Search Information Security site

 

Best Practices for Traveling Internationally

Before you go...

  • If traveling with University data and/or IT resources, consult with the Office of Export Control for requirements and current travel restrictions that could endanger those assets.
  • If possible, do not take your work or personal devices with you, particularly if travelling to non-democratic countries. One possibility is to use a temporary device, such as an inexpensive laptop and/or a prepaid "throw away" cell phone purchased specifically for travel. You could also create a "throw away" email account for use only on the trip. Delete the account when you return.
  • Be sure to password or passcode protect (passcode refers to mobile phones) the device, but do not use the same passwords/passcodes that you use on your work and personal devices. Consider using a sentence or passphrase that's easy to remember.
  • If you must take your electronic devices with you, only include information that you will need for your travel, and encrypt your hard drive to protect your data.
  • Be sure that any device with an operating system and software is fully patched and up-to-date with security software. Check with local support technicians or your department to ensure you have the latest patches.
  • Make copies of your passport, airline tickets, drivers license, credit cards and any other document you take with you. Leave one copy at home.
  • Register with the State Department's "Smart Traveler Enrollment Program" They will also suggest establishing emergency points of contact.
  • Obtain the phone number and address of US Embassy and Consulate for country(s) you plan to visit.
  • You might also want to read this New York Times article "Traveling Light in a Time of Digital Thievery" 

While you're there...

  • Assume that anything you do on any device, particularly over the Internet, will be intercepted. Encrypted data may be decrypted In some cases.
  • Turn off devices when not in use. Do allow them to be in "sleep" or "hibernation" mode when they are not in active use.
  • Minimize the data contained on the device. This is particularly true of logins and passwords, your personal information, and any sensitive data. See UVA’s policy regarding this.
  • Never use shared computers in public areas, hotel business centers, or cyber cafes, and never use devices belonging to other travelers, colleagues, or friends.
  • Avoid the use of free WiFi, which allows for data (and password) interception.
  • Keep your passport, other travel documents, credit cards, etc., as well as your electronic devices, with you at all times during your travel. Do not assume they will be safe in your hotel room or in a hotel safe.
  • Do not draw attention to yourself -- Do not invite strangers into your room -- Do not leave drinks unattended -- Do not carry large amounts of cash. Use only authorized taxis.
  • Be aware of new acquaintances who probe for information, and avoid long waits in lobbies and terminals. Be aware of your surroundings at all times.

When you return...

  • If you used a temporary device, immediately discontinue use. Reformat the hard drive of any device you used, and reinstall the operating system and other related software, or dispose of the device properly.
  • Delete the "throw away" email account, if you created one for the trip.
  • Change any and all passwords you may have used abroad. 
  • Report any unusual circumstances to the FBI. 

Report an Information
Security Incident

Please report any level of incident, no matter how small. The Information
Security Office will evaluate the report and provide a full investigation.

Complete Report Form