Technology Travel Safety

International travelers should limit the amount of sensitive information that is stored on or accessible to any mobile device taken on the trip, and travelers should avoid contact with the PPPL network in general, specifically when traveling to high risk countries (see U.S. State Department's Alerts and Warnings).

Preparing for your trip

Identify "high risk" countries you plan to visit

Visit the U.S. State Department's Alerts and Warnings web page to identify "high risk" countries you plan to visit.

Understand the sensitivity of any data you bring or access

Seek ways to limit the amount of sensitive information that you take on your trip.  Examples of data that should be left at PPPL or afforded exceptional protection include information that might be considered sensitive by the host government, and information defined as confidential or highly confidential by the University’s Information Security Policy.  Removing unnecessary confidential data from any device reduces the risk of exposure to anyone gaining access to the information.


Things to remember while traveling

Avoid accessing the University directly with your PPPL ID and password

By not logging into PPPL applications while you travel, you eliminate the risk of your ID and password being captured and used to compromise PPPL systems.  You also reduce the amount of data that is retrievable if your mobile device is lost, stolen or otherwise compromised.

Please note that using Remote Desktop or equivalent software to access your PPPL desktop or other device from a high risk country should also be avoided as these transmissions may also expose valuable information.

Avoid using public workstations

The security of public workstations, especially in high risk countries, cannot be trusted.  When you use a public workstation, anything that you enter into the system - IDs, passwords, data - may be captured and used, so limit your activity to the devices that you bring.

Be aware of your surroundings when logging in or inputting data into your devices

There have been many cases where an ID, password or a piece of confidential information had been compromised simply by watching the person input the information. Be discrete when inputting your ID and passwords.

Notify PPPL if a theft or loss occurs

Traveling can be fraught with a variety of distractions - going through airport security, finding your way around town, getting used to cultural norms, etc.  Unfortunately, most instances when mobile computing devices are lost or stolen occur in the areas where the distractions are the greatest.  Recognizing distracting situations and, when they occur, taking extra care to maintain your focus can prevent you from having to take the steps necessary to disable those devices and obtain replacements.


When you return

Change any passwords you may have used during your travels

When you return from your trip, change any passwords you may have used during your travels from a trusted device. When traveling, especially in high risk countries, the likelihood that your ID and password will be captured is high. Quickly changing a compromised password helps prevent future attacks on that account. 

Restore the software on the systems with which you traveled to trusted versions

According to National Security Services, when our devices connect to a network in a high risk country, there is an increased likelihood that the device will be compromised and have malicious software installed. This software then can compromise information and other devices on the PPPL network when the device is reconnected.


Assumptions when traveling

  • No device can be protected against all possible forms of system and information compromise, especially when its members travel to countries that are deemed as high risk.  So, we must assume that any device taken to a high risk country will be compromised in some, potentially undetectable way.  The only truly secure option is to refrain from using digital devices when traveling.
  • Information of particular interest to someone intent on compromising your devices not only includes business data but also the traveler’s ID and password that could be used to directly access PPPL's systems and information resources.
     
  • When a device is compromised, the attacker may install software on the device that could compromise other systems and data on the PPPL network when the traveler reconnects his or her device to our network upon return, unless measures are taken to completely restore the device to its pristine state before the network connection is established.

Additional resources

  • The U.S. Department of State's Country Specific Information website
    Allows a user to specify his or her destination country for which it provides information such as, the location of the U.S. embassy and any consular offices; whether you need a visa; crime and security information; health and medical conditions; drug penalties; and localized hot spots.
     
  • The FBI's Travel Tips brochure
    Measures that the FBI recommends taking before, during and after traveling internationally in a compact, printable document.
     
  • US CERT's Holiday Traveling with Personal Internet-Enabled Devices website|
    Tips from the US Computer Emergency Readiness Team for protecting your mobile devices when traveling.
     
  • Internet 2's Security Tips for Traveling Abroad website
    A collection of institutional, governmental and other resources that provide guidelines for secure, international travel.
     
  • FAQs - Searches of Electronic Devices at the Border document
    Questions and answers concerning searches of electronic devices at the border.