Cyber Security Tips for Traveling Abroad with Mobile Electronic Devices
Note: This web page is intended to outline steps, tips, and guidelines that you can use to protect yourself, your information, and your mobile devices when you travel abroad.
To maintain contact with work, family, and friends, most persons, when traveling abroad prefer to use a mobile electronic communication device(s). Mobile electronic devices such as laptops, cell phones, and tablets, when taken abroad, may be successfully attacked with malware and automated attack tools. These devices, even when kept current with security software, may not be able to thwart such an attack.
As part of a renowned research university, NDSU's faculty, scholars, and staff often travel abroad for research, collaboration, continued study, or to present at national gatherings. When traveling to certain countries where there is strong scientific competition, the country is not on friendly terms with the United States, there is civil unrest or political discord, or where violence and crime ar prevalent, they may become victims of cyber-attacks, cybercrime, monitoring or surveillance. This is particularly true if the individual is engaged in classified or proprietary research in a STEM (science, technology, engineering and mathematics) program. Institutional leaders who ar politically or religiously active, fluent speakers of the language, and individual tourists may also be actively targeted.
Credit and appreciation given to Joe St. Sauver, Manager for Internet 2 Nationwide Security Programs and the InCommon Certificate program, for allowing the use of large excerpts from his articles "Travel to Destinations other Than China or the Russian Federation," and Cyber Security and Travel to China or the Russian Federation," March, 2012.
Frequently Asked Questions
What can happen to my mobile electronic devices when I travel abroad?
Depending on where you plan to travel to, electronic communication devices, when taken abroad, may be subject to involuntary official govermental review and possible duplication of the hard drive's contents.
NDSU and University System policies require that any hard drive which contains personally identifiable information, financial, proprietary, or intellectual property be encrypted. Use of encryption to protect information may be forbidden in some countries. And, if your encryption product allows you to "hide" information, those "hidden" areas can be detected, and you could be subject to criminal charges by the country's government. Becaue it is difficulty to monitor encrypted traffic, use of secure ("https") websites and/or use of virtual private networks (VPNs) may be blocked by some countries.
Attempts to circumvent national censorship of certain websites, such as some mainstream western social media sites, is discouraged. If you are found to be using a product to circumvent the blocking of censored websites, you may be warned, have your electronic devices confiscated, or you may become subject to criminal charges.
Personal privacy may not be respected. Even private spaces such as hotel rooms, rental cars, and taxis may be subject to video, audio, or other monitoring. This type of surveillance may be able to track your whereabouts, what you may be doing, what's on your electronic device, and what you may be entering into it. Conversations either in person or on a phone may be monitored. Local colleagues may be required to report any conversations held with foreigners.
What can I do to protect myself, my electronic devices, and my information when I am traveling abroad?
The guidelines and recommendations listed below outline and define steps you can take to protect yourself, your information, and your electronic devices.
- If possible, do not take your work or personal devices with you. Use a temporary device, such as an inexpensive laptop and/or a prepaid "throw away" cell phone purchased specifically for travel.
- If you must take your electronic device(s) with you, only include information that you will need for your travel.
- Be sure that any device with an operating system and software is fully patched and up-to-date with all institutional recommended security software.
- When not in use, turn off the device(s). Do allow them to be in "sleep" or "hibernation" mode when they are not in active use.
- Be sure to password or passcode protect the device. Do not use the same passwords/passcodes that you use on your work and personal devices. The password/passcode should be long and complex.
- Minimize the data contained on the device. This is particularly true of logins and passwords, credit card information, your social security number, passport number, etc.
- Assume that anything you do on the device, particularly over the Internet, will be intercepted. In some cases, encrypted data may be decrypted.
- Never use shared computers in cyber cafes, public areas, hotel business centers, or devices belonging to other travelers, colleagues, or friends.
- Keep the device(s) with you at all times during your travel. Do not assume they will be safe in your hotel room or in a hotel safe.
- Upon returning from your travels, immediately discontinue use of the device(s). The hard drive of the devices should be reformatted, and the operating system and other related software reinstalled, or the device properly disposed of.
- Change any and all passwords you may have used abroad.
Are there additional tips and guidelines that I can use when I travel to countries that are less than friendly or there is civil unrest, or where crime and violence are prevalent?
Before you travel:
- Tape over any integrated laptop cameras, or disable them.
- Physically diconnect any integrated laptop microphones
- Install a privacy screen on your laptop to discourage "shoulder surfing."
- Disable all file sharing.
- Disable all unnecessary network protocols (e.g., WiFi, Bluetooth, infrared, etc.)
- Backup any data you may have stored on the device.
- Leave unneeded car keys, house keys, smart cards, credit cards, swipe cards, or fobs you would use to access your work place, or other areas, and any other access control devices you may have at home.
- Clean out your purse or wallet of any financial information such as bank account numbers, logins and passwords, any RFID cards (including U.S. Government Nexus "trusted traveler" cards) should be carried inside an RF-shielded cover.
- If you need to send and receive email while traveling, create a temporary "throw away" account on Microsoft Outlook or a similar service before you travel.
Additional smart tips for traveling abroad in less than friendly countries:
- Do not send any sensitive messages via email.
- Limit or avoid making or receiving voice calls, using voice mail, instant messaging, text messaging, or sending and/or receiving faxes.
Are there other resources where I can find information on the country(s) that I am planning to travel to?
There are several good resources to review when planning to travel abroad. They include:
- An informative brochure published by the FBI that covers information and suggestions for business trave abroad. Click here to read the brochure.
- The U.S. has a website where you can check the safety and security level of the country(s) you are planning to travel to. Click here to go to the link.
Many governments track international conditions and provide advice and information for those considering travel. Note that countries view risks differently, or have different levels of insight into particular regions. It might be in your best interest to review all of the recommended websites below for current conditions relating to the country or countries to which you're planning travel.
Feb 17, 2015
Over-sharing on a first date could lead to no second date, but over-sharing on a social media site could lead to data theft, real property theft, or physical danger to yourself or your family. There are lots of automated scripts already running on the Internet looking for keywords that are posted to social media, these scripts do everything from changing the word "meet" to "meat" and posting the results to twitter, to alerting potential thieves that a family is now on vacation and away from their house. Be safe on social media
Feb 6, 2015
New Slim Spray Diet ... Want a Cruise ... Fight Hair Loss Now ... SPAM SPAM SPAM ... It seems to get into every e-mail inbox beofre the account is even setup. But there are some ways to fight this menace.
- Don't reply to it
- Don't tell vendors your e-mail account
- If your service has the option, report it or mark it as spam
There are more ways to fight in the link below.
FEB 4, 2015
Its Tax Refund Season, Time for a new phone or tablet. But what about the old one? Do you have information on that device that could be used against you? How can you make sure that your old phones and devices don't come back to haunt you when you are done with it? Many people buy old equipment off ebay just to see what kind of data is left on those devices. Follow this guide to make sure that your device is wiped clean before you dispose of it.
FEB 3, 2015
When you download an app on social media or your mobile device, you may be allowing it to collect personal information like your contacts list or location. If possible, look at an app’s permissions before downloading and make sure you are comfortable with the information it collects. If the app does not tell you what information it collects, error on the side of caution and assume that it may be collecting information.
FEB 2, 2015
There is a security and privacy threat almost everywhere you go. Most don't even think about it. Free WIFI, if its free how can that be bad? In fact most Free WIFI could be quite safe, but a few access points could have an active sniffer on the line watching every single nibble of data that goes across its interface, looking for passwords, usernames, or e-mail addresses. Click Below for more information on safely using WIFI when traveling.