Before You Go
Restrictions on Encryption
Keep in mind that encryption is heavily controlled or restricted in many countries. If you bring devices containing encrypted data or encryption software to certain countries, you could risk imprisonment or the confiscation of your devices. If you are not able to meet the import or export requirements, you should remove the encryption software and encrypted data from your devices, as to not risk violating compliance requirements in these countries.
- Review your destination country’s specific policies on encryption before traveling with an encrypted device.
- Back up your data before you encrypt it. Remember your encryption key/password. If you lose it, all of your data may be lost.
- Encryption is not necessarily a guarantee of security. With time, someone in possession of your device may eventually break the encryption.
- International travelers can be required to decrypt devices and files at border crossings, including when leaving or re-entering the USA. The best advice is to not carry information (encrypted or not) that would be a problem for others to obtain or access.
- Secure your accounts and devices with strong passwords, multi-factor authentication, and lock screens whenever possible. Never store passwords or sign-on sequences on any device or in its case.
- Download current, up-to-date antivirus, spyware protection, security patches, and a personal firewall. Make sure your software is up-to-date before your trip.
- In case your device becomes lost or stolen, enable device finder/tracking software, (“Find My Phone”) so you are able to locate it. Turn on remote wipe abilities and familiarize yourself on how to do this in case you need to.
- Turn off printer-sharing and file-sharing applications. Disable Bluetooth, Wi-Fi, and near field communication (NFC) when you are not using them.
- Only bring the devices and information you absolutely need – traveling lightly will decrease chances of anything being lost or stolen.
- Consider downsizing. For example, if you are giving a presentation during your trip, consider storing the presentation materials on a memory stick/USB instead of a laptop. If you use your own USB in a foreign computer, assume you’ve been compromised and have your device cleaned as soon as you can.
- If possible, use a temporary loaner device designated just for traveling, such as an inexpensive laptop or a prepaid cell phone.
- Avoid taking your work or personal devices with you on your trips, but if you must, be sure to encrypt (if feasible) or remove sensitive information.
- Back up any important data on your devices on an external drive that you leave at home in a safe place.
- Refrain from posting photos or status updates about your travel plans and arrangements until you are back home. This could inadvertently let people know that you aren’t at home.
- Determine if you need country specific plug adapters or converters for your devices.
- Review your cell phone coverage and international data plan options.
While You Are Traveling
If your device or information is stolen, report it immediately to the appropriate authorities, such as the local US embassy or consulate.
- Avoid Wi-Fi networks if possible; certain countries have legal environments and policies that permit them to record anything and everything, from cellular calls to internet traffic.
- Before you connect to any public wireless hotspot, confirm the name of the network and login procedures with appropriate staff to ensure that the network is legitimate.
- Avoid sensitive activities (e.g. shopping, banking) that require passwords or credit cards, especially on public Wi-Fi. Your personal hotspot is usually a safer alternative to free Wi-Fi.
- Only use sites that begin with “https://” and have a lock icon in the web address or status bar, which means the site is verified and encrypted.
- Never use your browser’s auto-login (“remember me”) or username and password auto-fill features.
- After each session, always clear your browser: delete the browser history, caches, cookies, URL, passwords, and temporary internet files.
- Beware of phishing: Do not open emails, attachments, or click links from unknown sources. Be extremely cautious about abnormal requests, links, and files in emails from people you know. Report suspicious emails to the appropriate authorities. To learn more, read our article on phishing and article on spearphishing.
- Do not download any files, software, or data unless you absolutely must.
- Terminate connections when you’re not using them.
- Always keep your devices with you — never leave equipment or devices unattended.
- Carry them on your person or keep them within your sight. Avoid storing devices underneath your seat or in the front pocket of your seat. Devices can easily become lost or stolen, especially if you step away or fall asleep.
- Avoid transporting devices in checked baggage — checked baggage can be lost, stolen, or stolen from.
- Do not use storage devices (e.g. USB, disks) given to you – they may be compromised.
- Shield passwords from view. Try not to display passwords or other sensitive information in plaintext while you are using your device.
- Be aware of shoulder surfers looking at your screen, especially in public areas. Consider using a polarizing screen filter.
- Disable location tracking services such as GPS and geotagging when you’re not actively using them. These services can inadvertently allow someone to see where you are—and where you aren’t— at any given time.
- Consider only using cash during your trip. This way, you are less at risk of a malicious person obtaining your credit card information.
When You Return
- Review banking and credit card statements for suspicious or unauthorized transactions.
- Change any passwords that you used during your vacation.
- Run full antivirus scans on your devices.
- Remove any apps you downloaded during your trip that you no longer need.
Related UH Policy
Please read the Office of Risk Management guidelines .
According to AP 8.851 – Employee Out-of-State and Intra-State Travel , individuals traveling to sanctioned countries must coordinate their travel and activities with the UH Office of Export Controls (“UH OEC”) . Refer to the Office of Foreign Assets Controls Sanctions Programs and Country Information for list of current sanctioned countries.
Be aware of export policies including EP 12.218 – Compliance with United States Export Control Laws and Regulations .
Review the US Department of State Traveler’s Checklist at http://travel.state.gov/content/passports/en/go/checklist.html including the detailed country information search tool at the bottom.