IT Security Considerations While Traveling
This KB Article References:
Symantec (No Longer Available)
This Information is Intended for:
Instructors,
Researchers,
Staff,
Students
Created: 07/16/2014 Last Updated: 05/03/2024
Employees should make a reasonable effort to secure and protect devices that have access to University data. When traveling abroad with mobile devices such as laptops, tablets, and smartphones, additional measures are required. The number of safeguards should increase if visiting a country known to have an adversarial relationship with the United States, or countries actively involved in cyberwarfare.
When Traveling:
- Consider using an iPad, Google Chromebook* or feature-limited tablet instead of a fully-loaded laptop during the length of your trip.
- Carry with you only the minimum amount of data required to complete necessary tasks while traveling internationally. Consider wiping your devices before departure and again upon returning home.
- If you require the use of a laptop while traveling, use one that can be completely wiped clean prior to departure and upon return.
- Smartphones and tablets being used to store or access University data should have safeguards in place comparative to those used for securing a laptop.
- Install only the minimum number of applications needed.
- Make sure antivirus is installed on the laptop. Symantec Endpoint Protection is available to all Stony Brook faculty, staff and students via Softweb.
- Enable the local firewall or install the Symantec firewall included with Symantec Endpoint Protection. Microsoft Windows and MacOS come with a built-in firewall.
- Make sure the Operating System and installed applications are patched and up to date.
- Encrypt your hard drive. Be sure to check laws in the country being visited before doing so, as some levels of encryption are illegal in certain countries.
- Modern versions of Windows include a free encryption option called BitLocker.
- Mac OS includes a free encryption option called FileVault.
- iPhones and iPads have encryption built-in and enabling a Passcode will enable this functionality.
- Most Android devices support encryption, but it must be enabled within the device’s settings.
- Enable vendor supplied tracking software available for most major smartphones.
- iPhones and iPads offer Find My iPhone.
- Android devices offer Android Device Manager.
- Always enable a pin code on all smartphones and tablets.
Follow Safe Computing Practices:
- While browsing the Web, never ignore a warning message regarding a website's SSL security certificate being invalid.
- Never leave a laptop unattended at any point. Physical security is of utmost concern when traveling.
- Change the password on any account accessed while overseas upon return (NetID, banking logins, etc.).
- Avoid saving any University data to the local hard drive whenever possible.
- Disable wireless and bluetooth when not in use.
- Use complex, lengthy, and hard-to-guess passwords.
- Document the MAC addresses and serial numbers (Apple, Android) of all mobile devices leaving the country.
- Follow all export control laws applicable to data you have access to. Some data is not permitted to leave the country at all, even if stored securely on your device.
- Always be wary of free Wi-Fi hotspots at untrusted locations. Avoid using them whenever possible and never access sensitive data while connected to one.
- Assume that any device and all credentials used while abroad have been compromised. That means you must wipe the device and reset all credentials that were used while traveling upon return. This may seem excessive, but it is common for passwords to be intercepted and malware to be secretly installed on a device while visiting another country, with the primary goal of compromising the network you connect to when you return to the United States.
- Do not check email or surf the Web while logged in as the local administrator. Use a standard unprivileged account instead.
- Connect to the campus VPN before accessing campus resources.
Advanced Protections:
- Install or enable application whitelisting. This functionality is built-in for Windows by means of AppLocker.
- Configure the host file with the IP address of the VPN server. Be aware that this would require a manual update if the VPN IP address changes while traveling. It should be removed upon return.
- Name: vpn.stonybrook.edu
- Address: 192.42.55.4
- Deploy laptop anti-theft and tracking software (i.e. Prey, Lojack).
- Enable a BIOS password at boot up.
- Configure your system in accordance with the Center for Internet Security (CIS) benchmarks to ensure that it is adequately hardened.
*Some countries may block access to Google services which could severely limit the functionality of a Google Chromebook.
For More Information Contact
Customer Engagement and Support
Related Information
Important Files & Links