Security Tips for International Travel

International TravelFor members of the campus community, a trip to a foreign country presents unique data security challenges.  The nature of international travel requires you to use your device  (laptop, tablet or smartphone) in various unfamiliar places that may expose your data and device to malicious people and software. 

Staying digitally connected often means connecting devices to public networks in hotels, airports, train stations, and conference halls, which employ minimal security measures.  Public networks can harbor malware from cybercriminals looking to steal your data for identity fraud, as well as nation-state actors targeting academic and business travelers for intellectual property.  In some cases, education networks are broadly targeted by government agencies for the benefit of data theft.

Below is a list of data security safeguards you should add to your travel checklist before, during, and after your trip.  In addition to data security safeguards, international travelers also need to consider US export control laws and import restrictions imposed by the destination countries. Please read the encryption consideration below. It will help you make a better decision about keeping your data safe during your trip.

If you have any questions about securing your data on your trip, please send an email to security@berkeley.edu.

Before You Leave

In the weeks before your scheduled travel date, please include the following data security safeguards to your travel planning routines

  1. Register your trip and sign up for travel alerts. Review this page at Risk Services for information on how to register your travel, get travel insurance, and sign up for alerts on political unrest, natural disasters, and other health warnings.
  2. Leave your data and/or device at home.  The best way to safeguard your data or device is to not bring them on the trip.  If you don’t need to access data stored on your computer, leave your computer in a secure location at home and bring along a loaner computer instead.  Consult your technical support staff to see if there’s an option to borrow a loaner computer for your trip. 
  3. Back up your data.  Whether you are traveling with a loaner computer, your regular computer, tablet, or smartphone, you should always back up your data.  That way if you lose your data along with your device or malware corrupts it during the trip,  you can be sure you have a good copy from which you can recover your data.
  4. Install and configure encryption software.  In the unfortunate scenario where your device is lost or stolen, disk encryption software can help encode your data such that only you and people you authorized can decode and read the encrypted data.  Full disk encryption software, which is freely bundled with recent Microsoft Windows and Mac OS X operating systems, is easy to use and setup.  Some foreign countries restrict the use of imported encryption software, so please research the software import laws of your destination country.  If you are not able to use encryption software at your destination, please strongly consider leaving your data and device at home, and bringing a loaner device instead.
  5. Install and configure campus VPN software.  To protect against eavesdroppers on networks during your trip, install and configure VPN software to utilize full tunneling. Full tunnel VPN configuration will secure all internet traffic, whereas the alternate configuration, split tunneling, only protects internet traffic for UC Berkeley internet services. 
  6. Print up extra CalNet 2-Step Backup Passcodes. You can use passcodes as your second step verification method. You can do this in a number of ways.  
  7. Configure device according to campus minimum security standard (MSSND).  The following requirements are especially critical for foreign travelers:
    • update your operating system and application software to the latest versions possible
    • install and update anti-malware software
    • choose strong passphrases
    • for laptops, setup and use a personal account that does not have superuser (root, administrator) privileges
    • Follow our robust "MSSND: How to Secure Devices" guide for meeting these requirements.

On the Road

  1. Do NOT leave your device unattended. Physically having control of your device is the easiest way for someone to access your data.  Do not leave your device unattended, lend it to someone you just met or leave it in your checked bag on your flight.  If you ever leave your computer, make sure to turn it off instead of just hibernating it or putting it to sleep.
  2. Do NOT plug in untrusted accessories.  Untrusted accessories, those that came from questionable sources, can be infected with malware intended to steal your data.  Avoid plugging in any untrusted accessories (flash drive, charging cable, SD cards, etc.) to your device.  Try to plan and take all the necessary accessories with you, but if you must purchase an accessory abroad, make sure it is from a reputable source.
  3. Do NOT enter your credentials into public computers.  Public computers such as hotel business center workstations and internet cafe computers are often poorly managed and provide minimal security protection for its users.  If the need to use public computers arises during your travel, avoid entering your credentials at these public computers.  
  4. Connect only to known wifi networks. It’s tempting to stay in touch with friends and colleagues as you travel by connecting to wifi networks.  However, anyone can create a network and give the network a legitimate sounding name, hoping to lure unsuspecting travelers to connect while capturing personal information transmitted through the network. This is especially prevalent at public cafes, hotel lobbies and airports.  When connecting to a network, find out the correct network name from the staff at the business and connect to it. 
  5. Turn off your wifi when not in use.  Attackers can easily spoof Wifi network names to connect to devices within range for eavesdropping.  To help you avoid accidentally connecting your device to rogue wifi networks at a later time,  once you are finished using the network, turn off wifi on your device.
  6. Use VPN Software to establish a secure network connection.  Not only does the VPN software provide access to UCB services such as library services, it also creates a secure connection to UCB that will prevent network eavesdroppers from gleaning private information when you use the network on the road.  To take full advantage of the security provided by VPN software, be sure to utilize full tunnel configuration as noted above.
  7. Use a non-privileged account.  Just as software installation requires elevated privileged accounts, malware often requires elevated privileges to infect your computer.  Use a non-privileged account and only elevate privileges when necessary on your device. This will provide additional protection against malware infections. 
  8. Practice safe web browsing.   The websites you visit online hold valuable data about you.  They are also becoming gateways thru which hackers can steal your data by infecting reputable or seemingly reputable websites with malware.  This threat is magnified during foreign travel as you connect to public networks in hotels, airports, cafes, etc at your destination.  To protect yourself while browsing websites abroad,
    1. Connect to HTTPS websites. Web pages you connect to using HTTP exchange information unencrypted. This could expose your information to attackers on the public networks you use during your travel.  Before sending or receiving any sensitive information, make sure the internet address(URL) in the web browser starts with HTTPS.
      1. If your browser displays an error about the digital certificate used to encrypt the data, i.e. that it cannot verify the identity of the HTTPS website, you should assume the site is fake, compromised or the web traffic is being intercepted.  Stop connecting to the website and try it from another location.  Examples of such an attack targeting popular sites have been observed against academic institutions and a country's general population.
    2. Do not click on suspicious links or prompts.  Malicious websites commonly craft attacks to exploit a user’s curiosity, impatience or to scare them with malware threats.  These malicious attacks might come in the form of links or pop-ups that present free offers too good to be true or imminent malware infection if you don’t install the product.  Think before you click a link or “Yes” to a prompt.
    3. Clear browsing session information when using devices that do not belong to you. Some web applications do not log you out entirely, even when clicking the logout button or closing the browser.  Such behavior allows the next person who uses the device to browse to the same page or click the back button to access your data as if you are still logged in. To prevent others from accessing your account and data, clear all the web browser session information.
  9. Take note of the credentials you are using during the trip. Regardless of whether you are using them on your device or public computer, they may be compromised.  To be safe, take note of the credentials you used so you can change them on a trusted and secure device once you return.

After Your Trip

  1. Reset credentials you used during the trip.  As noted above, consider credentials you used during the journey to be compromised.  Use a trusted computer, whether it’s your own or one provided by your IT support staff, to reset credentials that were used during the trip.  For example, if you use your Calnet credentials during the trip, go to CalNet management website to reset your CalNet passphrase.

Import Restrictions on Encryption Software

Encryption software is a very useful tool to strengthen the protection of your data.  However, many foreign countries do not permit encryption software to be imported or used without prior approval.  For example, China requires international travelers to apply for a license to use encryption software before arrival.  To learn more about background information and details of import restrictions on encryption software, follow the links below to external websites:

If you are not able to use encryption software at your destination, it is strongly recommended to leave your data and device at home, and bringing a loaner device instead.  If your information is sensitive and it is illegal to secure your devices/data and communication, contact the security office (security@berkeley.edu) for advice.

(Image above provided and created by kolobsek on morguefile.com)