Security Tips for International Travel

Traveling internationally comes with certain data security risks. Using devices like laptops, tablets, or smartphones in unfamiliar locations can expose them to threats. Connecting to public networks in hotels and airports often lacks robust security, making them easy to target. 

Consider adding the following data security safeguards to your travel checklist: before, during, and after your trip. Also, keep in mind US exportcontrols and the import restrictions of your destination country. Review the encryptionconsiderations to enhance your data safety during travel.

If you have any questions about securing your data on your trip, email security@berkeley.edu

Once you know your travel destination

1. Contact the Export Control Office Ask for guidance on export regulations, classification of controlled technical data, and assistance with export licenses for traveling researchers to avoid penalties and delays.

2. Research encryption laws at your destination Some foreign countries restrict the use of imported encryption software. If restrictions apply, use a loaner device instead, or you may need to contact IT Client Services: ITCS Support or your local IT department to decrypt your data before you leave. 

3. Inspect the content on your device. Even political cartoons could be an issue depending on the country.

4. Register your trip and sign up for travel alerts. Register your travel, get travel insurance, and sign up for alerts on political unrest, natural disasters, and other health warnings.

Before You Leave

1. Leave data/devices at home To safeguard your data and device, consider leaving your computer at home if you don’t need it. Instead, bring a loaner computer. Check with your department or technical support for borrowing options.

2. Back up your data.  Always back up your data when traveling with any device, whether it’s a loaner computer, your regular computer, tablet, or smartphone. This ensures you have a safe copy to recover from in case you lose your device or it becomes compromised.

3. Install and configure encryption software(if applicable). Full disk encryption software is freely bundled with recent Microsoft Windows and macOS operating systems, is easy to use and setup.  Some countries restrict imported encryption software, so be sure to check the encryption laws beforehandyou may need to contact ITCS to decrypt your data before you leave.

4. Install and configure campus VPN software. To protect your traffic on networks during your trip, install and configure VPN software to utilize full tunneling. Full tunnel VPN configuration will secure all internet traffic, whereas the alternate configuration, split tunneling, only protects internet traffic for UC Berkeley internet services. 

5. Prepare CalNet 2-Step Backup Passcodes. You can use passcodes as your second-step verification method. You can print them to take with you or use the Duo Mobile app on your phone to generate a passcode. This works anywhere, even when you don't have an internet connection or cellular service. Tip: Do this before you travel if you do not have cell service during your trip. Learn more at Traveling with 2-Step.

6. Follow our "MSSND: How to Secure Devices": Update your operating system and apps to the latest versions. Install and update anti-malware software. Choose strong passphrases. For laptops, make and use a personal account that does not have admin privileges (i.e., can’t install or write to your hard drive).

On the Road

1. Do NOT leave your device unattended. Don’t leave it unattended, lend it to strangers, or check it in during flights. If you leave your computer, turn it off instead of hibernating or sleeping it.
2. Do NOT plug in untrusted accessories. Avoid connecting untrusted items like flash drives, charging cables, or SD cards to your device. If you need to buy an accessory abroad, choose one from a reputable source.
3. Do NOT enter your credentials into public computers.  If the need to use public computers arises during your travel, avoid entering your credentials at these public computers.  
4. Connect only to known wifi networks. When connecting to a network, find out the correct network name from the staff at the business and connect to it.
5. Turn off your wifi when not in use. To help you avoid accidentally connecting your device to rogue wifi networks at a later time,  once you are finished using the network, turn off wifi on your device.
6. Use campus VPN Software. The VPN software offers access to UCB services, like library resources, while protecting your private information from eavesdroppers when using the network remotely. For optimal security, use the full tunnel configuration as mentioned.
7. Use a non-privileged account.  Use a personal account that does not have admin privileges and only elevate privileges when necessary on your device. This will provide additional protection against malware infections. 
8. Practice safe web browsing. Websites may collect data about you, or serve as gateways to steal your data. To protect yourself while browsing websites abroad,
   1. Only connect to HTTPS websites, which encrypt the data transmitted between your browser and the website,
   2. If your browser displays an error about the digital certificate used to encrypt the data, you should assume the site is fake, compromised, or the web traffic is being intercepted. Stop connecting to the website.
   3. Do not click on suspicious links or prompts. Malicious websites try to trick you by exploiting your curiosity, impatience, or fear of malware. Always think carefully before clicking a link or agreeing to a prompt.
   4. Clear browsing session information. Some web applications do not log you out entirely, even when clicking the logout button or closing the browser. Clear all the web browser session information to prevent others from accessing your account and data.
9. Take note of the credentials you are using during the trip. Whether you use them on your device or public computer, they may be compromised. To be safe, take note of the credentials you used so you can change them on a trusted and secure device once you return.

After Your Trip

1. Reset credentials you used during the trip.  Reset your credentials used during the trip. Use a trusted computer, whether it’s your own or one provided by your IT support staff, to reset the credentials used during the trip. For example, go to the CalNet management website to reset your CalNet passphrase.

Import Restrictions on Encryption Software

Encryption software is a very useful tool for strengthening the protection of your data.  However, many foreign countries do not permit encryption software to be imported or used without prior approval.  For example, China requires international travelers to apply for a license to use encryption software before arrival. To learn more about background information and details of import restrictions on encryption software, follow the links below to external websites:

• Wikipedia article discussing restrictions on encryption software import

• Crypto Law Survey website with a list of countries and their respective encryption software import restrictions.

If you are not able to use encryption software at your destination, it is strongly recommended to leave your data and device at home and bring a loaner device instead.  If your information is sensitive and it is illegal to secure your devices/data and communication, contact the security office (security@berkeley.edu).