Information Security when Traveling Abroad
Travel is often essential when conducting and promoting University business and research, but there are precautions that should be taken, especially when traveling abroad.
Avoid storing any sensitive personally identifiable information (PII) or sensitive research data on any electronic device you intend to take on your trip. If the device is lost, stolen, or otherwise compromised, the sensitive data could also be compromised. You should review the information stored on the device and remove anything unnecessary prior to the trip. Examples of sensitive information include:
- Personally identifiable information such as Social Security numbers; health or financial information of patients, employees, donors, students, clinical trial participants; etc.
- Student information such as grades, comments on a student’s work, or other non-directory information on a student
- Proprietary information, including unpublished research such as drafts of articles, current projects, data sets, or third-party proprietary information
- Any confidential information not for public distribution such as internal business plans, marketing information, internal HR discussions, etc.
- Data that cannot be recovered if your computer is lost or stolen such as your lifetime research endeavors
Take only the information which you will present or discuss at the conference or other event. Back up your data and leave a copy in a safe and secure location such as your office or an authorized University fileserver.
All laptops should have encryption software installed. However, certain types of computer hardware and software have export restrictions when traveling to a small group of countries. Be aware that your personal belongings may be searched multiple times and electronic media may be copied. It is important to remember that encryption is useless if the means of decryption is readily accessible, i.e. the password is written on a note in your bag or saved to a file on your computer.
For ease and security, consider keeping your data only on a University server and accessing it only through a secure connection.
Especially when traveling internationally, you should keep mobile devices (laptop, phone, etc.) in your control at all times. Be cautious if your laptop begins to run noticeably slower or acts strangely after taking it abroad. You should have the system checked by a known, trusted expert for viruses and spyware before and after travel. Understand that foreign universities, governments, and companies are often linked. Any inquiry may have an ulterior motive, such as stealing intellectual property. Not all conference attendees with whom you come into contact are there for the same reason; they may be enquiring on behalf of another country or researcher. Be cautious of unsolicited requests and questions about your research or other sensitive information. It is advisable to not speak about or comment on the status of research and development being conducted by others at the institution. Defer questions to those individuals directly.
Avoid political conversations or offering political opinions while in foreign countries, either in person, on the phone, or online.
For more information
- Data Classification Policy
- University of Miami Export Control website
- University of Miami Export Control policy
- Pointsec Export Restrictions
- US Department of State International Travel Advisories and Warnings
- Personal Safety While Traveling Abroad
- FBI’s National Security Higher Education Advisory Board
- Exercise Caution When Using Public Wireless Access Points
Posted October 21, 2009