International Travel - Recommendations and Procedures

Available To: Faculty, Staff, Students

 

What you should know prior to traveling abroad

When you leave the United States, it is your responsibility to understand the export control regulations for your destination(s). Electronic devices, the underlying technology, data on the device, proprietary information, confidential records, and encryption software are all subject to export control regulations. Some foreign governments have regulations that permit the seizure of travelers’ computers and the review of their contents. U.S. Customs officials are also authorized to review the contents of travelers’ laptops without probable cause and can be held until your return. 

When an NAU owned computer is being taken out of the country the following procedures are recommended by NAU ITS. If you are uncertain of the steps you should take prior to leaving or would like additional information please contact the ITS Solution Center at 928-523-1511 or submit a service ticket at http://nau.service-now.com to request a consult. 

General Information

Assume everything you do on your device is being intercepted
Be careful with the information you access while abroad. The information that you send over a network may be monitored, including hotel or business connections. Assume that you are being monitored and adjust your actions accordingly.

Do not use unknown storage devices
Only plug items into your device that belong to you. Unknown USB keys can be used to install malicious software onto your device and allow unauthorized individuals to compromise your data and accounts. Even public charging stations at airports and hotels should be avoided, as they can also transmit harmful software to your devices.

Be aware of your surroundings
Being aware of your surroundings is important to protecting your information. Be careful and attentive when entering your username and password into your devices. Your screen and keyboard could be watched by someone around you in an attempt to steal your credentials.

Storing data on Network Drives
Storing data on the Network Drives is a safe way of protecting information while you travel abroad. Using the local storage on your device creates permanent content that can be monitored, intercepted, or stolen from your device. Utilizing Network Drives allows you to store information in a more secure environment.

NAU Owned Equipment

Should not be joined to the domain
Machines not joined to the domain will utilize a local user name and password for logging into the computer that is separate from your NAU User ID and Password. It is important to note that you will need to connect to the NAU VPN prior to accessing any Network Drives.

Do not encrypt
You should not encrypt your data while travelling abroad. While it does protect data, it is illegal in some foreign countries. To make sure you are travelling legally, you should not be encrypting your information. If you do so, this could result in device confiscation, fines, or other penalties, like criminal charges.

Do not store data on the laptop
Information abroad can be compromised, monitored, or stolen. Avoiding the storing of data will protect NAU's information and assets.

Always use the VPN when possible
A VPN provides a secure connection between your device and the internet. This allows you to access the internet and your information in a safe and protected way.

Before You Leave

Wipe/reimage your machine
Only keep information on your device that you absolutely need for your travels. Wiping your accounts will clean out sensitive or regulated information before you leave. This protects your devices, your information, and any previously stored data.

Erase browsing history
Erase browsing history before you go abroad, and change your settings to automatically clear browsing history and the cache after each session. Erase saved passwords and stored passwords. These steps help protect your information as you travel abroad.

Use strong passwords and device timeouts
Both of these are basic security measures to protect your devices. Strong passwords prevent people from taking your device and gaining easy access to it. Passwords should be long and complex. Use a screen lockout with a password to unlock it. Making your device time out and require a password when idle is another way to protect your device.

Install anti-virus 
Anti-virus software will protect your device as you travel. Your computer will come into contact with unsafe networks and can encounter malicious software. Installing an anti-virus program is a way to ensure your device and information security.

Update your system with all security patches
Make sure to update your devices. This will allow the latest security patches to be applied to your device. Security patches address security vulnerabilities in applications making them safer. Keeping constantly updated will protect your systems.

Uninstall Applications that you do not need
Only keep applications that are absolutely necessary for your travels. Uninstall anything that you do not need.

Backup all your data before you go
Backing up all your data before you go has several important benefits. Confidential or regulated data is not as safe abroad. Backing up your data so that you can remove regulated data from your device before you leave will help you keep your information safe. It also protects NAU from potential data loss.

Test VPN connection
Before you leave, thoroughly test your device's VPN connection to ensure it is working properly. Make sure that you understand how to use and disconnect from the VPN so that while you are abroad you will be able to access the VPN successfully, ensuring safe connections. 

While You Are There

Use the VPN whenever possible
A VPN provides a secure connection between your device and the internet. This allows you to access the internet and your information in a safe and protected way.

Avoid accessing the University directly without the use of VPN
Do not access regulated information without the VPN. Public networks can be monitored abroad. A VPN establishes a safe connection. Without this, you are putting the University at risk.

Connect to EDURoam if provided by the institution you are visiting
Eduroam is a secure, world-wide roaming access service. Utilizing this when it is offered will ensure a secure wireless network, especially abroad when the safety of networks isn't always known.

Avoid public WiFi
Do not use public WiFi when accessing University or personal resources that require a username and password. Public WiFi can be compromised or monitored. Also, turn off "join wireless networks automatically" so you can monitor which networks you are joining. Avoiding public WiFi will help protect your devices. If you use public WiFi, immediately connect to the VPN. 

Keep your technology with you
Do not leave electronic devices unattended. Your technology should be within reach at all times. When it cannot be with you, conceal it well. If you can, travel with a laptop lock to physically lock and protect your device. Do not assume that leaving it in a hotel or hotel room will keep it safe. Keeping your technology with you is a way of keeping the technology secure. It protects the physical security, so that it cannot be stolen. If your device leaves your sight for a brief moment, the University information can be compromised.

Keep your system updated
Make sure you update your devices and systems. Updating your device will allow the latest security patches to be applied to your device. Security patches address security vulnerabilities in applications making them safer. Keeping constantly updated will protect your systems.

Notify NAU promptly if a theft or loss occurs
Notify NAU immediately (or as soon as possible) after a theft or loss of a device that has sensitive university data. Misplacing University property can lead to compromised information, which makes NAU liable. Storage of sensitive or protected/regulated data should not be done on your device.

Do not use remember-me
Using "remember-me" will allow any unauthorized person that gains access to your device to have automatic access to all of your accounts that have "remember-me" set. Do not use "remember-me".

Type your password every time
Do not use auto-fill. If your device is stolen or hacked, it prevents the trespasser from having your information via auto-fill passwords. Typing your password every time will protect you, NAU, and the device. 

Keep your password out of view
Shielding your password from prying eyes will protect you from "shoulder surfers". People walking by might be trying to see your password so that they can access your information. Keep your password out of view to protect your accounts, and never put it on a post-it note. 

After You Return

Change your passwords
Change all the passwords you accessed while abroad. This applies to University accounts, as well as any personal, social, and financial sites you may have visited while abroad. This will help protect your accounts.

Scan your devices
Scanning your devices will check for malicious software that you may have brought back from abroad. This will allow you to know if your device needs to be wiped as a next step.

Request your device to be wiped if anything does not appear to be working correctly
When you return, some of your devices could be compromised or have hidden malicious software attached to them. Erasing and rebuilding your device protects your University or home network.

NAU Owned Equipment
Upon returning NAU owned Windows systems should be joined back to the NAU domain, and laptop devices should be Encrypted.

Resources

VPN
A VPN is a "Virtual Private Network". It creates a secure environment to access the network while protecting data from being intercepted. You can use the public Internet to access a corporate network, but it also encrypts data between your devices and the VPN server. It allows you to seem like you are directly connected to the campus network from anywhere.

To learn more about the NAU VPN, please refer to our documentation page here.

Remote Desktop
Remote Desktop enables someone to log into a computer from a different computer in a different location. It allows for an outside computer to interact with and view a computer's screen and server.

To learn more about Remote Desktop at NAU, please refer to our documentation page here.

Network Drives
A network drive is a storage device located on a network server or attached storage device. It allows for the University to share files in one location for multiple people. It also allows files to be stored on a network location without using any local computer resources.

To learn more about Network Drives at NAU, please refer to our documentation page here.

Phishing
Phishing is a scam that attempts to trick you into providing passwords, social security numbers, bank account and credit card numbers, or other personal information while pretending to be a legitimate institution.

To learn more about Phishing within the NAU environment or in general, please refer to our documentation page here.

Anti-Virus
A program for scanning and removing viruses and malicious software from your computer.

To learn more about Anti Virus at NAU, please refer to our documentation page here.

Travel and Information Links
https://travel.state.gov/content/passports/en/alertswarnings.html/