable them to prevent a hacker from viewing you while you use your laptop.
  9. Use caution when connecting a USB device to an unknown computer or charger as it may become infected with malware. Use a “charge only” USB cable to avoid any transfer of data from your device while charging. Check with the UR Tech Store to purchase.

When you return

  1. Upon your return, use a trusted computer that you did not travel with to change the passwords of any accounts used while abroad.
  2. Return any loaner devices that may have been provided for the trip. Do not use these to connect to Universityresources when you return.

Traveling to High Cyber-Risk Countries

Traveling with IT devices to some countries is considered high risk due to increased cyber risk and risk associated with government sanctions. For these Information Security Guidelines for International Travel, the following countries and regions are defined as “High-Risk Destinations”:

Russia, China, North Korea, Iran, Cuba, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine.

The University may update the list of High-Risk Destinations from time to time. Contact the IT Information Security group informationsecurity@ur.rochester.edu if you have questions regarding whether your destination is high risk.

Travelers who plan to visit North Korea, Iran, Cuba, Syria, and the Crimea, Donetsk, and Luhansk regions of Ukraine should contact the University’s Export Control Officer (josef.mejido@rochester.edu) for consultation prior to travel due to strict export restrictions and OFAC (Office of Foreign Assets Control) sanctions.

When traveling to High-Risk Destinations, follow these specific recommendations:

  1. Request a “clean” University loaner device by emailing Travel_Loaner_Requests@rochester.edu for UR or ISDHelpdesk@URMC.Rochester.edu for URMC. Requests should be made at least 3 weeks prior to your trip. Loaner cell phones and laptops are available. Except for “clean” loaner devices, it is strongly recommended that travelers do not bring University-owned devices to these countries or regions.
    1. In the event any loaned device is lost or stolen it should be reported to the Help Desk as soon as possible.
  2. DO NOT bring devices containing high-risk or moderate-risk data such as social security numbers, protected health information, credit card numbers, raw or unpublished research data, experimental data generated under grants. See https://tech.rochester.edu/data-security-classifications-at-a-glance/
  3. DO NOT travel with encrypted devices to China unless you have advance approval from China. Many University laptops have encryption enabled. China severely restricts the import of unapproved encryption. If you attempt to cross the border with an encrypted device, you may be asked for the decryption key or to unlock the device at the security inspection point, and your device may be confiscated.
  4. The U.S. government prohibits traveling with encrypted devices to countries that are considered to support terrorism, namely Cuba, Iran, North Korea, Sudan, and Syria. DO NOT bring encrypted devices to these countries.
  5. Upon your return, immediately discontinue the use of any devices you used while travelling.
    1. The hard drive of the devices should be reformatted, the operating system and other related software reinstalled, or the device properly disposed of.
    2. Passwords should be changed for any accounts that were used while travelling.

 

Contact Information:

University IT Help Desk:

            Phone: (585) 275-2000

            Email: univithelp@rochester.edu

Information Systems Division Help Desk:

            Phone: (585) 275-3200

            Email: ISDHelpdesk@URMC.Rochester.edu


Related Services

Related Policies