Laws and regulations vary amongst countries which can impact how you use technology and/or access University resources abroad. Here are some best practices for using technology and accessing Illinois State University resources when traveling abroad.

Planning Your Trip

• Research Export Control Restrictions - Export Controls are laws and regulations designed to restrict foreign access to information, technology, or software. Approval or authorization may be required to carry any electronic device that can store or communicate data. Please consult with the University Export Control Officer by going to ExportControl.IllinoisState.edu, or your local Technology Support Team if you intend on traveling abroad.
• Consider What Devices You Will Take - It is best to limit the total number of devices you will take and if possible, take temporary devices without university data, such as a checkout laptop and/or a prepaid phone intended to be used for international travel.
• Backup Your Data - Create a backup on every device you are taking. Hardware is replaceable but not all data is.
• Limit What Data You Take - Remove all highly sensitive and confidential information. This includes information related to students, coursework, unpublished research, University business, personal data, and any other material not intended to be public. Clear your web browsing history and only keep data related to your travel arrangements and materials supporting your reason for travel. Also, limit or completely remove email and contact lists on your devices as they often contain information highly sought after by criminals.
• Encrypt Data When Possible - Encryption is a great way to protect your data however, be aware that not all countries allow it. Please contact the University Export Control Officer or your local technology support team if you plan to encrypt your devices.
• Ensure Your Devices Are up to Date - It is important to have all the latest security patches installed on your operating system and the latest version of your anti-virus or malware detection software.
• Ensure Your Wireless Devices Are Configured for International Use – If you are using a cellular phone when travelling, it is important that you work with your network provider to setup international calling and/or data use.
• Setup Secure Passcodes - Use strong passcodes, especially on mobile devices, to prevent others from picking up your devices and gaining access to it. Do not use the same passcode that you use for other accounts such as work, banking, or social media.
• Inventory Your Devices - Record the make, model, and serial numbers of your devices along with what type of data it is carrying. This information is useful when having to report lost or stolen devices
• Create a Non-Digital Emergency Contact List - Print out or write down a list of emergency contacts that you can store in a pocket or your wallet. Ensure to include phone numbers of contacts, U.S. Embassy information, travel & risk insurance information, and any useful information unique to your destination.

Best Practices during the Trip

• Always Follow Instructions by Customs Agents - If an agent asks you to login to your device while passing through customs, you should do so. Be prepared to allow them access to your device and even potentially confiscating it. This is why it is important to leave sensitive data off your devices. Do not risk being detained or arrested for the sake of keeping your device.
• Always Keep Your Device with You - Never let your devices leave your sight. Should customs or any other official take your devices out of your view, assume they have become compromised and do not use them any further. Never leave your device unattended.
• Minimize Your Device’s Uptime - The easiest way to keep your device secure is to completely turn it off however, that is not always viable. When you are not actively using your devices, disable features such as Bluetooth and WiFi.
• Be Wary of What WiFi Networks You Connect to - Free, unknown, and public WiFi networks have potential of exploiting any existing vulnerabilities on your devices. If possible, start-up ISU’s VPN software immediately after accessing any network abroad however, keep in mind that some countries have bans on the use of VPNs and attempting to bypass VPN restrictions is considered cyber espionage. If you are using a VPN, ensure it is configured in full tunnel mode. NOTE: This is not the default configuration for ISU’s VPN.
• Do Not Accept Files, Software, or Updates Abroad - Do not install software or any updates when traveling and do not accept any type of external media such as USB flash drives, CDs/DVDs, or external hard drives. Especially do not bring back external media to use on University equipment.
• Avoid Sensitive Online Communication - Always assume your communications aboard are being monitored and will be compromised. Avoid accessing or sending sensitive messages, emails, or data. Never send sensitive messages, emails, or data from a public-use device.
• Avoid Plugging into Public or Free Charging Stations – If you plug into a public or free charging station and unlock your phone, the data from your device may be accessed and downloaded from the device if it’s not configured to disallow data transfer.

When You Return

• Stop Using the Devices - Discontinue using any devices brought with you abroad and do not access University resources until the devices and your accounts are secured. It is also recommended that you avoid accessing your home network until confirmation that your devices and accounts are clean.
• Wipe all Devices Used Abroad - If using ISU equipment, return it to your local IT support group so they can securely erase it. For personal devices, it is recommended that securely erase them and then restore from backup.
• Change Your Passwords - Assume all accounts and passwords entered abroad have been compromised. Upon return home, change all passwords from a device that you did not travel with.