InfoSec CyberSafe Travel Guidelines
January 7, 2021
When you are preparing to travel, there are many things to consider: finding the right flight, arranging transportation to and from the airport, booking a hotel, and so forth. However, it is also important to consider the security of your portable devices and data in preparation for your travel. The last thing that you want is for personal data, or sensitive University of Guelph data, to fall into the wrong hands. Take these simple precautions before, during, and after you travel to minimize the risk.
The following is a list of guidelines to consider when you are planning your travel to minimize the risk to personal and University owned devices and the data stored on them.
Before You Travel
- Travel Light!
- If you don’t need electronic devices while traveling, leave them behind.
- If possible, take a loaner laptop for your trip so that it can be re-imaged when you return.
- Limit the devices, media, and data to only what you absolutely need.
- Do not save personal information (such as credit card numbers, passport information, or social insurance numbers) on your devices.
- Prepare Your Devices!
- Ensure all portable devices and media are encrypted, including laptops, USB keys, external hard drives, and smartphones (CCS Encryption Service). Once encrypted, if they are lost they will be unusable to anyone that finds them. This recommendation applies to personal devices as well as those owned by the University of Guelph.
- Be aware of encryption import restrictions that may prevent you from encrypting data on your device when travelling to certain countries. Some countries have laws that limit the use of and presence of encryption software. Prior to travelling to a foreign country, it is advisable to consult the laws and regulations related to encryption that may apply in that specific country. The Government of Canada recommends contacting the embassy or mission of your destination country in Canada before you leave on your trip abroad.
- Create a complete inventory of your devices and data you are traveling with, including system names and serial numbers. Store this inventory in a secure location that is accessible while traveling, such as a network drive (CCS Central File Service).
- Securely backup your devices and data before departing and do not take that backup with you. Make use of network drives (CCS Central File Service) for critical files instead of storing them locally, since network drives are backed up on a regular basis.
- Ensure your system is patched, all software is updated, and antivirus software is fully up up-to-date. McAfee anti-malware software is available to all registered students, staff and faculty at no cost.
- Run a full scan for malware to ensure your system is clean before leaving so that you do not infect others on your travels.
- Clearly label your laptop as University of Guelph property. Consider taking advantage of the Campus Police STOP program which is an anti-theft, recovery, and inventory tracking system.
- Prepare Your Accounts!
- Setup two-factor authentication on personal accounts that offer it, such as Facebook, PayPal, LinkedIn, etc. A comprehensive list of services that offer two-factor authentication is available at https://twofactorauth.org/. The University does not currently offer two-factor authentication on our accounts or applications.
- Use a password manager to protect your passwords and avoid having to type your passwords while travelling. Additional information on password managers can be found in our blog post.
- Know Your Destination!
- Be aware of laws in the country you are visiting with respect to access to internet applications and services.
- Trust No Wi-Fi Network!
- Assume that all networks are insecure, especially those in business centers, hotels, coffee shops, and airports.
- Avoid using free wireless services.
- Always use a VPN service for all internet access. Using a VPN connection ensures that your internet traffic is encrypted.
- Students, staff and faculty should use the University of Guelph VPN service in "full-tunnel mode" when connecting to University systems while travelling.
- For personal interet access, travellers should purchase service from a reputable VPN service provider for their personal internet access. More information can be found here.
- Turn off wireless, Bluetooth, GPS, microphone, and camera when not in use on your portable devices.
- Never enter or access sensitive or personal information when using a shared or public computer.
- Never accept software updates when connected to a hotel internet connection or other public Wi-Fi network.
- Do not access sensitive data when in public areas or in high-risk locations (refer to the US Passports and International Travel Country Information Database for more information on high-risk areas).
- Lock It Up!
- Always lock your screen when not using your device, and ensure it requires a password to unlock.
- Keep your devices with you or physically secure them in a hotel safe. If you are travelling by car and making a stop, store electronics devices and briefcases in the trunk of your car.
- Power down your devices when not in use to mitigate risk of the microphone or camera being turned on remotely.
- Don't Share!
- Avoid advertising the fact that you are traveling on social media. Potential criminals could see your posts and take advantage.
- Do not plug USB devices into public charging stations. Such stations can transfer malware to your device or download data from it. Instead, use your own charging cable to plug into an electrical outlet.
- Do not accept USB thumb drives from any source including vendors and tradeshows. These devices could contain malware.
- Report It!
- If your device is lost or stolen, report it immediately. Contact local authorities and report lost/stolen University devices to the CCS Help Centre (Phone: 519-824-4120 x58888, Email: firstname.lastname@example.org)
- Follow The Rules!
- Some countries have laws and regulations that restrict internet access. Always respect and adhere to the laws and regulations of countries you visit.
When You Return
Take precautionary and proactive steps when you return to cleanse your computer and protect your password. This will prevent any possibility of exposure from undetected access to your computer or any impact of a possible password comprise.
- Check It!
- Run a full scan for malware to ensure your system is clean.
- If you used a loaner laptop, get it reimaged right away.
- Change It!
- Change your password upon return.
- Government of Canada Cyber-Safe Travel Tips
- REN-ISAC Cybersecurity for the International Traveler
- US Passports and International Travel Country Information Database
- Secure Personal Information While Using Rental Cars
- Holiday Traveling with Personal Internet-Enabled Devices
- Information Security Blog Post on Cyber Security When Travelling
Written by: Stephen Willem (Chief Information Security Officer)