Global traveler IT security checklist

• General security
• Email
• Remote file access
• Powering your devices
• Mobile and wireless devices
  • Mobile device security
  • Global plans and roaming rates
• Laptops
• Laws and regulations
• Support

---

General security

To keep your devices secure when traveling abroad, follow the tips on this page.

• Use Two-Step Login (Duo); for help, see Use Two-Step Login (Duo) while traveling, or in areas with poor cellular/wireless reception or in airplane mode.
• Whenever possible, arrange to use loaner devices while traveling. This greatly reduces the risk of theft or compromising university data.
• Keep physical device security in mind. Portable equipment such as phones, laptops, flash drives, CDs, and PDAs are especially vulnerable to theft and loss while traveling. They should be kept secure and locked when unattended.
• Do not leave electronic devices unattended or transport them in your checked baggage.
• Regularly change your passwords and passphrases; see Change your IU passphrase. Cybercriminals from numerous countries buy and sell stolen financial information, including credit card data and login credentials.
• Keep your passphrase secure. No one at Indiana University (including UITS), or anywhere else, should ask for your passphrase for any reason, whether in person or via phone, chat, email, postal mail, or online in any way. For more, see If your computer or other device is stolen.
• You should have all your devices erased and rebuilt upon your return. Any devices you traveled with should be treated as compromised. Erasing and rebuilding your devices will prevent potentially malicious software from being introduced to the university's network. If a rebuild is impractical, check devices for malware; see Tips for staying safe online.

Email

Use Outlook on the web to securely access your IU Exchange mailbox anywhere from any computer connected to the internet, without having to configure Microsoft Outlook or another email client.

Remote file access

• Use IU's SSL virtual private network (VPN) to browse the web or securely access email, calendar, or files on a departmental server. IU's SSL VPN allows for a secure connection into IU's private network over the public network; for help, see About the IU VPN.
• Configure remote desktop access. If you need to use remote desktop, departmental servers or resources, or other services used by your department, you may need to speak to your IT Pro for help replicating your workplace setup at home. If you don't know who your IT Pro is, contact the Support Center.

Powering your devices

Bring the appropriate plug adapter for foreign AC converters so that you can plug a US charger into electrical outlets. Be wary of free charging stations and juice jacking. Use a wall outlet if available, or carry an external battery pack or second battery.

Mobile and wireless devices

The following tips apply to mobile devices and smartphones.

Mobile device security

• Enroll your devices with Two-Step Login (Duo); for help, see Use Two-Step Login (Duo) while traveling, or in areas with poor cellular/wireless reception or in airplane mode.
• Enable security settings to protect data on your mobile device. Protect the data on your mobile device by keeping it physically secure and enabling security features; set a PIN or passcode, set the device to time out (and require a password) when idle, and set the device to auto-wipe its contents after several incorrect login attempts.
• Ensure that your operating system software is up to date. Apply all software patches and updates from Apple and Android.
• Consider a tracking application. Use free, built-in tracking tools where available; Find my iPhone can locate a missing iPhone, iPad, iPod touch, or Mac. You can also purchase tracking applications such as Front Door Software.
• Wipe data if your device is lost or stolen. If you use Exchange, log into your account with another computer and wipe your device remotely through Outlook on the web. If you use an Apple device without Exchange, log into your iCloud account, click the registered device, and then select the option to wipe the device. If you don't have access to another computer, contact the Support Center. For more, see If your computer or other device is stolen.
• Use IU's SSL VPN; see Remote file access.
• Turn off Bluetooth and Wi-Fi when not in use. Unless you are actively using these features, you should disable them to limit attack vectors for your devices.

Global plans and roaming rates

• Contact your service provider regarding cost-effective global plans and features for the country to which you're traveling. Don't forget to deactivate global features upon your return.
• Familiarize yourself with roaming rates as well as instructions for international dialing and voice mail access. AT&T has a Travel Guide and Verizon has a Trip Planner to help you look up international rates, coverage, global services, and carrier information.
• To avoid roaming charges, it may be cost effective to purchase a prepaid phone for making local calls once you are in-country.
• Enable Wi-Fi and quit applications. Once in-country, go into your settings menu, enable Wi-Fi, disable data roaming, and quit all applications running in the background to avoid excessive data charges whenever possible.

Laptops

• Take the appropriate steps to keep your laptop safe and in your possession; see Laptop and Mobile Device Security.
• Use security software and ensure it is up to date.
• Ensure that your operating system and third-party software is up to date. Apply all software patches and updates from Windows and Apple.
• Before your trip, back up all files and leave a copy on an IU departmental file server. For security of your data, store all data on a departmental server and access it remotely using IU's SSL virtual private network (VPN). Once data is stored on an IU server, be sure to remove it from your laptop.
• Use IU's SSL VPN to access all information; see Remote file access. Once you finish with any downloaded files, upload the files back to the IU server and delete them from your laptop.
• Turn off file and print sharing to prevent unauthorized access to your files.
• Clear browser history, cache, and cookies to delete any saved passwords or identifying information.
• Use encryption. Using a whole-disk encryption program is the best safeguard against unauthorized access of data on your laptop or notebook computer.
  Note:

  IU's encryption software is subject to export control for certain countries; see Laws and regulations.

Laws and regulations

• If applicable to your travel plans, review About international Two-Step Login (Duo) access and restrictions to some services.
• Comply with federal export controls. Export control laws may require you to obtain a license or license exception under the Export Administration Regulations (EAR) prior to traveling overseas. Additionally, IU's encryption software is subject to export control for certain countries. For the most recent list of approved countries, see SUPPLEMENT NO. 3 TO PART 740 in the EAR document and contact IU Research Compliance for assistance in determining if your university-issued electronic components, information, and software on your device can be safely and legally transported to another country.
• Comply with any requests from a border official to log into your laptop or mobile device.
• If your device is seized by a foreign agency, obtain a contact name, phone number, and written documentation that the device was seized. Contact the local US embassy or consulate for advice on resolution in the local country. If the incident involves the US government, report it to your department and contact the IU Compliance: Export Control.

Support

Seek IT support. If needed, contact your campus UITS Support Center for assistance. Make sure you have contact information for the Support Center for your campus before you leave.