Cybersecurity Guidelines for International Travel
International travel increases the likelihood that personal and university-owned devices and data will be compromised. As a result, The George Washington University (GW) Information Technology (IT) has prepared the following security guidelines and tips for mobile devices to support GW community members traveling abroad on university business.
Please note that these guidelines are also helpful and recommended for domestic travel, but are also subject to sudden change based upon the nature of International Relationships. Laws and policies regarding online security and privacy differ in other countries. While in a foreign country, you are subject to local laws. The State Department website has travel safety information for every country in the world.
The term “mobile devices” includes smartphones, tablets, and laptops. Each mobile device may require a slightly different technical approach for securing the device before travel. For information regarding specific devices, please contact the IT Support Center before you travel.
Below is a list of data security safeguards you should add to your travel checklist before, during, and after your trip.
- Before You Travel
- 1. If you can travel without your mobile device, don’t take it.
2. Limit the amount of data that you take with you on your trip. Consider the consequences if your information were stolen by a foreign government or competitor- Travel only with data needed for your trip to reduce the risks associated with a system compromise or device theft while you are traveling.
- To the extent possible, preserve data within GWU-approved cloud storage, such as GW Box, rather than on your local device. Data that is never stored on the travelling mobile device is at a much lower risk of loss or compromise.
- Taking temporary mobile devices or burner devices, reduces the likelihood of theft or compromise, and exposing historical or archived data which is not necessary while traveling internationally. It also means that upon your return, after backing up relevant data from your travels, the device can be wiped clean (erased), helping to mitigate the risks of importing threats back into your home equipment.
- Check with the IT Support Center for more information on loaner devices available for the GW community when on business travel.
- Back up all information you take; leave the backed-up data at home.
- Encrypt your mobile devices, including external USB/ hard drives, unless restricted by the destination country. Check travel recommendations for high-risk countries.
- Do not store passwords or other credentials on mobile devices.
- If you are not traveling with a clean temporary mobile device, clear all of your browser history, cached passwords, filled forms, and any other local browsing data prior to travel.
- Use a cloud password manager application to store your credentials.
- Configure your web browser(s) not to save passwords. This prevents login credentials from being saved in the browser cache.
- Update mobile devices' applications and operating systems
- Install the latest security updates for your mobile devices and applications from trusted sources, such as Windows updates, Apple updates and vendor websites. Do not download and install any supposed updates or patches sent via email or via unknown web links.
- Uninstall un-used and unnecessary applications and turn off unneeded services on your devices, such as Bluetooth and WiFi.
- Install GW’s Virtual Private Network (VPN) before you go and consider having additional commercial VPN subscription(s) as a backup if there are difficulties connecting to your GW VPN account. VPN can help secure your communications and improve privacy when using untrustworthy networks.
- Test your ability to get to your data using VPN from an off-campus location before leaving. (On Mobile Devices and/or Laptops).
- Adjust your account access level to to the lowest privilege level.
- While traveling, do not use a local system administrator account (or account with administrator rights) as your primary user account. Using non-administrator accounts will help to prevent a large number of infections or compromises.
- During the Trip
-
1. Avoid transporting devices in checked baggage.
2. Never connect to the internet using public Wi-Fi networks unless using a trusted VPN client.3.Communication Tip On all of your mobile devices:
- Turn off "join wireless networks automatically." Always manually select the specific network you want to join after confirming its name and origin with the provider.
- Turn off wireless and Bluetooth when these features are not being used.
- Only connect your own external media to your devices
- While USB drives and other forms of external media offer convenience in sharing and transferring files, they can also be vehicles for exploits and malware. While traveling, be wary of plugging in any untrusted external media into your devices.
- Do not utilize public USB power stations to resupply power to your devices. Instead, considering bringing along pre-charged battery banks.
- When You Return
-
1. Using a trusted computer that was not on your travels, change passwords for all services you accessed while away.
- Whether you sign in to personal or GW accounts while traveling, keep track of the services you've accessed. GWIT strongly recommends that at a minimum you change these passwords when you return. If you're on an extended trip, change them periodically. Do not use the same password for multiple services.
- When changing passwords for services you accessed while away, remember to pick strong, complex passwords, and do not reuse the same password for multiple services.
- Before connecting to GW resources, turn off any services you enabled specifically to facilitate your work while traveling, update and apply any patches released while you were away, and scan any data you brought back for malware.
- Please contact the IT Support Center if you need assistance with this.
- Using a trusted computer that was not on your travels, change passwords for all services you accessed while away.
- Whether you sign into personal or GW accounts while traveling, keep track of the services you've accessed. GWIT strongly recommends that at a minimum you change these passwords when you return. If you're on an extended trip, change them periodically. Do not use the same password for multiple services.
- When changing passwords for services you accessed while away, remember to pick strong, complex passwords, and do not reuse the same password for multiple services.
- Return all of the devices you brought with you to their pre-travel configuration.
- Before connecting to GW resources, turn off any services you enabled specifically to facilitate your work while traveling, update and apply any patches released while you were away, and scan any data you brought back for malware.
- Please contact the IT Support Center if you need assistance with this.
- (Optionally) Have the mobile devices you brought on the trip assessed by GW IT for signs of intrusion, especially if your job requires you to regularly access regulated or restricted data.
Traveling to High Cyber-Risk Countries
-
Some countries, such as China, Israel, and Russia, have restrictions on the import and use of encryption tools. If encryption cannot be used, it is recommended that no regulated or restricted data be stored on mobile devices.
-
If any of the countries you are traveling to have technology restrictions, GW IT strongly recommends that you arrange to use temporary mobile devices for the trip.
-
Depending on the destination, some VPN providers may be blocked. Do your research and prepare alternatives (different subscriptions/services, downloaded and installed).
-
In some countries, border control agents may request to view your device and will go through your messages, social media, photos, browsing history, and applications. If your political or lifestyle opinions are illegal in the country you are traveling to, take steps to remove apps, photos, or messages, or social media posts that may incriminate you before you cross the international borders.
Additional Resources
Available Training:
-
Safe Travels for Road Warriors Training on Talent at GW - GW Employees.
Useful Links
-
Telecommunication equipment recommendation
-
For more tips, check the U.S. Department of Homeland Security's Computer Emergency Readiness Team webpage.