Information Security To Go! (Tips When Travelling)

Over 93 million U.S. citizens traveled abroad in 2018, and whether for business or personal use, our technology devices seem indispensable during our travels. Unfortunately, traveling with devices also means that you must take care to protect those devices—and the data contained on them—while you are way from home. So, as we approach the summer period where increased travel is anticipated, the following are some information security tips you should keep in mind when travelling both domestically and abroad.

Information Security Travel Tips

• Back-up your data! Backing up your data ensures that you won't lose information if your device fails or is lost or stolen. Also, consider encrypting your data as well!
• Make sure your devices and applications are up to date. Keep your applications and devices up to date and patched. This helps protect your device and data from security vulnerabilities and threats.
• Protect your devices with a strong password or lengthy passcode. Sometimes devices get lost or stolen, even when we are being careful. By protecting your device with a passcode or lengthy password, you make it harder for your device to be used and data to be accessed by others.
• Notify NEOMED if theft or loss of University devices occurs. Traveling can be fraught with a variety of distractions (e.g. going through airport security, finding your way around town, getting used to cultural norms, etc.) Unfortunately, most instances when computing devices are lost or stolen occur in the areas where the distractions are the greatest. Recognizing distracting situations and, when they occur, taking extra care to maintain your focus can prevent you from having to take the steps necessary to disable those devices and obtain replacements. In case a University device is lost or stolen, contact the NEOMED Help Desk at 330-325-6911 or help@neomed.edu.
• Double check your multi-factor authentication (MFA) settings. Many of us rely on multifactor authentication (MFA) to secure both personal and work-related accounts. Be sure that you know how (or if) that will work in the countries that you are visiting. For instance, if your MFA relies on SMS (text messages), be sure that you will be able to receive that message in the destination that you are visiting. If the option is available to you, consider using a physical token option to ensure you'll be able to login to your accounts.
• Do not use unsecured public Wi-Fi networks. Having a wireless connection is almost a necessity for the modern traveler. However, using an unsecured public Wi-Fi hotspot can allow others to view the contents of your electronic activity. Never share your personal data, like financial accounts, or restricted work data from an unsecured network as that information can be intercepted. If you must access personal data from an unsecured network, be sure that you use a virtual private network (VPN) service.
• Understand the sensitivity of the Data sensitivity you are bringing or accessing. Seek ways to limit the amount of sensitive data that you take on your trip. Examples of data that should be left at home, at the University, or afforded exceptional protection include information that might be considered sensitive by the host government, and information defined as Restricted or Private by the University’s Information Technology policies. Removing unnecessary sensitive data from any device reduces the risk of exposure to anyone gaining access to the information.
• Update your physical location with your password vault. If you use password vaults to manage your account passwords, don't be surprised if your password vault requires additional verification steps when logging into it from a location that is not in your home country. (After all, we count on these vaults to be secure!) Check the vendor documentation or your account settings to make sure that there are no country restrictions or settings that you need to change before your trip. Also double-check that you're able to access your recovery/secondary email address just in case there is an issue.
• Consider leaving your daily devices at home. If you are traveling to a location where you are concerned about your individual privacy rights, consider leaving your primary mobile device at home and purchasing a replacement device to take with you instead. Put only the apps, services, and data that you need for that trip on the device. Some businesses and universities offer programs where a traveler can check out a "clean laptop" when traveling for business purposes. Using these types of devices help limit any exposure of your personal data. Check your data plan as well. A "burner phone" or car GPS may be cheaper.
• Be smart about posting on social media. It is always fun to post vacation pictures in the moment, but online postings on social networks (e.g., Twitter, Facebook, Instagram, Snapchat, etc.) can let other people know that you are not at home and that your home may be empty and potentially vulnerable. Posting vacation pictures on social media once you are safely home helps protect your physical belongings while you are away.
• Use hotel safes to protect your technology. Here's another place where there is an overlap between online safety and physical safety. Just like you would put your passport, jewelry, and money in a hotel safe, consider using that safe to hold your electronic devices when you are not carrying them with you. Not only are the devices themselves expensive to replace, your personal data contained in the device can be irreplaceable (especially if you skipped backing-up your data).
• Remember your adapters! Make sure you have power adapters that will work with three-prong plugs and that they fit the country's outlets. Some travel adapters only accept two-prong plugs. (If you're attending a conference, you may be able to borrow a charging cable temporarily.) Outlets also vary, even, for example, between the United Kingdom and Ireland. Your technology gadgets are not very helpful when they run out of charge or cannot be powered on. Charge ahead of time and consider taking a portable battery pack that is approved by the Transportation Security Administration.
• Mind your voltage! Like plug types, different parts of the world use different voltages. Make sure that your technology devices can run on the voltage used at your destination.
• Change any passwords you may have used while travelling once you return. When you return from your trip, change any passwords you may have used during your travels from a trusted device. When traveling, especially in high risk countries (see U.S. State Department's Alerts and Warnings) the likelihood that your credentials will be disclosed is high. Quickly changing a compromised password helps prevent future attacks on that account. To change your University password, go to reset.neomed.edu.

University Resources

As surely as you can reduce wrinkles in your clothing with careful packing, so too can you avoid the most common information security travel woes by preparing before you travel. NEOMED takes great pride in its information security through its use of administrative, technical and physical privacy controls. The tips outlined within this article may help you reduce the risk of data compromises. For questions related to University travel, information security, insurance and other related topics, please refer to the following University resources:

• Related University Policies
  • Information Security and related policies (under the Information Technology category)
  • International Travel (under the Student Life category)
  • Travel to CDC Watch List Areas (under the Academic, HR, Research and Student Life categories)
  • Travel Policy (under the Administration & Finance category)
• Questions and Registration
  • Accounting & Budget – University Travel Purchasing Questions, contact purchasing@neomed.edu.
  • Compliance & Risk Management – University Insurance Questions related to Travel, contact compliance@neomed.edu.
  • Global Engagement – Registering Travel Abroad
  • Information Technology – University Device Questions/Assistance, contact help@neomed.edu.
• Previous Information Security Pulse Articles
  • Securing Your Information – What Can You Do
  • New Forms of Information Security Attacks on the Rise

External Resources

• Stay Safe While Traveling This Summer (video)
• Download the US Federal Bureau of Investigation Safety and Security for the Business Professional Traveling Abroad brochure.
• Review the U.S. Federal Communications Commission Cybersecurity Tips for International Travelers
• Download and read the U.S. Customs and Border Protection's Inspection of Electronic Devices fact sheet.
• Review the Cybersecurity While Traveling Tip Card, part of the STOP. THINK. CONNECT. Toolkit.
• Be prepared: Carry the Electronic Frontier Foundation's Border Search Pocket Guide.
• Learn more about Holiday Traveling with Personal Internet-Enabled Devices in this US-CERT guide.
• Review the U.S. Transportation Security Administration’s What Can I Bring?
• 5 Online Security Tips for Smarter Travel (infographic)
• Read the How Not to Fry Your Electronics Overseas: A Quick Guide , which includes an infographic of the various worldwide travel plugs.

-Submitted by Jonathan Wagner