Travel Internationally with Technology
This article applies to: Security & Policy
To protect you while you travel abroad, and to help Cornell manage its non-U.S. compliance obligations, effective September 28, 2015, all staff, students, and faculty are required to pre-register any travel outside the U.S. in the International Travel Registry.
Watch the Video: Traveling Internationally with Technology
Always take additional precautions when traveling internationally with electronic devices. International travel increases the likelihood that both personal and university-owned devices and data will be compromised.
The Cornell IT Security Office (ITSO) recommends the following baseline precautions be taken to reduce the likelihood that your devices will be compromised. If any of your devices are compromised, having taken these precautions will reduce the negative impacts for you and for Cornell.
For questions about any of the recommendations listed here, please consult with your local IT support or the IT Security Office (firstname.lastname@example.org).
Pre-Travel: Start Preparing Weeks Before Leaving on an International Trip
Whenever possible, arrange to use loaner laptops and loaner handheld devices while traveling. Take the computer, but leave your data behind. This is perhaps the most effective single solution you can implement for an international trip.
Taking a loaner device drastically reduces the likelihood that theft or compromise will expose historical or archived data, which isn't needed while you travel. It also means that upon your return, after backing up relevant data from your travels, the device can be wiped clean (erased), helping mitigate the risks of importing threats back into your home environment.
Check with your local IT service provider or The Cornell Store for more information on loaner devices.
We strongly recommend all mobile devices be encrypted. This includes any device you are taking with you (computers, tablets, mobile phones, etc.). You should check to see if the country you're traveling to has any encryption import restrictions.
Some countries, such as China, Israel, and Russia, have restrictions on the import and use of encryption tools and do not allow cryptography tools to be imported or used within their borders without a license, or in some extreme cases, at all.
Under these restrictions, any country can potentially confiscate systems entering or leaving its borders. For that reason, we strongly recommend loaner devices. If travel to one of these countries is a frequent or routine occurrence and/or loaner equipment isn't a viable option, the IT Security Office can work with your IT support provider on alternative solutions.
For more information on encryption restrictions, consult Wikipedia: Restrictions_on_the_Import_of_Cryptography.
When you use a loaner device, encryption is less necessary. If you aren't carrying around all your usual access and information, then there's much less chance of something being compromised. This is especially handy when traveling in countries that don't allow encryption.
Do not store passwords or other credentials on the device.
Do not store any passwords on the device outside of password management applications designed to securely store and handle login credentials (username/password combinations). Be sure to configure your web browser(s) to not save passwords. This prevents login credentials from being saved in the browser cache. Your local IT support or the IT Security Office can provide recommendations for safe password storage options.
Understand how to Use Two-Step Login When You Travel Outside the U.S.
Leave sensitive data stored securely on Cornell servers and access it remotely only via Cornell's Virtual Private Network (VPN) service.
This requires planning in advance (to install VPN on your device), but it goes a long way toward providing secure access to your data without transporting it with you. Make sure that you test your ability to get to your data using VPN from some place off campus before leaving.
Get CU VPN.
Make sure all operating systems and applications are updated and patched before leaving on your trip.
If you are not using a loaner computer, uninstall unused and unnecessary applications and turn off unneeded services on your computer. Leaving them installed and/or running only serves to provide additional, possibly "unlocked" doors for intruders to gain access through when attacking your device.
When you use a loaner device, you should still make sure all operating systems and applications are updated and patched before leaving, but you don't have to worry about turning off unused and unnecessary applications, because the loaner should not have a lot of extras running on it—it's a blank slate for you to safely use while traveling.
Regardless if you take your own computer, or a loaner, do not accept any patches or updates while in foreign countries, as infected updates are becoming a more and more common attack vector.
Make sure you are running in the lowest possible privilege level.
While traveling, do not use an administrator account as your primary user account. Running as a non-administrative user on your system will defeat a significant number of malware and browser exploits, because your computer is less likely to allow software, including malicious software (malware), to be installed without you (1) clicking "install" and (2) typing your administrative password.
Only connect to known and trusted networks.
On all of your mobile devices (computers, tablets, mobile phones, etc.), turn off "join wireless networks automatically." Always manually select the specific network you want to join, only after confirming its name and origin with the provider. Turn off wireless and Bluetooth when not actively being used.
Keep track of what credentials you use while traveling.
Whether you sign into personal or Cornell accounts while traveling, keep track of the services you've accessed. The IT Security Office strongly recommends that at a minimum you change these passwords when you return. If you're on an extended trip, change them periodically. Do not use the same password for multiple services.
Don't leave a device at home or work auto-logging in with your credentials.
The chances of having your NetID account locked are greater if you are connecting from multiple locations around the world. To prevent this from happening, don't leave devices powered on at home or at work that automatically connect to your Cornell email or other Cornell services.
Post-Travel: What to Do When You Return to Campus After Traveling Internationally
Using a trusted computer, change passwords for all services you accessed while away.
When changing passwords for services you accessed while away, remember to pick strong, complex passwords, and do not reuse the same password for multiple services. See how to set strong passwords.
As a rule of thumb, have the devices you took on the trip assessed by your department's IT staff or the IT Security Office for signs of intrusion.
Again, the risk of compromise while traveling internationally is significant enough that we highly recommend using loaner devices.
If there is some reason that you cannot take a loaner laptop, be advised that it can be extremely time consuming and difficult to determine if a device has been compromised. As such, it's best to act accordingly: If you didn't travel with a loaner device, seek help from your local IT support to format and reinstall the operating system and applications upon returning to campus.
Return your mobile devices to their pre-travel configuration. This includes any device you are taking with you (computers, tablets, mobile phones, etc.).
Before connecting to another system on campus, turn off any services that you enabled specifically to facilitate your work while traveling, update and apply any patches that were released while you were away, and scan any data you brought back for malware.
For more information on travel to specific countries, consult U.S. Passports & International Travel: Country Information.