Security Tips for International Travel

International TravelFor members of the campus community, a trip to a foreign country presents unique data security challenges.  The nature of international travel requires you to use your device  (laptop, tablet or smartphone) in various unfamiliar places that may expose your data and device to malicious people and software.  Beyond the physical loss of your device, staying digitally connected often means that you will connect your devices to public networks in hotels, airports, train stations, and conference halls, which employ minimal security measures.  These public networks often harbor malware from cybercriminals looking to steal your data for identity fraud, as well as nation state actors targeting academic and business travelers for intellectual property.   In some cases, education networks are broadly targeted by government agencies for the benefit of data theft.

To protect your data and device, whether it’s for work or personal, the rest of this article will outline a list of data security safeguards you should add to your travel checklist before, during and after your trip.  In addition to data security safeguards, international travelers also need to consider US export control laws and import restrictions imposed by the destination countries. Please read the encryption consideration below. It will help you make a better decision about keeping your data safe during your trip.

If you have any questions about securing your data on your trip, please send an email to security@berkeley.edu.

Before You Leave

In the weeks before your scheduled travel date, please include the following data security safeguards to your travel planning routines

  1. Register your trip and sign up for travel alerts. Review this page at Risk Services for information on how to register your travel, get travel insurance, and sign up for alerts on political unrest, natural disasters, and other health warnings.
  2. Leave your data and/or device at home.  The best way to safeguard your data or device is to not bring them on the trip.  If you don’t need to access data stored on your computer, leave your computer in a secure location at home and bring along a loaner computer instead.  Consult your technical support staff to see if there’s an option to borrow a loaner computer for your trip. 
  3. Backup your data.  Whether you are traveling with a loaner computer, your regular computer, tablet or smartphone, you should always backup your data.  In case you lose your data along with your device or some malware corrupted your data during the trip,  you can be sure you have a good copy from which you can recover your data.
  4. Install and configure encryption software.  In the unfortunate scenario where your device is lost or stolen, disk encryption software can help encode your data such that only you and people you authorized can decode and read the encrypted data.  Full disk encryption software, which is freely bundled with recent Microsoft Windows and Mac OS X operating systems, is easy to use and setup.  Some foreign countries do restrict the use of imported encryption software, so please research the software import laws of your destination country.  If you are not able to use encryption software at your destination, please strongly consider leaving your data and device at home, and bringing a loaner device instead.
  5. Install and configure campus VPN software.  To protect against eavesdroppers on networks during your trip, install and configure VPN software to utilize full tunneling. Full tunnel VPN configuration will secure all internet traffic, whereas the alternate configuration, split tunneling, only protects internet traffic for UC Berkeley internet services.  For detailed description of difference between full vs split VPN tunnel configurations, please refer to UCB Network Operations website
  6. Configure device according to campus minimum security standard (MSSND).  The following requirements are especially critical for foreign travelers:
    • update your operating system and application software to the latest versions possible
    • install and update anti-malware software
    • choose strong passphrases
    • for laptops, setup and use a personal account that does not have superuser (root, administrator) privileges

On the Road

  1. Do NOT leave your device unattended. Physically having control of your device is the easiest way for someone to access your data.  Do not leave your device unattended, lend it to someone you just met or leave it in your checked bag on your flight.  If you ever leave your computer, make sure to turn it off instead of just hibernating it or putting it to sleep.
  2. Do NOT plug in untrusted accessories.  Untrusted accessories, those that came from questionable sources, can be infected with malware intended to steal your data.  Avoid plugging in any untrusted accessories (flash drive, charging cable, SD cards, etc.) to your device.  Try to plan ahead and take all the necessary accessories with you, but if you must purchase an accessory abroad, make sure it is from a reputable source.
  3. Do NOT enter your credentials into public computers.  Public computers such as hotel business center workstations and internet cafe computers are often poorly managed and provide minimal security protection for its users.  If the need to use public computers arises during your travel, avoid entering your credentials at these public computers.  
  4. Connect only to known wifi networks. It’s tempting to stay in touch with friends and colleagues as you travel by connecting to wifi networks.  However, anyone can create a network and give the network a legitimate sounding name, hoping to lure unsuspecting travelers to connect while capturing personal information transmitted through the network. This is especially prevalent at public cafes, hotel lobbies and airports.  When connecting to a network, find out the correct network name from the staff at the business and connect to it. 
  5. Turn off your wifi when not in use.  Attackers can easily spoof Wifi network names to connect to devices within range for eavedropping.  To help you avoid accidentally connecting your device to rogue wifi networks at a later time,  once you are finished using the network, turn off wifi on your device.
  6. Use VPN Software to establish a secure network connection.  Not only does the VPN software provide access to UCB services such as library services, it also creates a secure connection to UCB that will prevent network eavesdroppers from gleaming private information when you use the network on the road.  To take full advantage of the security provided by VPN software, be sure to utilize full tunnel configuration as noted above.
  7. Use a non-privileged account.  Just as software installation requires elevated privileged accounts, malware often requires elevated privileges to infect your computer.  Use a non-privileged account and only elevate privileges when necessary on your device. This will provide additional protection against malware infection. 
  8. Practice safe web browsing.   The websites you visit online hold valuable data about you.  They are also becoming gateways thru which hackers can steal your data by infecting reputable or seemingly reputable websites with malware.  This threat is magnified during foreign travel as you connect to public networks in hotels, airports, cafes, etc at your destination.  To protect yourself while browsing websites abroad,
    1. Connect to HTTPS websites. Web pages you connect to using HTTP exchange information unencrypted. This could expose your information to attackers on the public networks you use during your travel.  Before sending or receiving any sensitive information, make sure the internet address(URL) in the web browser starts with HTTPS.
      1. If your browser displays an error about the digital certificate used to encrypt the data, i.e. that it cannot verify identity of the HTTPS website, you should assume the website is fake, compromised or the web traffic is being intercepted.  Stop connecting to the website and try from another location.  Examples of such an attack targeting popular websites has been observed against academic institutions and a country's general population.
    2. Do not click on suspicious links or prompts.  Malicious websites commonly craft attacks to exploit a user’s curiosity, impatience or to scare them with malware threats.  These malicious attacks might come in the form of links or pop-ups that present free offers too good to be true or imminent malware infection if you don’t install the product.  Think before you click a link or “Yes” to a prompt.
    3. Clear browsing session information when using devices that do not belong to you. Some web applications do not log you out entirely, even when clicking the logout button or closing the browser.  Such behavior allows the next person who uses the device to browse to the same page or click the back button to access your data as if you are still login. To prevent others from accessing your account and data, clear all the web browser session information following steps outline at the Berkeley BFS website.
  9. Take note of credentials you are using during the trip. Regardless of whether you are using them on your device or public computer, they may be compromised.  To be safe, take note of the credentials you used so you can change them on a trusted and secure device once you return.

After Your Trip

  1. Reset credentials you used during the trip.  As noted above, consider credentials you used during the trip to be compromised.  Use a trusted computer, whether it’s your own or one provided by your IT support staff, to reset credentials that were used during the trip.  For example, if you use your Calnet credentials during the trip, go to CalNet management website to reset your CalNet passphrase.

Import Restrictions on Encryption Software

Encryption software is a very effective tool to strengthen the protection of your data.  However, a number of foreign countries do not permit encryption software to be imported or used without prior approval.  For example, China requires foreign travelers to apply for a license to use encryption software prior to arrival.  To learn more about background information and details of import restrictions on encryption software, follow the links below to external websites:

If you are not able to use encryption software at your destination, it is strongly recommended to leave your data and device at home, and bringing a loaner device instead.  If your information is sensitive and it is illegal to secure your devices/data and communication, contact the security office (security@berkeley.edu) for advice.

(Image above provided and created by kolobsek on morguefile.com)