Here are some best practices for keeping your technology secure while traveling abroad.
Key Steps While Abroad
Use Secure WiFi Networks
Be wary of public WiFi networks, especially when entering passwords or accessing personal and financial information online, and avoid using public computers when possible. It is best to avoid sending sensitive data or information via internet abroad if possible. Always search out a secure, known WiFi network, such as eduroam, which is available at partner institutions worldwide. If you use a public computer or someone else's computer abroad, never access or share the University private data or export-controlled information.
Always use the University's Virtual Private Network (VPN) while you are online abroad. VPN allows you to connect to the University network while you are off campus. It provides a secure connection that encrypts the information that passes between you and the University while you are connected. Learn how to download and connect to a University-supported VPN client. Note: Do not access information that is export controlled even via VPN.
Disable WiFi, GPS, and Bluetooth
Disable WiFi, GPS, and Bluetooth functions and unused apps on your devices when not in use. These services can be used to potentially launch attacks against your device, and can be used to locate and introduce malware.
Keep Your Devices Safe
Small devices such as cell phones, laptops, hard drives or flash drives, and tablets are susceptible to theft or loss, especially while traveling.
- When unattended, turn your devices off and keep them secure or locked up.
- Make sure to log out of any programs or accounts.
- Create unique secure passwords or passcodes for each of your devices. Learn how to create a strong password and the top 10 ways to secure your mobile devices.
- If your phone or laptop is stolen, report it immediately to the local U.S. Embassy or Consulate. The Embassy can assist you in reporting the loss to the local police. Also, report the incident to your departmental IT support staff immediately.
Additional Steps and Advice
Prior to Departure
- Install the University’s Virtual Private Network (VPN) on all of your devices including a smart phone or tablet.
- Review OIT’s information about using Duo internationally (requires UMN login).
- Set up a new strong password for each account that you might use abroad.
- Clear all internet browser history. Remove all files, browser caches, temporary files, recently used file listings, and previously deleted files that are in the computer's unallocated space. Apply all software patches and updates. Install anti-virus, anti-spyware, and personal firewall software.
- Remove all University private and sensitive data and information from your devices, including laptops, tablets, USB flash drives, and mobile phones. Create back-up files and store them in your departmental file server. Consider borrowing a "clean" departmental laptop if at all possible.
- If you take your personally owned electronic devices abroad, know that storing University private data on them is prohibited by the University. See Information Security.
- Set up a remote option to wipe data on your devices.
- Consider purchasing or renting a cheap local cell phone. Make sure to report the new phone number to the UMN departmental contact, on-site partners, and family and close friends in the U.S.
- Avoid taking an encrypted laptop overseas. Some countries ban encryption. Consult with the University of Minnesota's Export Control Officer what mobile devices, software, and information are export controlled.
Traveling to China
Accessing and using technology when in China can be challenging. Some students, staff, and faculty have been unable to access their UMN email and even some University websites while in China. Travelers should also consider potential export control and data security issues.
It is recommended that you review the University's Technology Considerations When Traveling to China before leaving for China.
Returning to the U.S.
- If the U.S. custom border protection or an official at custom abroad asks, you must cooperate with searches, answer questions, or turn over passwords.
- Return any borrowed devices and report any incidents to your IT support staff, especially when you suspect your devices have been compromised, or if your devices were temporarily confiscated or lost.
- Change your password for all accounts that you used abroad.
UMN Guidance on Protection of Data
In consultation with the Office of the General Counsel, the Office of Information Technology, and the Office of Internal Audits, the University of Minnesota recommends that travelers remove all existing University data from electronic media, such as laptop computers, tablets, USB flash drives, and smartphones, prior to international travel. The only University data files stored on the computer or media should be the minimal public data needed during the trip such as a presentation being given. Review Data Security Classifications by Type for examples of private-highly restricted, private-restricted, and public information. For most international travelers, a “clean” newly wiped and configured laptop is recommended. Any device taken out of the country should follow the process listed under Security Level High in the Media Sanitization Standard. Visit OIT's Destroying Data page for more information.
University private-highly restricted data should not leave the U.S. without the written approval of the Department Head, Dean, or equivalent administrator. If private-highly restricted data is necessary for University business, special arrangement involving remote access to the data on a server at the University will be necessary. Additional software may need to be installed and instruction on the use of the software may be needed prior to departure.
Furthermore, University travelers should be sure not to carry controlled technical data abroad except as authorized under the relevant export control regulations.
Risk is avoided when confidential University information and private data is not stored on a laptop, USB flash drive, or smartphone. To ensure that no export controlled information is on electronic media and devices, all confidential and private information should be removed. University policy requires encryption of laptops and portable devices; however, encryption is not recommend when traveling abroad. To request an exception to the University policy requiring encryption, complete and submit the University Information Security Exception form.
Note: The use of Duo is restricted in U.S. embargoed countries and may impact your ability to access University technology and resources from abroad.
- Cell Phone and Data Plan Business Expenses
- Data Security Classifications by Type
- Export Controls
- Export Controls FAQ
- Information Security
Office of Information Technology (OIT)
- Anti-virus Software
- Google Apps: Acceptable Use and Data Security
- Media Sanitization Standard
- Safe Computing
- University Information Security Exception Request
- Virtual Private Network (VPN)
- Using Duo Internationally (requires UMN login)
Office of the Vice President for Research (OVPR): Sponsored Project Administration
- Export Administration Regulations (EAR)
- Export Controls
- Foreign Assets Control Regulations
- International Traffic in Arms Regulations (ITAR)
Frequently Asked Questions
What should I do if my device is lost or stolen?
If your phone, laptop, or other device is stolen, report it immediately to the local U.S. Embassy or Consulate. The Embassy can assist you in reporting the loss to the local police.
Also, report the incident to your departmental IT support staff immediately.
Why remove all data when only private-highly restricted data is a risk?
It is almost impossible for most people to remember the specifics of all the data stored on a computer, so it is likely something will be forgotten. The specifics of U.S. and foreign countries' import and export laws are complex, so we recommend removing all data from devices to avoid violating such laws.
What if my laptop is encrypted?
Encryption protects information on the laptop if it is lost or stolen. It does not address the laws of the country visited nor the U.S. laws. Officials of both the U.S. Customs upon re-entry to the U.S. and other countries may require access to the encrypted information. The University advises travelers NOT to take any sensitive information and NOT to take an encrypted laptop with them overseas under any circumstances.
What risks is this protecting me from?
Loss or theft of the electronic device is the biggest risk. But there are other risks such as non-compliance with the United States Export Administration Regulations (EAR), research data restrictions on export, and possible delays for U.S. customs service or other review of the data on the laptop upon re-entry. The worst case would be that an individual might be detained for breaking a U.S. or foreign law and/or confiscation of the device.
What if I need access to my research or other data?
For most data that is not legally or contractually protected, a connection back to a University computer, such as Google Drive and departmental file server, is recommended. If the data is high risk and/or legally protected data, for example individual health information, social security numbers, export restricted and so forth, a special server and related software is available. Ask your departmental technology support person for information on use of this option.