InfoSec Blog - How to Protect Your Data and Devices While Traveling with Tech
March 1, 2018
Due to enhanced security measures in most countries, travelers with tech should be prepared for possible disruptions or additional wait times during the screening process. Here are some steps you can take to help secure your devices and your privacy.
Good to know:
- While traveling within the United States, TSA agents at the gate are not allowed to confiscate your digital devices or demand your passwords.
- Different rules apply to border patrol agents and agents in other countries. For example, US border patrol agents have broad authority to search everyone entering the country. This includes looking through any electronic devices you have with you while you are traveling. They can seize your devices and make a copy for experts to examine offsite. Learn more from the Electronic Frontier Foundation about digital privacy at the U.S. border.
Protect your tech and data when traveling:
- Travel only with the data that you need; look at reducing the amount of digital information that you take with you. This may mean leaving some of your devices at home, using temporary devices, removing personal data from your devices, or shifting your data to a secure cloud service. Authorities or criminals can't search what you don't have.
- Most travelers will likely decide that inconvenience overrides risk and travel with electronic devices anyway. If this is the case, travelers should focus on protecting the information that they take with them. One of the best ways to do this is to use encryption. Make sure to fully encrypt your device and make a full backup of the data that you leave at home.
- Before you arrive at the border, travelers should power off their devices. This is when the encryption services are at their strongest and will help resist a variety of high-tech attacks that may attempt to break your encryption. Travelers should not rely solely on biometric locks, which can be less secure than passwords.
- Make sure to log out of browsers and apps that give you access to online content, and remove any saved login credentials (turn off cookies and autofill). This will prevent anyone from using your devices (without your knowledge) to access your private online information. You could also temporarily uninstall mobile apps and clear browser history so that it is not immediately apparent which online services you use.
Get your device travel ready:
- Change your passwords or passphrases before you go. Consider using a password manager if you don't use one already.
- Set up multifactor authentication for your accounts whenever possible for an additional layer of security.
- Delete apps you no longer use.
- Update any software, including antivirus protection, to make sure you are running the most secure version available.
- Turn off Wi-Fi and Bluetooth to avoid automatic connections.
- Turn on "Find My [Device Name]" tracking and/or remote wiping options in case it is lost or stolen.
- Charge your devices before you go.
- Research the regulations of the countries you will be visiting for any travel alerts or warnings concerning, including any tech restrictions.
- Clear your devices of any content that may be considered illegal or questionable in other countries, and verify whether the location you are traveling to has restrictions on encrypted digital content.
- Don't overlook low-tech solutions:
- Tape over the camera of your laptop or mobile device for privacy.
- Use a privacy screen on your laptop to avoid people "shoulder surfing" for personal information.
- Physically lock your devices and keep them on you whenever possible, or use a hotel safe.
- Label all devices in case they get left behind!
These guidelines are not foolproof, but security experts say every additional measure taken can help reduce the chances of cybertheft.
Also check out the CCS InfoSec CyberSafe Travel Guidelines here - https://www.uoguelph.ca/ccs/infosec/travelsafe
Source: Educause Security Awareness