Security Tips for Travel
University faculty, staff, and students traveling internationally with laptops, phones, and other mobile devices face various risks, including loss, seizure, or tampering with devices, software, or data.
Consider these recommendations as a guide to reduce the risks associated with traveling with these devices before, during, and after your trip.
Before You Leave
- Device Choice:
- Take only essential devices.
- Limit Amount of Data:
- Limit University data stored on the device's hard drive. Store files in OneDrive or Google Drive cloud storage services. This will require login to access data and improve security.
- Remove sensitive or confidential data from devices: PII, FERPA, HIPAA, financial, unpublished research, proprietary info, student information (grades, comments on student work, information not available in a public directory), etc.
- It is recommended to remove all email accounts from your devices, including your University email account. At a minimum, the amount of email synchronized to your devices should be limited. You can instead access your Fisher email via a web browser at Web Outlook or Gmail.com
- Logout: Log out of all applications and cloud services. This will require sign in to access, which will improve security.
- Device Security Setup:
Fisher devices are configured to meet security recommendations for security updates, encryption and firewall protection. These recommendations are for enabling security protocols on personal devices you intend on using to access Fisher data while traveling abroad.
- Security Updates: Ensure the latest security updates are installed on all personal devices. Fisher-issued devices automatically install security updates.
- Firewall: Ensure the device firewall is enabled. Fisher issued devices automatically have firewall enabled.
- Encryption: Enable full-disk encryption using (BitLocker/FileVault). Turn on mobile device encryption (*Except destinations where encryption is prohibited)
- Password: Use strong, unique passwords/passphrases.
- Web Browsers: Set your web browser to clear history/cache on exit.
- Review list of countries where Google Workspace and Microsoft 365 are restricted
While Abroad
- Physical Security:
- Keep devices under physical control. Never leave devices unattended in public, cars, or unsecured rooms - use hotel safes or cable locks.
- Be aware of surroundings (theft, shoulder surfing).
- Network Security:
- Avoid Unsecured Public Wi-Fi for sensitive tasks; prefer trusted networks or personal hotspots. Use SJF VPN for all network connections (Wi-Fi, hotel, conference).
- Disable wireless, this includes turning off Wi-Fi, Bluetooth, NFC when not needed. Also disable auto-connect to wireless networks.
- Never use public computers to access University systems or sensitive data.
- Data Handling & Charging:
- Avoid storing sensitive data on the device; use approved secure cloud storage and VPN connectivity.
- Do not use unknown USB drives, cables, or public charging stations, as it is possible for data from your device to be accessed and downloaded ("juice jacking"). Use your own trusted chargers/cables, and consider getting charge-only cables.
- Logout: Log out of all applications and cloud services. This will require sign in to access, which will improve security.
When You Return
- Change passwords for SJF and other accounts accessed during travel, especially if issues occurred or VPN wasn't always used.
Incident Reporting
- Report any lost, stolen, confiscated, or potentially compromised devices/accounts as soon as possible to:
- OIT Service Desk
- SJF Safety & Security
- Provide details of the device, data involved, and circumstances.