International travelers (Students, Faculty and Staff) should limit the amount of sensitive information that is stored on or accessible to any mobile device taken on the trip, and travelers should avoid contact with the Fredonia network in general, specifically when traveling to high risk countries (see U.S. State Department's Alerts and Warnings).
Traveling internationally can pose significant risks to information stored on or accessible through computers, tablets and smartphones. Some of the risk is associated with increased opportunities for the loss or theft of the device and just merely the distraction of traveling. Additionally, our devices are put at risk because they will use networks that may be managed by entities that monitor and capture network traffic for competitive or malicious purposes.
Preparing for your trip
Identify "high risk" countries you plan to visit - Visit the U.S. State Department's Alerts and Warnings web page to identify "high risk" countries you plan to visit.
Understand the sensitivity of any data you bring or access - Seek ways to limit the amount of sensitive information that you take on your trip. Examples of data that should be left on campus or afforded exceptional protection include information that might be considered sensitive by the host government, and information defined as "Private or Restricted" by the Fredonia Data Risk Classification Policy. Removing unnecessary confidential data from any device reduces the risk of exposure to anyone gaining access to the information.
Follow guidelines for protecting your devices and data - Review and follow the best practices listed on our Online Safety Page. Understanding and following these practices will help you reduce the risk to the data and devices you are carrying or have access to in your travels.
Learn about hardware and software travel restrictions - Knowing the restrictions that countries place on transported hardware and/or software reduces the likelihood of your devices being confiscated or your trip being disrupted. In the hardware and software realm, export and import controls may apply to the hardware and software you may bring along. The United States restricts the transporting of certain types of hardware and software products to specific countries (referred to as "export controls"). Many other nations restrict the transporting of certain types of hardware or software into their country (referred to as "import controls").
Duo Security Multi-Factor Authentication Users (Only) - You must notify the Information Technology Services via a Tracker ticket to bypass Duo Security should you travel to a country under the jurisdiction of EU General Data Protection Regulation (GDPR). For more information: http://www.eugdpr.org/
NOTE: There are countries into which we cannot bring an encrypted device either due to United States export restrictions or import restrictions imposed by the destination country. Please visit the Wassenaar Arrangement Page for additional details.
Things to remember while traveling
- Avoid accessing the University directly with your Fredonia ID and password - By not logging into Fredonia applications while you travel, you eliminate the risk of your ID and password to Fredonia being captured and used to compromise Fredonia systems. You also reduce the amount of data that is retrievable if your mobile device is lost, stolen or otherwise compromised.
- Keep your direct access to Fredonia systems and information to an absolute minimum, preferably zero. Only access email through your external email account. Access the data you need for your trip from the external storage service (e.g., Fredonia Google Drive). Allow a colleague to add files to your external network drive in case a file was forgotten during preparations. Employees should always use their Virtual Private Network Service to remotely access sensitive University computing resources.
- Avoid using public workstations - The security of public workstations, especially in high risk countries, cannot be trusted. When you use a public workstation, anything that you enter into the system - IDs, passwords, data - may be captured and used, so limit your activity to the devices that you bring.
- Be aware of your surroundings when logging in or inputting data into your devices .There have been many cases where an ID, password or a piece of confidential information had been compromised simply by watching the person input the information. Be discrete when inputting your ID and passwords.
- Notify Fredonia if a theft or loss occurs - Traveling can be fraught with a variety of distractions - going through airport security, finding your way around town, getting used to cultural norms, etc. Unfortunately, most instances when mobile computing devices are lost or stolen occur in the areas where the distractions are the greatest. Recognizing distracting situations and, when they occur, taking extra care to maintain your focus can prevent you from having to take the steps necessary to disable those devices and obtain replacements. In case a laptop or mobile device is lost or stolen, contact ITSservicecenter@fredonia.edu or (716) 673-3407.
When you return
Change any passwords you may have used during your travels - When you return from your trip, change any passwords you may have used during your travels from a trusted device. When traveling, especially in high risk countries, the likelihood that your ID and password will be captured is high. Quickly changing a compromised password helps prevent future attacks on that account. Click here to change your University password.
Review your online account activity for anything suspicious (e.g. bank account, credit cards etc..).
Assumptions when traveling
- No device can be protected against all possible forms of system and information compromise, especially when its members travel to countries that are deemed as high risk. So, we must assume that any device taken to a high risk country will be compromised in some, potentially undetectable way. The only truly secure option is to refrain from using digital devices when traveling.
- Information of particular interest to someone intent on compromising your devices not only includes business data but also the traveler’s ID and password that could be used to directly access Fredonia's systems and information resources.
- When a device is compromised, the attacker may install software on the device that could compromise other systems and data on the Fredonia network when the traveler reconnects his or her device to our network upon return, unless measures are taken to completely restore the device to its pristine state before the network connection is established.
The U.S. Department of State's Country Specific Information website
Allows a user to specify his or her destination country for which it provides information such as, the location of the U.S. embassy and any consular offices; whether you need a visa; crime and security information; health and medical conditions; drug penalties; and localized hot spots.
The FBI's Travel Tips brochure
Measures that the FBI recommends taking before, during and after traveling internationally in a compact, printable document.
US CERT's Holiday Traveling with Personal Internet-Enabled Devices website
Tips from the US Computer Emergency Readiness Team for protecting your mobile devices when traveling.
Internet 2's Security Tips for Traveling Abroad website
A collection of institutional, governmental and other resources that provide guidelines for secure, international travel.
FAQs - Searches of Electronic Devices at the Border document
Questions and answers concerning searches of electronic devices at the border.
The Information Security Office at Princeton University - International Travel Guidelines
There is no content with the specified labels