Information Security recommendations before, while, and after returning from traveling abroad

Purpose

This document is intended to guide community members traveling internationally with laptops and other electronic devices. As this area continues to evolve, we will update this document. If you are traveling to one or more countries that are deemed to pose high information security risks, please look at the Device Loan Program.

Additional resources are offered at the end of this document. 

Before leaving:

  1. Back up the user's profile and data.
  2. Remove applications that won’t be used. 
  3. Make sure devices and applications are up to date on patches.
  4. Verify Antivirus and Anti-Malware software is up to date and with the latest signatures.
  5. Install and review Qualys BrowserCheck.
  6. Verify that the user is running with the lowest possible privilege level.
  7. Provide charging devices for the trip (USB chargers offered at airports, restaurants, conferences, etc. may introduce malware).
  8. Make sure PINs are set on devices (Fingerprint + PIN is highly recommended).
  9. Make sure the device is using full disk encryption and requires a password on reboot.
  10. Setup user for UO VPN (note: depending on the country traveling to, local laws may apply regarding encryption).
  11. Forward your voicemail to email.
  12. Bring as little data as possible – just what is needed to get the job done.
  13. Do not store passwords or other credentials on the device, outside of a trusted and encrypted password management application.

While there:

  1. Pay attention to the environment
    • Be cognizant of individuals looking over your shoulder.
    • Do not accept any USB devices and do not plug them into your devices.
    • Do not leave devices unsecured or out of your sight.
    • Keep track of the services that were accessed for reference after returning.
    • Do not accept any patches or updates for applications and systems.

Upon returning:

  1. Have the devices assessed by IT staff for possible malware and infections.
  2. Back up the incoming profile and any documents into a secure system.
  3. Wipe devices used while traveling.
  4. Reload the profile that was backed up before the trip.
  5. Copy files from the incoming profile (e.g., annotated documents) onto the device.
  6. From a trusted computer:
    • Change all PINs.
    • Reset Duck ID credentials.
    • Reset credentials for those services that were accessed while traveling.
  7. Review once again with Qualys BrowserCheck.
  8. Report any suspicious activities to the Information Security Office.

Additional Resources:

Details

Article ID: 60368
Created
Tue 8/14/18 11:40 AM
Modified
Fri 5/27/22 12:06 PM

Related Articles (4)

Generally, most technology tools and services are available globally. There are, however, some nations that block traffic to and from specific services, and the Unites States maintains sanctions against certain countries that prohibit network communications.
If you are traveling for work to one or more countries that are deemed to pose high information security risks, take a loaner laptop and smartphone to help keep intellectual property—yours and the university’s—safer
Duo guidance for international travelers
This article provides information for Zoom usage when outside of the United States.

Related Services / Offerings (1)

Use this service to request an exception to standards published by the Information System Security Office (ISO).