Please see International Travel Security for more information.
Before you go
- High-Risk Destinations. If your country of destination is considered high-risk, see the high-risk destination recommendations here. You can view the list of high-risk destinations here.
- Travel only with the data and devices that you need. If you don’t have it, it can’t be stolen or confiscated. This may mean leaving some of your devices at home, removing personal or University data from your devices, or shifting your data to a campus-approved secure cloud service. If possible, avoid traveling with any sensitive or confidential information on your laptop, USB drives, mobile devices, etc.
- If you’re traveling on DU business, check with your IT support staff about the possibility of getting a clean, encrypted laptop and/or phone that contains no sensitive data, no local passwords, etc. Also, check with your department for specific policies about device use and traveling abroad. You can request a loaner device through the IT Help Center.
- Encrypt all devices and data that you take with you.
- Secure Your Mobile Devices
- Full Disk Encryption (FDE) provides safeguards against data stored on local devices from prying eye. FDE is especially useful for laptops and small computing devices that can be lost or stolen. If you use your personal laptop to access DU information, we strongly recommend enabling native FDE technology.
- If you use a University-owned laptop, please contact the IT Help Center.
- You may need to verify whether the location you travel to restricts encrypted digital content. If you cannot use encryption software at your destination, contact your IT Help Center for guidance.
- Password protect all of your devices. Use strong passwords, passcodes, or smartphone touch/facial ID to lock and protect your devices.
- Change any and all passwords you may use abroad.
- Back up your data to a secure location such as OneDrive.
- Set up multifactor authentication for your personal accounts whenever possible for an additional layer of security. IT@DU recommends using an app such as Google Authenticator for your personal accounts.
- Update your operating system and apps/ software, including antivirus protection, to make sure you are running the most secure versions available. Contact IT Help Center for guidance if necessary.
- Turn on "Find My" tracking and/or remote wiping options in case of loss or theft. Make sure you know how to use these tools before you go. It is possible to remote wipe your device if your account is in Office 365.
- Consider enrolling it in an international rate plan to avoid incurring exorbitant roaming charges.
- Log out of browsers and apps, remove any saved login credentials, and clear your browser history.This will help prevent anyone from accessing your accounts or information without your knowledge. Also, delete apps you no longer use.
- Clear your devices of any content that may be considered illegal or questionable in other countries.
- Check the State Department's website for any travel alerts concerning the specific countries you plan to visit (including any tech restrictions) and guidance on travel to high-risk areas. They also provide information for U.S. students traveling abroad, as does the FBI.
- Power off your devices before you arrive at the border. This will help resist a variety of high-tech attacks.
- Do not put devices into checked baggage. Checked baggage can be lost, stolen, or tampered with.
- Always keep your devices with you. Carry them on the plane, train or bus, and keep them nearby, within your sight. Avoid putting devices underneath the seat or in the front pocket of your seat. Devices can easily become lost, stolen, or tampered with. If you become separated from your equipment, there is a possibility that it has been compromised. If your equipment is confiscated or inspected by any foreign authority, then it should be considered compromised.
- Disable auto-join Wi-Fi. Shut off the auto-join Wi-Fi function.
- Be careful when using public wireless networks or Wi-Fi hotspots; they’re not secure, so anyone could potentially see what you’re doing on your computer or mobile device while you’re connected. If traveling to countries outside the U.S. and Europe, you should presume that the network itself is not secure. If you need Internet access, make sure you know who the reputable carriers are and only connect to them.
- Use Virtual Private Network (VPN) software to secure your Wi-Fi network connection (encrypted). Note that some countries disallow the use of VPNs.
While you're there
- Connect to the Internet securely. The above advice about avoiding public Wi-Fi, using the campus VPN, and considering networks as unsecure in general also apply after you arrive.
- Physically protect yourself, your devices, and any identification documents. Always keep your devices with you during your travels. Do not assume they will be safe in your hotel room or in a hotel safe.
- Do not plug in untrusted accessories. Accessories that come from questionable or unknown sources can be infected with malware intended to steal your information. Avoid plugging in any untrusted accessories (flash drive, charging cable/station/port, SD card, power stick, etc.) to your device. Try to bring all necessary accessories with you, but if you must purchase something abroad, make sure it is from a reputable source.
- Never log into anything when using public computers. They may be loaded with keyloggers and malware. If you use a device belonging to other travelers, colleagues, or friends, do not log in to email or sensitive accounts.
- Disable Wi-Fi and Bluetooth when not in use. This protects you from harmful connections and some types of tracking technology.
- Wait to post about your trip on social media until you return home.
When you return
- Change all passwords you may have used abroad. Regardless of whether you used them on your device or a public computer, they may be compromised.
- Run full antivirus scans on your devices.
- Check your statements. If you used a credit or debit card while traveling, check your monthly statements for any discrepancies for at least one year after you return.
- Delete unneeded apps. If you downloaded any apps specifically for your trip and no longer need them, be sure to delete them and the associated data.
If you had a loaner device, don’t connect it to the network when you get home. Return the device immediately to your IT support staff so they can help you access it safely.
Requirements for travelers to high-risk destinations
Special consideration and preparation should be made when traveling to High-Risk destinations. Below are the recommendations:
Traveling with Mobile Devices (Laptops, Tablets and Smartphones)
- We strongly recommend leaving your current devices here and traveling with a DU Travel kit. You can borrow a kit by requesting one from the [IT Help Center]. The Travel Kit is DU-loaner laptop or iPad and will allow you to manage email, view your calendar, run presentations, edit documents, and access DU-sanctioned websites. The devices are set up specifically for one-time use and wiped back to factory settings when you return.
- Leave USB storage drives at home. These are easily lost and easily corrupted. If you must travel with a USB storage device, ensure it’s encrypted.
- If you have a DU-issued iPhone, you are good to go. Leave your mobile device at home. Request a DU Travel iPhone from IT if you don’t have a DU-issued iPhone. In both cases, the devices will be completely wiped after you return. The Travel iPhone will have DU’s Mobile Device Management (MDM) installed.
Before you go
- Forward your voicemail to your email. This saves you from having to dial into your voicemail account, potentially revealing your voicemail passcode.
- Enable multi-factor authentication for cloud services – such as Gmail/Yahoo mail, O365, LastPass, Facebook, Instagram, Twitter, LinkedIn, Amazon, eBay, etc.
While you’re traveling
- Do not plug your phone into charger kiosks. There may be a malicious computer on the other end of that innocent-looking wire.
- Be aware of your surroundings. Watch for those looking over your shoulder or potential thieves.
- Always keep the device(s) with you during your travel. Please do not assume they will be safe in your hotel room or a hotel’s safe.
- Assume that anything you do on the device, particularly over the Internet, will be intercepted. In some cases, encrypted data may be decrypted.
- Never use shared computers in cyber cafes, public areas, hotel business centers, or devices belonging to other travelers, colleagues, or friends.
- Do not send any sensitive messages via email.
- Sign out of the application you have installed on your mobile device.
When you return
- Change your DU password.
- If you checked your voicemail while traveling, change your voicemail passcode.
- Change any passwords you may have used abroad.
- If you brought your computer, save any documents you created while traveling to an external drive and restore them from your pre-departure backup.
China: a special travel situation
Travelers to the People's Republic of China have experienced various issues, including the following:
- Access to services we take for granted, like Gmail and other Google apps, Wikipedia, and Yahoo Mail, are often blocked or filtered.
- The government may monitor Skype connections.
- Individuals using VPNs reported that they are often cut off for hours.
- Hotel staff and government officials can access hotel room safes, so don't expect that a computer or mobile device in a hotel safe will be secure.
Always keep your mobile devices and laptop with you.
High cybersecurity risk destinations
Travel to countries with different laws and expectations is sometimes necessary but presents a unique challenge to the confidentiality of University data. The following is a list of countries representing high, moderate, and low cybersecurity risks to DU faculty and staff traveling abroad.
DU compiles its list of high cybersecurity risk countries from several sources, including countries that are the subject of Travel Warnings by the U.S. Department of State and those that are identified as high risk by other U.S. Government sources such as the Department of the Treasury Assets Control (OFAC), the Federal Bureau of Investigation (FBI), the Office of the Director of National Intelligence (ODNI) and Stanford Information Security Office list of High-Risk Countries. The list will be updated regularly.
High Cybersecurity Risk
- China, The People's Republic of
- Hong Kong
- Korea, Democratic People's Republic of
- Crimea (Region of Ukraine)