Best Practices

The U.S. State Department can provide travelers with detailed, current information about any country around the world. This information includes, but is not limited to, current travel alerts and warnings, vaccinations required for travel, the locations of American Embassies and Consulates within the country, local laws and special circumstances, and current safety and security concerns such as criminal activity.

Additional resources are available at http://www.dbs.umd.edu/travel/services/intltravel.php

Not all cellular plans will cover the use of the phone or mobile device outside the US without incurring hefty fees. In advance of traveling, be sure to check with your provider to see whether your current plan will meet your needs while abroad or if you will need to alter your plan or take any other actions to help avoid a larger-than-expected bill when you get home.

Below are the links to the international travel pages for some of the US’s major cellular providers. Please be aware that other options may also exist so do your research prior to traveling.

• AT&T Wireless
• T-Mobile
• Verizon Wireless
• Sprint

You should travel with only the data and applications that you absolutely need access to while traveling. Also be aware that certain types of data and applications may be export controlled and have federal regulations restricting them from being shared with, accessed in, or transported to certain foreign countries.  For more information on export controlled materials please visit the Export Compliance Office website or contact them with your questions.

If not already done, make sure all mobile devices have been configured to require a password, code, or other security mechanism to access the device. Passwords should follow accepted complexity recommendations, such as those given by the university’s Division of IT. If a mobile device makes use of a numeric access code, be sure to enable the longest code possible. For example, the iPhone gives users the choice between a 4-digit access code or a 6-digit code. The 6-digit code should be used because this gives a far greater amount of possible number combinations rendering it extremely difficult, or more likely impossible, to guess.

Mobile devices should also have any included security features enabled. These features may include anti-virus software, firewall, and automatic or remote wipe capabilities. Automatic and remote wipe capabilities will allow a device’s hard drive to be completely erased in the event a password or passcode is entered incorrectly a specified number of times or the device’s owner discovers it is missing and activates the wipe function from another device, respectively.

Mobile devices often come with a feature that allows the user to fully encrypt the device’s hard drive. In many cases this is as simple as turning the feature on. In some cases, however, full disk encryption may require use of third-party software. Once the hard drive is encrypted all data stored within the drive will be protected from anyone trying to gain access without the proper decryption key or password. Fully encrypted hard drives are even protected in the event the hard drive is removed from the device itself, a tactic often used to attempt to bypass password protection at the operating system level. This method of encryption is more reliable than encrypting individual files because it ensures that all necessary files are encrypted so there is no need for the user to have to remember to encrypt individual files.

Users may also consider storing sensitive or critical files within a cloud-based storage solution, such as Google Drive or Box. Using this method ensures that all files remain protected from unauthorized access and that all files are available as long as the user has an Internet connection. Please be aware, however, that certain restrictions may apply when using a cloud-based solution. Some federal standards require data be stored on servers located within the US and not all cloud providers meet this requirement (i.e., they may store data on servers located in data centers in other countries).

Make sure that the operating systems and any software or applications installed on the devices you are traveling with have the latest security updates and patches installed. This is especially important for security software and applications like firewalls and antivirus programs. If possible, enable the automatic update feature that is built into most software and applications and allows all updates to be downloaded and installed as soon as they are released publicly.

Always keep devices on your person or in your carry-on luggage rather than packing them in your checked bags. Never walk away from devices for any length of time while in a public place, even if someone offers to watch them.

If storing devices in a backpack or other bag consider using a small luggage lock or even something as simple as a twist tie to secure zippered pockets. When sitting or standing with a bag containing your devices try and position it so you can block access to the bag and prevent the bag from being stolen.

Cyber criminals and foreign intelligence agencies may use these networks to spy on users’ activities and steal login credentials, credit card number or banking information, or other types of personal information.

A VPN provides a secure connection directly to the resources you are trying to access. Similar to a tunnel, it protects your communications from outside threats found across the Internet.

Please note that due to the ever-changing political landscape around the world some countries may place restrictions on the use of a VPN or ban the use of VPNs outright. As part of any traveler’s initial research into the region(s) they plan to travel to, special attention should be given to any existing technological restrictions that may be in place. In some cases, failure to abide by these restrictions has the potential to carry fines upwards of $500,000.

For more information about the university’s VPN, please go here.

Delete all history files, caches, cookies, and temporary Internet files. These could be used to track your online activities or for more malicious purposes. Many web browsers and even devices now allow users to browse the Internet in a private or incognito mode, which may automatically resolve this. When utilizing this type of browsing, websites are unable to leave cookies on your device and your browsing history won’t be recorded in any way. On some websites, using a private or incognito mode may even prevent the website itself from collecting and sharing information about you, although this certainly is not the case on all sites. Please note also that the use of a private or incognito browsing mode will not protect against malware infection.

These may contain malware or may be configured in a way that allows them to automatically copy any data stored on your devices.

Someone may use this as an opportunity to steal your phone or they may even create a distraction that takes your attention away from your device long enough for them to steal data from it or install something on the device that allows them to track your movements and activities. Alternatively, the person may just place a phone call that is out of your service area causing you incur a large long distance charge.

While this is true any time you use technology, it may be even more prevalent when traveling abroad. These attempts may occur via email communications, telephone calls, or even in person. If it seems like someone is probing you for answers, they might be.

Most devices now include Bluetooth, Wi-Fi, and GPS capabilities. These services can be used by attackers to gain access to your devices or track your movements. When not actively using these services, make sure they are turned off.

If at all possible, do not access banking or other financial websites. Try not to access other sites containing personal information you would want to remain private.

This applies not just to online accounts you accessed while abroad, but also the devices themselves. If you checked voicemail while traveling then also be sure to change that password or access code.

Make sure your antivirus software is up to date and then run a full scan of your device.

This will include banking accounts as well as online accounts. Hopefully, by following the guidance above, this will prove to be quite uneventful.