Body
Travel to a foreign country presents unique security challenges for Dartmouth faculty, staff, and students. Devices such as laptops, tablets, and smart phones have exposure to potential theft or damage by malicious actors in unfamiliar places like airports, train stations, hotels, or conference halls. Academic and business travelers are high risk targets for identity fraud and theft of intellectual property. Traveling to a foreign country requires extra safeguards to protect your data and comply with regulations.
A Note About Encryption
International travelers should give careful consideration to US export control laws and import restrictions imposed by foreign destinations. Foreign regulations are unclear about encryption and change constantly. The Wassenaar Arrangement provides some guidance.
- Commercial grade encryption is permissible for travel outside the U.S. and for use in most countries.
- Encryption of your device or files may be illegal in your destination country.
Notable exceptions include:
- No Encryption: Cuba, Iran, North Korea, Sudan, and Syria
- May be illegal (Not Recommended): China and Russia. Use clean devices with only the data you need.
- IN ALL CASES: While outside the U.S., if asked for the decryption password by government agents, give it up without argument.
Contents
Preparing your data while traveling internationally (excluding China)
Preparing your data while traveling in China
- Enable security. For all devices:
- Enable encryption. Pay close attention to laws or restrictions for encryption technology in the destination country. See NOTE above.
- Enable PIN or strong password protection.
- Enable auto-lock after inactivity.
- Enable auto-wipe after failed login attempts.
- Enable device location services.
- Enable remote wipe.
- Install or enable anti-virus software.
- Backup all data. Take only the minimum data necessary or contact the Computer Repair Shop to schedule a laptop rental. Please review Backup & Storage.
- Update. Make sure all devices have current operating systems and all applications are up to date with security patches.
- Remove permissions. If your account is a local administrator of your device, work with your Service Desk to remove or restrict any elevated or sensitive permissions. Setup a new account to use while traveling that does NOT have superuser, root, or administrator privileges.
- Go generic. Consider whether or not it’s feasible to use disposable accounts for email, file sharing, and other required services. You can generate a generic email account for travel purposes only.
- Carry-on. Don’t pack devices in checked luggage. Try to keep all devices with you during travel.
- Do not leave devices unattended.
- Disable ‘connect automatically’ to wireless network feature or disable wireless connectivity when not in use. Only connect to known WiFi networks.
- Disable Bluetooth, AirDrop, and infrared signals (IR) when not in use.
- Disable cameras and microphones when not in use. Tape over cameras.
- Enable host based firewalls.
- Use a Virtual Private Network (VPN). You can use GlobalProtect to connect to Dartmouth's VPN.
- Avoid using third party accessories. Do not connect foreign USB/flash drives, charging cables, or SD cards. Pack all peripherals needed during the trip.
- If your device has a removable battery, remove it when not in use.
- Be aware of your surroundings. Avoid working on or conducting sensitive business in cafes, coffee shops, or lobbies. Equally, do not work on or conduct business on public computers. Avoid banking or file transfers in Internet cafes.
- Practice safe browsing. Make sure websites begin with HTTPS and you can verify the identity of the site. If you receive pop-ups, prompts, or warnings - assume the site is compromised or traffic is being intercepted. Do not install software or interact with pop-ups. Clear browsing history and cookies when you end your browsing session.
- Reset credentials. Change all passwords for all accounts used out of country.
- Scan. Run full anti-virus scans on systems and data before use.
- Monitor. Keep an eye on accounts used during travel. Report any suspicious activity related to your devices or accounts.
- Bring only essential devices. Consider purchasing a temporary phone or laptop for travel.
- Ensure all important data is backed up to a secure location that can be accessed remotely if needed.
- Remove sensitive and unnecessary data from your devices. Consider using cloud services (e.g. Google Drive) for access to documents rather than storing them locally.
- Ensure that all devices are updated with the latest operating system and security software patches. If you are unsure about what you need to do to keep your device up to date, consider enrolling in Dartmouth’s Device Assurance Program (DAP).
- Install comprehensive antivirus and anti-malware software.
- Set strong passwords and enable two-factor authentication where possible.
- Turn off Bluetooth and auto-connect features for Wi-Fi and Bluetooth.
- Familiarize yourself with Chinese laws regarding internet use, including regulations on VPNs and prohibited online content. For example:
- The use of VPNs is heavily regulated. Only government-approved VPNs are legal, and using unauthorized VPN services can lead to penalties.
- China has strict controls over accessible online content. Familiarize yourself with blocked websites and services to avoid potential legal issues.
- Avoid accessing, posting, or sharing content that the Chinese government considers sensitive, such as political dissent, criticism of the government, or topics related to human rights issues.
- Avoid downloading or accessing sensitive documents, personal information such as banking details, proprietary data, or confidential professional projects.
- Postpone engaging in any work-related activities that require access to sensitive systems until you return, unless critical.
- Avoid using public Wi-Fi networks. If necessary, use a secure VPN service approved for use in China to encrypt your internet connection. Be aware of the legalities and risks involved.
- Consider purchasing a local SIM card for internet access instead of using public Wi-Fi.
- Always keep your devices with you or secured in a safe place.
- Be cautious about the information you share online. Avoid discussing sensitive topics over electronic communications while in China.
- Be mindful that some digital materials that are acceptable in other countries may be considered sensitive or illegal in China.
- If you are asked by a Chinese official to review your device during your stay in China, here are some steps and considerations to keep in mind:
- It's generally advisable to comply with requests from local authorities to avoid any legal complications or confrontational situations. Non-compliance can lead to detention, fines, or other legal consequences.
- If you are traveling with devices, be prepared for this possibility by carrying only non-sensitive information and using devices designated for travel if possible.
- While you should comply, it’s also important to understand your rights. You can politely ask the officer about the reason for the inspection and the scope of what they intend to check.
- If you feel that the request is unreasonable or if the situation escalates, you may ask to contact your embassy or consulate for assistance. Having contact information for your country’s embassy or consulate readily available can be very helpful.
- If possible, use devices with limited personal or sensitive information and consider using cloud services for access to documents rather than storing them locally.
- After an inspection, monitor your device for any signs of tampering or unusual activity. Consider changing passwords and conducting a thorough security check to ensure no security breaches have occurred.
- Conduct a security scan on your devices for malware or spyware that could have been installed during your travel.
- Change passwords for services accessed while abroad.
- If in doubt, consult with IT professionals to ensure your devices have not been compromised.