International Travel Guidelines

Whether you are going on a personal or business trip internationally, below are guidelines to protect your devices and your data.  Follow these steps to minimize the risk of a security incident while on your trip.  While some of these also apply to travel within the United States these recommendations are focused on international travel due to the increase risk associated with travel outside of the country.

Before your trip

  • Ask the Technology Support Center (TSC) for a loaner laptop.
  • Inventory the data on the devices you will be travelling with to ensure that you don't unknowingly take sensitive university or personal data data with you.
    • Leave any unnecessary devices (thumb drives) or media (CDs, manuals, etc) at home.
    • Never save sensitive information (ie SSN, driver's license number, credit card numbers or passport information) on your device.
    • Clear your web browser's history, stored passwords and temp files so that they cannot be accessed.
  • Be sure to check the country you are visiting for any encryption data restrictions that prevent you from encrypting data on your device.
  • Keep in mind, Duo tokens and the mobile app are subject to export control.  The United States State Department maintains a list of embargoed countries and may have restrictions on whether or not you can travel to those nations with Duo tokens/mobile app.

Work with the Technology Support Center (TSC) to ensure that you have a secure backup of your data so that it can be recovered in the event that your device becomes lost, stolen or compromised while travelling.

Research the country you are traveling to and see if they have sanctions or local laws that affect your access.  For instance, users are unable to access Google Apps from Crimea (effective 1/31/2015) due to international sanctions.   

Please take the proper precautions to secure your smartphones, tables and laptops before going on your trip.  See below for some recommendations:

  • Set up a password and set the screen to lock after 15 minutes or fewer of inactivity.
  • Set the device to erase all data after 10 failed login attempts.
  • Turn on encryption if offered.
  • Enable a find my device app to track the device in the event it is lost or stolen.
  • When not using wireless and bluetooth, turn them off.
  • Install the Pulse Secure app and request VPN access if you plan to use the device from untrusted wireless networks, but these should be avoided if at all possible.
  • Keep your device operating system updated to the latest version.
  • Keep your apps updated to the latest version.
  • Only install apps from trusted sources.
    • For Apple devices this is the App Store.
    • For Android devices this is Google Play.
    • For Windows devices this is the Windows Store.
  • Do not jailbreak your device.
  • Wipe all data off of your device and restore it to factory default settings before you sell or give away the device.

If you don't use Duo two factor authentication, you can submit a request to the Technology Support Center for help getting enrolled.  Keep in mind, Duo tokens and the mobile app are subject to export control.  The United States Government maintains a list of embargoed countries and may have restrictions on whether or not you can travel to those nations with Duo tokens/mobile app.  The Office of Foreign Asset Control (OFAC) maintains a Sanctions Program and Country Information list.  Please review the list if you have questions about your destination country.

 

Contact the Technology Support Center (TSC) to request a VPN account.

Make sure your anti-virus software is up to date and then run a full scan of your devices to validate that they are clean of known malware prior to travelling.

During your trip

Make every effort to choose internet connections with the best security.

Use your celluar carrier's network if possible.  This is the best choice in terms of security.

  • Don't use free wireless connections.
  • Never use a public computer to access or enter sensitive data.
  • Assume any computer network you use while traveling is insecure.  This includes networks you may use while staying with friends and family, attending a conference/business center, or visiting cyber-cafes, libraries or hotels.  When you are on a network, use the VPN to access university resources.
  • Turn off wireless and bluetooth on your devices while you are not using them.
  • Never download/install software updates on hotel internet connections or public Wifi.  Here is an FBI advisory about this topic.
  • Please understand that any government can log your activity or copy data from your computer without your knowledge or consent.

The Duo Mobile App on your smartphone can be used for two step authentication even if there is no cellular or internet connection available on your smartphone.  Please follow the steps below to log in using two step authentication under these circumstances.

Initiate a login by entering your username and password and then open the Duo Mobile App on your smartphone.

phone screenshot

Tap the Green Key icon on the right of the screen.

duo passcode greenkey

A six digit number will appear on the screen.

duo passcode

In your web browser, click the last button entitled Enter a Passcode

duo login plain

Enter the six digit number in the field.  Click on the Log In button.

duo passcode login

 

When you are not using your device, lock your screen.

  • Keep your devices with you as much as possible.
  • Do not leave it unattended in public places.
  • If your hotel room has a safe, use it to secure your device.
  • Don't travel with obvious laptop bags.  For example, use a gym bag lined with towels to carry your laptop.

When you open your browser, switch to a new private browsing/incognito tab.  See your web browser's help section for further details.

If you will not be using your device for an extended period of time, power it off.

These can be used to transfer malware to your device or retrieve data from it.  The safest option is to find an outlet and use your own charger.

Do not use USB storage devices or any other kind of removable media that you receive or find while on your trip.  These devices can be used to gain access to your system.

If your device is stolen or lost immediately contact the Technology Support Center (TSC) and report the incident.  While you are working with the TSC, change your passwords.

Report the incident to the local authorities.  Ask for a copy of the report.

 

When You Return Home

The criminals are more interested in the sensitive data you have access to at the university, than the data you carried with you on your trip.  Please review the steps below to prevent any breaches in security due to your device being compromised.

Before you connect the device to the BGSU network.  Run the same malware and anti-virus program you used before you traveled.  If the either of the programs detect any infections, take the recommended steps to clean up the device.

Change your BGSU password ASAP.  This will prevent anyone who might have hacked into your computer from gaining access to the network.