International Travel Cybersecurity
Find guidance and resources to help reduce your cyber risk and protect UC San Diego data during international travel.
For many of us, having a cell phone or other electronic device is an integral part of daily life, whether at home or on the road. And traveling today is so much easier with technology. You can stay productive, entertained, and in touch. Unfortunately, traveling with devices can mean increased cyber risks for keeping your personal and University information private, as well as increased potential for device theft.
There are extra precautions to secure your devices and data when you travel internationally, whether for personal amusement, university business, or other teaching and research opportunities. Read on for more information to help you before, during and after your trip, starting with these three tidbits:
- The less you take the less you can lose. Think about if you really need all those devices (phone, tablet, laptop) or all that data (contacts, passwords, work files, etc) while traveling.
- Don’t trust anyone or anything. Keep devices with you – not in checked luggage, not in your hotel safe and not with airline or hotel staff. Be wary of public wireless Internet or Wi-Fi hotspots. Don’t plug in any untrusted attachments, like USB drives or other connectors.
- Know before you go. Read up on specialized laws about the country or region you’re visiting, including export control laws, possible illegal content, or encryption rules.
Updated China Travel Advisories
On January 3, 2019, the U.S. Department of State updated their China Travel Advisory urging citizens to "[e]xercise increased caution in China due to arbitrary enforcement of local laws as well as special restrictions on dual U.S.-Chinese nationals." As a result, we warn students and faculty not to use the WeChat messaging application.
In addition to examples of concerning circumstances travelers may encounter during their visits, the Bureau of Consular Affairs provides this guidance:
Read the Safety and Security section on the country information page.
If you decide to travel to China:
- Enter China on your U.S. passport with a valid Chinese visa and keep it with you in a secure location.
- Stay alert in locations frequented by Westerners.
- Keep all belongings, especially electronics, in a secure area.
- Monitor local media for breaking events and be prepared to adjust your plans.
- Make contingency plans to leave the country and have evacuation plans that do not rely on US government assistance.
- If you are arrested or detained, ask police or prison officials to notify the U.S. Embassy or the nearest consulate immediately.
- If you plan to enter North Korea, read the North Korea Travel Advisory.
- Enroll in the Smart Traveler Enrollment Program (STEP) to receive Alerts and make it easier to locate you in an emergency.
- Follow the Department of State on Facebook and Twitter.
- Review the Crime and Safety Reports for China.
- U.S. citizens who travel abroad should always have a contingency plan for emergency situations. Review the Traveler’s Checklist.
Important new restriction
As of March 2017, the Department of Homeland Security requires all passengers traveling on direct flights to the United States from 10 select airports to store all personal electronic devices (PEDs) larger than cell or smart phones in checked baggage. Items such as laptops, iPads and cameras will not be allowed in carry-on luggage.
Affected international airports
-
Queen Alia International Airport (AMM) – Amman, Jordan
-
Cairo International Airport (CAI) – Cairo, Egypt
-
Ataturk International Airport (IST) – Istanbul, Turkey
-
King Abdul-Aziz International Airport (JED) – Jeddah, Saudi Arabia
-
King Khalid International Airport (RUH) – Riyadh, Saudi Arabia
-
Kuwait International Airport (KWI) – Kuwait City, Kuwait
-
Mohammed V International Airport (CMN) – Casablanca, Morocco
-
Hamad International Airport (DOH) – Doha, Qatar
-
Dubai International Airport (DXB) – Dubai, United Arab Emirates
-
Abu Dhabi International Airport (AUH) – Abu Dhabi, United Arab Emirates
You should know
- While traveling within the United States, TSA agents at the gate are not allowed to confiscate your digital devices or demand your passwords.
- Different rules apply to U.S. border patrol agents and agents in other countries. Federal border patrol agents have broad authority to search everyone entering the U.S. This includes looking through any electronic devices you have with you while you are traveling. They can seize your devices and make a copy for experts to examine offsite.
- U.S. Customs and Border Protection's Inspection of Electronic Devices fact sheet.
- Encryption: Although encryption is recommended to protect sensitive information in case your device is lost, stolen, inspected or confiscated, some countries restrict the use/importation of encryption software. The U.S. may also restrict its export.
- Additionally, international travelers can be required to decrypt devices and files at border crossings, including when leaving or re-entering the U.S. The best advice is not to carry information that would be a problem for others to obtain or access.
- See UC's International Travel webpage for information, including lists of countries with travel restrictions, and links for additional help.
- If you are not able to use encryption software at your destination, contact your IT support staff for guidance.
- There are special rules for bringing electronic equipment, research, intellectual property, and encryption technology abroad. Traveling outside the U.S. with laptops, tablets, smart phones, or storage devices involves special considerations and may require an export license.
- Other private data. Aside from export control laws, University policies regarding protection of student, financial, and HIPAA-controlled data recommend that such data not be stored on devices taken outside the U.S.
- Consult with experts in Export Control well in advance of your trip if you are planning to take University equipment, data or technology outside of the United States.
Before you go
- Travel only with the data and devices that you need. If you don’t have it, it can’t be stolen or confiscated. This may mean leaving some of your devices at home, removing personal or University data from your devices, or shifting your data to a campus-approved secure cloud service. If possible, avoid traveling with any sensitive or confidential information on your laptop, USB drives, mobile devices, etc.
- If you’re traveling on UC business, check with your IT support staff about the possibility of getting a clean, encrypted laptop and/or phone that contains no sensitive data, no local passwords, etc. Also check with your department for specific policies about device use and traveling abroad.
- If you are in UC San Diego Health, please contact their Service Desk (login required) and request to borrow one of their travel loaner laptops.
- Campus IT Services is in the process of developing a loaner laptop program as well.
- Encrypt all devices and data that you take with you.
- Secure Your Mobile Devices
- Full Disk Encryption (FDE), provides an additional security control at the hardware level. It automatically converts data into a form that cannot be understood by anyone who does not have the key to undo this conversion. FDE is especially useful for laptops and small computing devices that can be lost or stolen.
- If you use your personal laptop to access UC San Diego information, we strongly recommend that you enable native FDE technology. Solutions include:
- If you use a UC San Diego-owned laptop, please contact your local IT support staff. If you don't have local IT support staff, contact IT Services Security.
- You may need to verify whether the location you are traveling to has restrictions on encrypted digital content. If you are not able to use encryption software at your destination, contact your IT support staff for guidance.
- Password protect all of your devices. Use strong passwords, passcodes, or smart-phone touch/facial ID to lock and protect your devices.
- Change any and all passwords you may use abroad.
- Back up your data.
- Set up multifactor authentication for your personal accounts whenever possible for an additional layer of security.
- Update your operating system and apps/ software, including antivirus protection, to make sure you are running the most secure versions available. Contact your IT support staff for guidance if necessary.
- Turn on "Find My [Device Name]" tracking and/or remote wiping options in case of loss or theft. Make sure you know how to use these tools before you go.
- It is possible to remote wipe your device if your account is in Office 365:
- Using the Outlook Web App, click the settings gear, then click Options.
- Under General, select Mobile Devices.
- Choose the mobile device that needs to be wiped, then click the Wipe device icon.
- Click Yes when prompted to confirm.
- It is possible to remote wipe your device if your account is in Office 365:
- Log out of browsers and apps, remove any saved login credentials, and clear your browser history. This will help prevent anyone from accessing your accounts or information without your knowledge. Also delete apps you no longer use.
- Clear your devices of any content that may be considered illegal or questionable in other countries.
- Stay informed of TSA regulations. Check the State Department's website for any travel alerts concerning the specific countries you plan to visit (including any tech restrictions) and guidance on travel to high-risk areas. They also provide information for U.S. students traveling abroad, as does the FBI.
In transit
- Power off your devices before you arrive at the border. This will help resist a variety of high-tech attacks.
- Do not put devices into checked baggage. Checked baggage can be lost, stolen, stolen from, or tampered with. If desired, or it is required due to travel from one of the 10 airports noted above, use a TSA-approved lock.
- Always keep your devices with you. Carry them on the plane, train or bus, and keep them nearby, within your sight. Avoid putting devices underneath the seat or in the front pocket of your seat. Devices can easily become lost, stolen, or tampered with. If you become separated from your equipment, there is a possibility that it has been compromised. If your equipment is confiscated or inspected by any foreign authority, then it should be considered compromised.
- Be careful when using public wireless networks or Wi-Fi hotspots; they’re not secure, so anyone could potentially see what you’re doing on your computer or mobile device while you’re connected. If traveling to countries outside the U.S. and Europe, you should presume that the network itself is not secure. If you need Internet access, make sure you know who the reputable carriers are and only connect to them.
- Use the free, campus provided Virtual Private Network (VPN) software to make sure your network connection is secure (encrypted).
While you're there
- Connect to the Internet securely. The above advice about avoiding public Wi-Fi, using the campus VPN, and considering networks as unsecure in general also apply after you arrive.
- Physically protect yourself, your devices, and any identification documents. Keep your devices with you at all times during your travels. Do not assume they will be safe in your hotel room or in a hotel safe.
- Do not plug in untrusted accessories. Accessories that come from questionable or unknown sources can be infected with malware intended to steal your information. Avoid plugging in any untrusted accessories (flash drive, charging cable/station/port, SD card, power stick, etc.) to your device. Try to bring all necessary accessories with you, but if you must purchase something abroad, make sure it is from a reputable source.
- Never log into anything when using public computers. They may be loaded with keyloggers and malware. If you use a device belonging to other travelers, colleagues, or friends, do not log in to email or sensitive accounts.
- Disable Wi-Fi and Bluetooth when not in use. This protects you from harmful connections and some types of tracking technology.
- Wait to post about your trip on social media until you return home.
When you return
- Change any and all passwords you may have used abroad. Regardless of whether you used them on your device or a public computer, they may be compromised.
- Run full antivirus scans on your devices.
- Check your statements. If you used a credit or debit card while traveling, check your monthly statements for any discrepancies for at least one year after you return.
- Delete unneeded apps. If you downloaded any apps specifically for your trip and no longer need them, be sure to delete them and the associated data.
- If you had a loaner device, don’t connect it to the network when you get home. Return the device immediately to your IT support staff so they can help you access it safely.
Additional specialized resources
Inspection of electronic devices at the US border
- UC website: Traveling with Electronic Devices: briefly reviews the relevant law permitting border searches, describes key U.S. Customs and Border Patrol (CBP) policies relating to such searches, discusses frequently asked questions that UC faculty may have about their rights in connection with a border search, and general information about protecting sensitive data while traveling overseas on UC business.
- Full CBP “Border Search of Electronic Devices” Directive, Jan 2018 (12 pages)
- Detailed guidance and analysis from eff.org (52 pages): Digital Privacy at the U.S. Border: Protecting the Data On Your Devices
International Compliance and Export Control
- UC Ethics, Compliance and Audit Services (ECAS) “International Compliance” site
- Updated UC guidance in ECAS' April 2018 Compliance Alert newsletter ("International Compliance", pg 3)
- Webinar: 10 Things You MUST Know before Taking Your Laptop Overseas (Brian Warshawsky. from 2013) Slides only (PDF)
UC Global Operations (UC GO)
Website: https://www.ucgo.org/
A broad range of information for UC faculty, researchers, staff, administration, students, trainees, and international students and scholars traveling internationally. Most content is not technology or privacy related. Information related to cybersecurity includes:
- Laptop and data security
- Export controls
UC San Diego Risk Management Business Travel Accident Insurance
Credits: This web page is adapted from content also provided by UC Santa Cruz, UC Berkeley, UCLA, and EDUCAUSE ("How to Protect Your Data and Devices While Traveling with Tech" and "Security Tips for Traveling at Home and Abroad").
Image credit: pixabay.com