Advice
These guidelines are to help you while traveling, especially abroad. They are not intended to be legal advice. If you will be traveling to a country which you believe may be a high risk for U.S. citizens, please contact International Programs Office or the U.S. Embassy for further advice.
Install updates before leaving
Install all updates or patches on all of your devices before leaving campus - both for the operating system and applications. This includes all laptops, iPads, phones, or other electronic devices. Contact your TSP or the STC if you need assistance.
Ensure your mobile devices have a passcode
Your laptops and mobile devices should have good pass codes set, including 6 or more digits on your smart phones or tablets. Consider disabling biometrics to limit a third party's ability to access your devices without your permission.
Enable additional authentication to specific applications. This may be supported by your mobile operating system. For Microsoft applications on mobile devices, OIT can enable this for centrally to protect university data.
Enable the "Find" feature for your device
Apple and Google support "Find My" features which also enable remote wipe of your device.
Consider a loaner device
If at all possible, take a loaner or temporary device instead of your primary laptop or phone which may have multiple years of files on it. In case of theft or loss, the risk is lower for U of I and minimizes the impact to you and the university upon your return. Avoid storing any data on the device, but instead use cloud services, like OneDrive for storing and accessing files. Presence of some applications may raise flags, so minimize the number of applications on your device. Also, if you are traveling on Non-University International travel, you must NOT take any university equipment or resources without prior approval. See APM 70.23 B-5.
Encrypt your laptop
OIT supports standard encryption on Windows and macOS devices using Bitlocker or Filevault. Remember that an encrypted device is most secure when powered off - so turn your laptop off when not in use. University devices are encrypted by default, but contact your TSP if you would like to add encryption on your device.
Change passwords before leaving
We recommend changing your U of I password 1-2 weeks before leaving. This reduces the chance of you needing to change a password while traveling when you may have trouble getting assistance.
Understand potential issues with MFA
Our DUO Multi Factor Authentication helps protect your accounts no matter where you are, but keep in mind the "push" notifications you may be used to only works if you have Internet service. You can still use the Mobile app, however, by opening the app and pressing the key icon to get your current passcode. This can be used with no Internet connection on your phone. Yubikeys (physical tokens) are also available from your TSP or the STC if you wish to take a backup second factor.
Restart devices routinely
There has been a rise in spyware targeting International travelers and higher value targets including researchers and executives mobile devices. In addition to always keeping operating system and applications up to date, restarting your mobile device routinely helps make sure spyware does not persist in memory of the device.
Avoid public WiFi
If possible, avoid public WiFi which may be used or established by criminals or intelligence agencies to spy on your activities or steal data or passwords. If you must use public WiFi, connect to U of I VPN before performing work. This may be slow in some cases, but protects your traffic from prying eyes. U of I VPN may not work in some countries, like China.
Report Incidents
- It is critical that any lost or misplaced technology or perceived technology security issues get reported quickly to security@uidaho.edu or 208-885-1060 (APM 30.14)
- Timely reporting is critical for legal and contractual compliance, as well as to ensure coverage under Idaho cyber liability insurance
Other Resources
University International Travel APM 70.23
https://www.uidaho.edu/governance/policy/policies/apm/70/23
Department of Homeland Security Cybersecurity while traveling (PDF)
https://www.cisa.gov/sites/default/files/publications/Cybersecurity-While-Traveling-Tip-Sheet-122019-508.pdf
FBI Safety and Security for the Business Professional Traveling Abroad (PDF)
https://www.fbi.gov/file-repository/business-travel-brochure.pdf
Using Duo outside the United States
https://support.uidaho.edu/TDClient/KB/ArticleDet?ID=881
Electronic Frontier Foundation - Digital Privacy at the U.S. Border
https://www.eff.org/wp/digital-privacy-us-border-2017
U.S. Customs and Border Protection - Border Search of Electronic Devices at Ports of Entry
https://www.cbp.gov/travel/cbp-search-authority/border-search-electronic-devices