Powered by the KU IT Security Office

Travel

Whether you are traveling internationally or domestically, it's important to know how to protect your devices and data while you travel. Criminals know that many of us let down our guard while we are traveling, choosing convenience over security. See the best practices and tips below and on the "Workplace Security" tab to improve your safety and security when traveling.

Technology Travel Tips

Bring Only the Devices You Can't Live Without

The fewer devices you bring, the less work to prepare and configure your devices to be used outside the United States and restore them when you get back.

Can You Leave Your Personal Device at Home?

Consider buying a pre-paid phone and international phone service plan. You can skip configuring your personal phone before and after the trip. And, you’ll rest easy knowing that if something happens on the trip your phone and all your contacts, pictures and messages are waiting for you when you get home.

Backup All Your Files and Remove Everything You Don't Need

This goes for all your devices—laptops, tablets and phones. In the event your device is lost, stolen or hacked, the amount of information on your device will largely determine the severity of the problem. Talk to your IT Support Staff to see if your department has a loaner device they can configure for travel.

Protect Yourself With Unique and Strong Passwords

It’s always crucial to have unique and strong passwords but it's especially important before you travel. See Passwords to learn more.

Check Your Cell Phone Plan

Contact your cell phone service provider to learn about your options for international roaming and data charges. Consider turning off cellular data usage on your phone to avoid excessive costs.

Download and Update Your Software and Apps

Make sure you have antivirus software installed, updated and running properly on your devices. Faculty and staff workstations should automatcially have Sophos Antivirus installed. Sophos offers free Sophos Home to protect personal devices.

Install and Test eduroam

KU has joined a global consortium of nearly 6,000 institutions offering quick and easy access to local Wi-Fi networks. eduroam is a network access system developed for the international research and education community and currently available in 58 countries. KU faculty, staff and students can log into the Wi-Fi networks of other eduroam member institutions anywhere in the world, simply by using their KU Online ID and password. Find an eduroam location: U.S. Locations Map » | International Locations Map ». Accessing eduroam is similar to accessing secure JAYHAWK wireless when you’re on campus, but you'll need to add "@home.ku.edu" after your online ID.

Install and Test KU Anywhere (VPN)

KU Anywhere is KU’s virtual private network (VPN) service that allows faculty and staff secure remote access to resources on the KU network, such as a department file server, from a computer that is not connected to the KU network, but is connected to the internet. For more information, visit KU Anywhere.

Turn Off Wireless

Turn off your wireless when you’re not using it. Be sure to connect manually only to your network of choice, and preferably only to secure networks.

Turn Off File Sharing and Print Sharing

Turn off “file sharing” and “print sharing” features. It’s harder for hackers to access your data if they can’t see your device.

Turn Off Auto-Connect

Turning off your “auto-connect” feature will keep you from accidentally connecting to a potentially dangerous network.

Configure Your Devices for "Infrastructure" Networks Only

Configure your wireless card to use “infrastructure networks” only. Avoid connecting to “peer-to-peer” networks, also known as “hot spots” or “ad hoc” networks.

Make it Easier to Find Lost/Stolen Devices with Tracking Apps

Consider turning on or purchasing tracking/device finder applications in case your laptop, tablet or phone is stolen. Learn more about remote tracking services in the following article from How To Geek: How to Remotely Track Any Smartphone, Tablet or PC »

Delete Your Voicemail

Checking your voicemail from abroad could result in your password being compromised. In case that happens, the FBI recommends you delete old voice messages before you travel—particularly any voicemails that may contain sensitive information.

Mobile Plaza

Check out KU’s Mobile Plaza for all the latest KU-related mobile apps that may be helpful when traveling.

Reset All Your Passwords

When you get home, be sure to reset all your passwords with new unique and strong passwords.

Traveling with KU Data

If you plan to travel abroad with sensitive data, contact the KU IT Security Office for assistance with the following:


International Travel with Encrypted Devices

Is encryption software legal where you’re going? Be sure all the information and software on your device can be safely and legally transported to another country. The KU IT Security Office can help you understand your responsibilities for transporting encryption software. Below are answers to frequently asked questions about International Travel with Encrypted Mobile Devices:

International Travel with Encrypted Mobile Devices FAQs

Can I Take My Encrypted Laptop, Mobile Device, External Hard Drive, etc., with Me when I Travel Internationally?
It depends upon your destination(s). The United States and other countries have limited the import, export, and use of encryption products due to the fact that they can be used to conceal illegal activity. Taking your device with encryption software installed to certain countries could constitute a violation of U.S. export law or the import regulations of your destination country. Violating domestic or foreign laws in this manner could result in your equipment being confiscated, and in fines or other penalties.

Note that devices transported across international borders may be subject to official review by the government of your destination country. This may mean customs officials seize your device, make a complete copy of it, and retain that copy after the device is returned to you. You may or may not be allowed to be present while this inspection occurs. Be aware that your device may be compromised during this process.

What is the “Wassenaar Arrangement” and How Does it Help Me Travel with My Encrypted Devices?
The Wassenaar Arrangement contains provisions that allow a traveler to freely enter participating countries with encrypted devices under a “personal use exemption.” This exemption requires that you do not create, enhance, share, sell, or otherwise distribute the encryption technology while you are there.

Countries participating in the Wassenaar Arrangement include: Argentina, Australia, Austria, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Ireland, Italy, Japan, Latvia, Lithuania, Luxembourg, Malta, Netherlands, New Zealand, Norway, Poland, Portugal, Republic of Korea, Romania, Slovakia, Slovenia, South Africa, Spain, Sweden, Switzerland, Turkey, United Kingdom and the United States.

NOTE: The Russian Federation and Ukraine agreed to many of the Wassenaar Arrangement’s provisions, but they do not currently permit personal use exemptions.

What U.S. Export Regulations do I Need to Satisfy when I Leave the Country with My Encrypted Laptop or Mobile Device?
When Americans travel abroad, the U.S. Department of Commerce considers equipment, software, and data possessed by the traveler to be “exported” from the United States to the traveler’s destination(s). The exemptions from Export Administration Regulations are similar for devices owned by an organization (TMP exemption) and devices owned by you personally (BAG exemption):
  • You must spend no more than 12 months outside the United States.
  • The items you take with you must be under the “effective control of the traveler” AT ALL TIMES. This means the equipment, software, and data you take with you cannot be shipped as unaccompanied baggage. For example, you cannot stow external hard drives, flash drives, etc., in your checked baggage.
  • Travel to Iran, Syria, Cuba, North Korea, or Sudan is not permitted. The status of Cuba is currently under review.

If travel to one of the five embargoed countries is required, you may be able to obtain the appropriate export license. The process takes 90 days for review, on average. Applications for licenses to export encryption products to embargoed countries are reviewed by the Department of Commerce’s Bureau of Industry and Security and the Office of Foreign Assets Control (OFAC) within the Department of Treasury.

Both personal (BAG) and organizational (TMP) exemptions apply to the encryption technology in Microsoft’s Bitlocker (Windows) and Apple’s FileVault (Mac OS X).

Which Countries have Encryption Import and Use Restrictions? How do I Obtain an Import License?

The following nations, including two Wassenaar signatories indicated by an asterisk (*), do not recognize a "personal use exemption."  Before traveling to these countries with an encrypted laptop, you will need to apply to their specified governmental agency for an import license:

  • Belarus: A license issued by the Belarus Ministry of Foreign Affairs or the State Center for Information Security of the Security Council is required.
  • Burma (Myanmar): A license is required, but licensing regime documentation is unavailable. Contact the U.S. State Department for further information.
  • China: A permit issued by the Beijing Office of State Encryption Administrative Bureau is required.
  • Hungary: An International Import Certificate is required. Contact the U.S. State Department for further information.
  • Iran: A license issued by Iran's Supreme Council for Cultural Revolution is required.
  • Israel: A license from the Director-General of the Ministry of Defense is required. For information regarding applicable laws, policies and forms, please check the Israel Ministry of Defense website ».
  • Kazakhstan: A license issued by Kazakhstan's Licensing Commission of the Committee of National Security is required.
  • Moldova: A license issued by Moldova's Ministry of National Security is required.
  • Morocco: A license is required, but licensing regime documentation is unavailable. Contact the U.S. State Department for further information.
  • *Russia: Licenses issued by both the Federal Security Service (FSB) and the Ministry of Economic Development and Trade are required. License applications should be submitted by an entity officially registered in Russia. This would normally be the company that is seeking to bring an encryption product into Russia.
  • Saudi Arabia: At has been reported that the use of encryption is generally banned, but research has provided inconsistent information. Contact the U.S. State Department for further information.
  • Tunisia: A license issued by Tunisia's National Agency for Electronic Certification (ANCE) is required.
  • *Ukraine: A license issued by the Department of Special Telecommunication Systems and Protection of Information of the Security Service of Ukraine (SBU) is required.

Since laws can change at any time, please check with the U.S. State Department » before traveling internationally to ensure that you have the most up-to-date information. Please see "References" at the bottom of this section for more information on domestic and international cryptography laws.

What do I do if I Cannot Satisfy Encryption Export or Import Control Requirements?

In the event that you are unable to meet export or import restrictions for a country you plan to visit, you have options.

Work with your IT Support Staff to obtain a loaner laptop. This computer will be imaged with the standard image and software, but will not have whole disk encryption installed. You should not load any sensitive data of any kind on the loaner laptop.

Request to have encryption removed from your laptop. If you choose this option, you are required to remove all sensitive information from the system prior to travel. This option must be approved by your Dean or Vice Provost, and the KU IT Security Officer. The IT Security Office will work with TSC staff to ensure that all sensitive information has been removed and that the laptop has been properly secured prior to you being allowed to travel with it.

What do I need to do to My Laptop or Mobile Device Prior to Traveling?
  • Take with you only what you need. If you can manage your trip without a laptop, tablet, and/or smartphone, leave them at home.
  • Remove all data that is not essential to your travel or that is export restricted.
  • Before you go, work with your IT Support Staff to ensure your laptop is fully patched, Sophos antivirus is up to date, and (if allowed at your destination) that the hard drive is encrypted and Sophos SafeGuard is installed.
  • Ensure smartphones and tablets are encrypted (if allowed) and protected by a passcode, passphrase, or biometric, such as a fingerprint or facial recognition. Remove all unneeded data, apps and accounts from the device prior to travel. Register your device with a locator service such as Find My iPhone/iPad or Android Device Manager, so that it can be wiped remotely if lost or stolen.
  • If permitted by your destination country, all USB flash drives, external hard drives, and other external storage should be encrypted. These devices should remain with you at all times and should be transported in carry-on luggage.
  • Do not use USB-based public charging stations. “Juice jacking” attacks can install malware on your mobile device and/or copy data from your device. Only use chargers you brought with you from home and know to be good.
A Special Note Regarding Travel to China or Russia

If you must have nternet access during travel to these countries, do not take your normal mobile devices with you. Purchase a pre-paid phone (aka a “burner phone”) and inexpensive laptop specifically for your travel to these two countries. Upon your return to the United States, these devices should be inspected for compromise, then sanitized and destroyed by IT Security Office staff.

Travelers from the United States, particularly those involved in STEM research, are known to be priority targets for cyber-attack and/or surveillance. Additionally, university administrators, faculty who participate in political or religious activism, and fluent speakers of the local language may also be targeted.

While you are in these countries, assume that all of your communications are being intercepted, including voice calls, text messages, and internet traffic you believe is encrypted such as HTTPS connections and connections via a VPN service.

Things to consider if traveling to Russia or China:

  • NEVER ALLOW THE DEVICE OUT OF YOUR PHYSICAL CUSTODY, even for repairs.
  • Integrated laptop cameras and microphones should be physically disconnected. If possible, purchase a laptop without these features.
  • Install a privacy screen to discourage “shoulder surfing.”
  • Disable all file sharing protocols.
  • Disable Wi-Fi, Bluetooth, and infrared, if not needed.
  • Set up a temporary email account for your travels. Abandon and delete this account after your trip. Do not use this account to send or receive sensitive information.
  • Consider Tor and other censorship circumvention tools to be compromised. Their use may be monitored. If you choose to use them, you may be punished or expelled from the country.
  • Consider all USB drives, CD/DVDs, email attachments, shortened URLs, QR codes, etc., to be hostile. Do not scan QR codes, click links, open attachments, or insert any removable media into your computer. Do not bring these devices back to the United States with you.
  • Clean out your wallet. Remove anything that is non-essential for your travels. RFID-enabled cards should be carried in an RF-shielded sleeve to prevent them from being surreptitiously scanned.
  • Assume that discarded items such as CD/DVDs, USB drives, notes, and other documents will be retrieved from the trash for analysis.
  • Powered-off cellphones can still be used for geolocation and monitoring. Remove cell phone batteries when not in use.

References:

Educause: Designing IT Guidelines for Global Travel »
Princeton Information Security Office »
Crypto Law Survey »
International Crypto and Encryption Law map »
Export Information on Sophos Products »
Wassenaar Arrangement »
University of Rhode Island Office of Information Security: Travel to China or Russia »


KU IT on Twitter  KU IT on Facebook  KU IT on Instagram  KU Information Technology Home

Report a Security Incident

Security Awareness Tip of the Day (SANS)
Technology Help

Call KU IT Customer Support

785-864-8080
Phone support

Email KU IT Customer Support

itcsc@ku.edu
Support via Email

Faculty/Staff Support

Faculty/Staff Support
Technology Support Centers

KU IT Knowledge Base

Knowledge Base
FAQs & More

Virtual Service Desk

Submit Help Ticket
Online Help

Call KU IT Customer Support

913-626-9619
Phone support

Email KU IT Customer Support

kuec_support@ku.edu
Support via Email

KU IT Knowledge Base

Knowledge Base
FAQs & More

Request Edwards IT Support

Request Edwards IT Support
Online Help

Comments or ideas on how we can serve you better? Send us your feedback!

KU Today