Travel Securely

Travel Security for Computers and Mobile Devices

This web page provides information to help you travel securely with computers and other electronic devices.

Your electronic devices can contain your personal information, unpublished research, intellectual property, and other and confidential UCSC information. When they are stolen or compromised, so is all the information they contain. This not only dampens your travel plans, but can also become a very expensive, time consuming, and potentially career affecting data security breach.

Also keep in mind that when traveling to a foreign country, your electronic devices and the information they contain are at greater risk.

  • Many foreign countries do not have laws against technical surveillance
  • Some foreign governments help their domestic corporations collect competitive intelligence
  • Confiscations and "inspections" of electronic devices aren't uncommon. If this happens, you should assume your data has been copied.

| Policy | Preparing for your trip | In transit | While you're there | Additional Resources |


Policy

UCSC information security requirements, including UCSC's Minimum Network Connectivity Requirements, apply to all devices used for University business purposes, regardless of ownership or location.

Also review UCSC’s Remote Access Requirements. If you will be accessing restricted or confidential UCSC data and/or systems, see http://its.ucsc.edu/policies/rd.html.


Preparing your electronic devices for your trip

  1. Use antivirus/anti-malware software (free from our website), and set it to update as frequently as the settings will allow.
  2. Run current, up-to-date versions of the operating system and applications. Always install updates when your software or carrier tells you they are available. Remember to sync mobile devices often so you get available updates.
  3. Encrypt your computer and portable devices if they contain sensitive information or passwords. While this is always recommended, it is especially important for international travelers in case your computer is confiscated or “inspected,” even briefly.
ITS offers computer encryption service for UC managed desktops and laptops (Windows and Mac).  The Computer Encryption page describes what the service includes and how to get it.
For non-UC managed and personally owned computers see Encryption Information.
Encryption cautions:
    • Back up your data before you encrypt it. If you lose your encryption key/password, all of your data may be lost.
    • Encryption is not a guarantee of security. With time, someone in possession of your device may be able to break the encryption. Additionally, international travelers can be required to decrypt devices and files at border crossings, including when leaving or re-entering the USA. The best advice is not to carry information -- encrypted or not -- that would be a problem for others to obtain or access.
    • International travelers, also see #8.
  1. Password-protect all of your devices with a complex password, set them to automatically lock after a short period of inactivity, and be sure they require a password to start up or resume activity.
  2. Enable remote wipe and location tracking on mobile devices (keep in mind privacy implications of location tracking).
  3. Set devices to “ask” before joining new wireless networks so you don’t unknowingly connect to insecure or malicious networks.
  4. Make a backup of your data before you leave. Store the backup securely and in the USA.
  5. SPECIAL NOTES FOR INTERNATIONAL TRAVELERS:
    • There are special rules for bringing electronic equipment, research, intellectual property, and encryption technology abroad. Please consult with Brian Warshawsky (UCOP) at 510-987-0413, brian.warshawsky@ucop.edu, well in advance of your trip if you are planning to take University equipment, data or technology outside of the United States. He deals with export control and can help advise you. There is also a presentation available for review on this topic: Recorded webinar; Slides only
    • The computer you take abroad (laptop or desktop or other) should be one that has minimum information, i.e. not a regular work computer, but rather one that is slimmed down/configured cleanly just for remote access.
    • Although encryption is a general recommendation to protect sensitive information in case your device is lost, stolen, inspected or confiscated, it is not OK to bring encryption technology into some countries. See UC's "International Travel" web page for information, including lists of countries with travel restrictions, and links for additional help. See #3, above, for additional cautions about encryption.
    • See UC's Laptop Alert for international travel with laptops and other mobile devices (PDF).

In transit

  1. Do not put devices into checked baggage. Checked baggage can be lost, stolen, or stolen from.
  2. Always keep your devices with you. Carry them on the plane, train or bus, and keep them nearby, within your sight. Avoid putting devices underneath the seat or in the front pocket of your seat. Devices can easily become lost or stolen, especially if you step away or fall asleep.
  3. Avoid "free wifi" Internet hotspots. These can be fake sites set up to capture your information and passwords. If you need Internet access, make sure you know who the reputable carriers are and only connect to them.
  4. Use a VPN (virtual private network) when you’re traveling to make sure your network connection is secure (encrypted). UCSC’s Campus VPN is available to all campus members with a CruzID and Gold password. See http://its.ucsc.edu/vpn/ for information and set-up instructions.

While you're there

  1. Connect to the Internet securely. The advice from above about avoiding free wifi hotspots and using a VPN also apply after you arrive.
  2. Always be aware of your surroundings. Don’t carry bags that are obviously designed to hold laptop computers or portable devices.
  3. Never leave laptops or portable devices unattended.
  4. Never leave your devices in a hotel room unsecured. Always put them in the room safe or the hotel safe if your room doesn't have one, or take them with you. You can also use cable locks to secure your device to something immobile.
    • Theft is always a risk at hotels.
    • In some foreign countries, it is common for housekeeping staff or others with access to hotel rooms to copy data off of computers or install malicious software on devices left in the room.
  5. Be cautious of public computers. Avoid logging in to personal accounts on them, and avoid connecting your personal devices to them. Thieves may have access to public computers, including everything you've done on the computer and even the keystrokes you've typed. Any device you connect to a compromised public computer can also get similarly compromised.
  6. Checking in to social networking sites seems fun but is risky. You're telling the world your exact whereabouts and the fact that no one is at your home. Wait to get home before you post pictures or comments about your trip to social networking sites. It's fun to tell friends where you are in real time but this also has risks.

For additional recommendations for international travel, see this article excerpt from Educause.

Also see Security Tips for Traveling Abroad, a collection of Higher Ed and government pages compiled by Internet2.


See UCSC’s Mobile Devices and Wireless web page for additional information about security for mobile devices and wireless.

Additional Resources (from above):


Rev. March 2017