International Travel Cybersecurity

• In many countries, including the US, government agents have the authority to examine or seize your devices at borders. This includes entry into the United States.
  • U.S. Customs and Border Protection's Inspection of Electronic Devices fact sheet.
• Encryption: Although encryption is recommended to protect sensitive information in case your device is lost, stolen, inspected or confiscated, some countries restrict the use/importation of encryption software and some software is restricted from export per U.S. regulations
  • Travelers can be required to decrypt devices and files at border crossings, including when leaving or re-entering the U.S. The best advice is not to transport or access sensitive information while traveling.
  • If use of encryption software is not legal at your destination, contact your IT support staff for guidance.
• Taking electronic equipment, research, intellectual property, and encryption technology abroad on laptops, tablets, smart phones, or storage may require documentation or an export license.
• Other private data. Aside from export control laws, there are University policies regarding protection of student, financial, and HIPAA-controlled data and how that data may or may not be stored on devices taken outside the U.S. Please consult with the relevant data steward for clarification for your unit.
• Consult with experts in Export Control well in advance of your trip if you are planning to take University equipment, data or technology outside of the United States.
  • Export Control Basics
  • What You Need to Know Before You Travel Outside the U.S. (PDF)

• Transfer your data to a campus-approved secure cloud service. If possible, avoid traveling with any sensitive or confidential information on your laptop, USB drives, mobile devices, etc.
• If you’re traveling on UC business, check with your IT support staff about the possibility of getting a clean, encrypted laptop and/or phone that contains no sensitive data, no local passwords, etc. Also check with your department for specific policies about device use and traveling abroad.
  • If you are in UC San Diego Health, please contact their Service Desk (login required) and request to borrow one of their travel loaner laptops.
  • Campus IT Services is in the process of developing a loaner laptop program as well.
• Encrypt all devices and data that you take with you*
  • Secure Your Mobile Devices
  • *Some countries ban the entry and use of encrypted devices, please research prior to planning trip. Verify whether the location you are traveling to has restrictions on encrypted digital content (which includes the use of VPN).
    • If you are not able to use encryption software at your destination, contact your IT support staff for guidance. 
  • Full Disk Encryption (FDE), provides an additional security control at the hardware level. It automatically converts data into a form that cannot be understood by anyone who does not have the key to undo this conversion. FDE is especially useful for laptops and small computing devices that can be lost or stolen.
    • If you use your personal laptop to access UC San Diego information, we strongly recommend that you enable native FDE technology. Solutions include:
      • Windows Bitlocker
      • Mac OS X FileVault
    • If you use a UC San Diego-owned laptop, please contact your local IT support staff. If you don't have local IT support staff, contact IT Services Security.
• Password protect all of your devices. Use strong passwords, passcodes, or smart-phone touch/facial ID to lock and protect your devices.
  • Use a password manager and reference Password Security per UCSD guidance - https://blink.ucsd.edu/technology/network/access/secure-passwords.html#Password-Best-Practices
• Change all passwords you may use abroad.
• Back up your data.
  • Securing Your Data and Workspace
• Set up multifactor authentication for your personal accounts whenever possible for an additional layer of protection.
• Update your operating system and apps/ software, including antivirus protection, to make sure you are running the most secure versions available. Contact your IT support staff for guidance if necessary.
• Turn on "Find My [Device Name]" tracking and/or remote wiping options in case of loss or theft. Make sure you know how to use these tools before you go.
  • Log out of browsers and apps, remove any saved login credentials on all devices, and clear your browser history. This will help prevent anyone from accessing your accounts or information without your knowledge. Also delete apps you no longer use.
• Research and understand the country that you are visiting, it is important to be aware of any content that may be illegal in the country that you are visiting.
  • Clear your devices of any content that may be considered illegal or questionable in other countries.
  • Stay informed of TSA regulations. Register your travel through Concur or UCAway to receive travel alerts concerning the specific countries you plan to visit (including any tech restrictions) You can request a UC Travel Brief.

• Power off your devices before you arrive at the border. This will help to provide another layer of defense in preventing unauthorized access to a device.
• Always keep your devices with you. Carry them on the plane, train or bus, and keep them nearby, within your sight. Avoid putting devices underneath the seat or in the front pocket of your seat. If you become separated from your equipment or it has been confiscated or inspected by any foreign authority, there is a possibility that it has been compromised.
• Be careful when using public wireless networks or Wi-Fi hotspots; they’re not secure, so anyone could potentially see what you’re doing on your computer or mobile device while you’re connected. Assume that networks are not secure. If you need Internet access, know who the reputable carriers are and only connect to them.
• Virtual Private Network (VPN) software. VAs noted previously, VPN is advised for a secure/encrypted connection however, prior to use, confirm VPN is permissible in the country that you are visiting.
• Beware of shoulder surfing. Avoid use of passwords and accessing sensitive information in transit locations such as airports and train or bus stations or on planes, trains, or buses.

• Connect to secure wireless networks. Certain networks may appear secure (such as a hotel network) but they are often similar to public Wi-Fi and are not always secure. It is advised to use the campus VPN while traveling.
  • If additional software or applications are needed, only download software from trusted sources.
• Physically protect yourself, your devices, and any identification documents. Apply a risk management level of thinking while traveling to make informed decisions based on each situation. Do not assume devices and/or documents will be safe in your hotel room or in a hotel safe.
• Do not plug in untrusted accessories. Unverified flash drives, chargers, SD cards, power sticks, etc. can be infected with malware intended to steal your information. Avoid plugging in other accessories to your device that are not yours. If you must purchase something abroad, make sure it is from a reputable source.
• Never log into anything when using public computers. They may be loaded with keyloggers and malware. If you use a device belonging to other travelers, colleagues, or friends, do not log in to email or sensitive accounts.
• Disable Wi-Fi and Bluetooth when not in use. This protects you from harmful connections and some types of tracking technology.
• Wait to post about your trip on social media until you return home. Consider asking others to do the same.
• Be cautious of phishing and other suspicious links sent to any devices.
  • Reference UCSD Phishing guidance - https://blink.ucsd.edu/technology/security/user-guides/phishing.html

• Change any and all passwords you used abroad. Regardless of whether you used them on your device or a public computer, they may be compromised.
• Run full antivirus scans on your devices.
• Check your statements. If you used a credit or debit card while traveling, check your monthly statements for any discrepancies for at least one year after you return.
• Delete unneeded apps. If you downloaded any apps specifically for your trip and no longer need them, be sure to delete them and the associated data.
• If you had a loaner device, don’t connect it to the network when you get home. Return the device immediately to your IT support staff so they can help you access it safely.

Inspection of Electronic Devices at the US Border 

• UC website: Traveling with Electronic Devices: provides additional guidance to follow while traveling.
• Full CBP “Border Search of Electronic Devices” Directive, Jan 2018 (12 pages)
• Detailed guidance and analysis from eff.org (52 pages): Digital Privacy at the U.S. Border: Protecting the Data On Your Devices 

International Compliance and Export Control

• UCSD Export Control
• UCSD Research Security
• UC Ethics, Compliance and Audit Services (ECAS) “International Compliance” site

UC Travel Risk & Insurance

Website: https://www.ucop.edu/risk-services-travel/registering.html

• A broad range of information for UC faculty, researchers, staff, administration, students, trainees, and international students and scholars traveling internationally. Most content is not technology or privacy related. Information related to cybersecurity includes:
  • Laptop and data security 
  • Export controls
• UC San Diego Risk Management Business Travel Accident Insurance
• UC Risk Services Business Travel Information