The Threats | Best Practices | What to do if a Device is Lost/Stolen
The following is a set of best practices that should be observed by anyone traveling abroad, whether in support of University business or for personal reasons. They are divided up into a series of steps to be taken before, during, and after the trip.
Familiarize yourself with your destination(s).
The U.S. State Department can provide travelers with detailed, current information about any country around the world. This information includes, but is not limited to, current travel alerts and warnings, vaccinations required for travel, the locations of American Embassies and Consulates within the country, local laws and special circumstances, and current safety and security concerns such as criminal activity.
Additional resources are available at http://www.dbs.umd.edu/travel/services/intltravel.php
Check with your wireless providers to ensure coverage.
Not all cellular plans will cover the use of the phone or mobile device outside the US without incurring hefty fees. In advance of traveling, be sure to check with your provider to see whether your current plan will meet your needs while abroad or if you will need to alter your plan or take any other actions to help avoid a larger-than-expected bill when you get home.
Below are the links to the international travel pages for some of the US’s major cellular providers. Please be aware that other options may also exist so do your research prior to traveling.
Sanitize and backup the electronic devices you will be traveling with.
You should travel with only the data and applications that you absolutely need access to while traveling. Also be aware that certain types of data and applications may be export controlled and have federal regulations restricting them from being shared with, accessed in, or transported to certain foreign countries. For more information on export controlled materials please visit the Export Compliance Office website or contact them with your questions.
Configure devices to maximize security while abroad.
If not already done, make sure all mobile devices have been configured to require a password, code, or other security mechanism to access the device. Passwords should follow accepted complexity recommendations, such as those given by the university’s Division of IT. If a mobile device makes use of a numeric access code, be sure to enable the longest code possible. For example, the iPhone gives users the choice between a 4-digit access code or a 6-digit code. The 6-digit code should be used because this gives a far greater amount of possible number combinations rendering it extremely difficult, or more likely impossible, to guess.
Mobile devices should also have any included security features enabled. These features may include anti-virus software, firewall, and automatic or remote wipe capabilities. Automatic and remote wipe capabilities will allow a device’s hard drive to be completely erased in the event a password or passcode is entered incorrectly a specified number of times or the device’s owner discovers it is missing and activates the wipe function from another device, respectively.
Protect data by enabling whole disk encryption and/or making use of cloud-based storage solutions.
Mobile devices often come with a feature that allows the user to fully encrypt the device’s hard drive. In many cases this is as simple as turning the feature on. In some cases, however, full disk encryption may require use of third-party software. Once the hard drive is encrypted all data stored within the drive will be protected from anyone trying to gain access without the proper decryption key or password. Fully encrypted hard drives are even protected in the event the hard drive is removed from the device itself, a tactic often used to attempt to bypass password protection at the operating system level. This method of encryption is more reliable than encrypting individual files because it ensures that all necessary files are encrypted so there is no need for the user to have to remember to encrypt individual files.
Users may also consider storing sensitive or critical files within a cloud-based storage solution, such as Google Drive or Box. Using this method ensures that all files remain protected from unauthorized access and that all files are available as long as the user has an Internet connection. Please be aware, however, that certain restrictions may apply when using a cloud-based solution. Some federal standards require data be stored on servers located within the US and not all cloud providers meet this requirement (i.e., they may store data on servers located in data centers in other countries).
Update your systems.
Make sure that the operating systems and any software or applications installed on the devices you are traveling with have the latest security updates and patches installed. This is especially important for security software and applications like firewalls and antivirus programs. If possible, enable the automatic update feature that is built into most software and applications and allows all updates to be downloaded and installed as soon as they are released publicly.
Do not leave your devices unattended.
Always keep devices on your person or in your carry-on luggage rather than packing them in your checked bags. Never walk away from devices for any length of time while in a public place, even if someone offers to watch them.
Keep devices in interior jacket pockets or other hard-to-reach places.
If storing devices in a backpack or other bag consider using a small luggage lock or even something as simple as a twist tie to secure zippered pockets. When sitting or standing with a bag containing your devices try and position it so you can block access to the bag and prevent the bag from being stolen.
Avoid free Wi-Fi networks and Internet Cafes.
Cyber criminals and foreign intelligence agencies may use these networks to spy on users’ activities and steal login credentials, credit card number or banking information, or other types of personal information.
Use a VPN to connect to university resources.
A VPN provides a secure connection directly to the resources you are trying to access. Similar to a tunnel, it protects your communications from outside threats found across the Internet.
Please note that due to the ever-changing political landscape around the world some countries may place restrictions on the use of a VPN or ban the use of VPNs outright. As part of any traveler’s initial research into the region(s) they plan to travel to, special attention should be given to any existing technological restrictions that may be in place. In some cases, failure to abide by these restrictions has the potential to carry fines upwards of $500,000.
For more information about the university’s VPN, please go here.
Clear your Internet browser after each use.
Delete all history files, caches, cookies, and temporary Internet files. These could be used to track your online activities or for more malicious purposes. Many web browsers and even devices now allow users to browse the Internet in a private or incognito mode, which may automatically resolve this. When utilizing this type of browsing, websites are unable to leave cookies on your device and your browsing history won’t be recorded in any way. On some websites, using a private or incognito mode may even prevent the website itself from collecting and sharing information about you, although this certainly is not the case on all sites. Please note also that the use of a private or incognito browsing mode will not protect against malware infection.
Do not allow foreign electronic storage devices to be connected to your computer or phone.
These may contain malware or may be configured in a way that allows them to automatically copy any data stored on your devices.
Do not loan your cell phone or mobile devices to anyone.
Someone may use this as an opportunity to steal your phone or they may even create a distraction that takes your attention away from your device long enough for them to steal data from it or install something on the device that allows them to track your movements and activities. Alternatively, the person may just place a phone call that is out of your service area causing you incur a large long distance charge.
Beware of phishing or other social engineering attempts.
While this is true any time you use technology, it may be even more prevalent when traveling abroad. These attempts may occur via email communications, telephone calls, or even in person. If it seems like someone is probing you for answers, they might be.
Disable broadcasting services on devices.
Most devices now include Bluetooth, Wi-Fi, and GPS capabilities. These services can be used by attackers to gain access to your devices or track your movements. When not actively using these services, make sure they are turned off.
Avoid accessing sensitive personal information online while abroad.
If at all possible, do not access banking or other financial websites. Try not to access other sites containing personal information you would want to remain private.
After You Return
Change your passwords.
This applies not just to online accounts you accessed while abroad, but also the devices themselves. If you checked voicemail while traveling then also be sure to change that password or access code.
Run a full system antivirus scan.
Make sure your antivirus software is up to date and then run a full scan of your device.
Monitor your accounts for suspicious activity.
This will include banking accounts as well as online accounts. Hopefully, by following the guidance above, this will prove to be quite uneventful.