Enterprise Technology Services

Guidance Regarding Information Security While Traveling

Travel, both domestic and international, introduces special information security considerations. The below guidance will help UVM travelers protect personal and university devices and information resources. Please reach out with additional questions by emailing iso@uvm.edu.

General tips for traveling with electronic devices

  • In many countries, travelers should not expect privacy.

    In such destinations, act as though all communication is potentially monitored. Be aware that some countries censor certain websites and social media platforms and do not assume that the VPN will work 100% of the time in all areas. VPNs are also NOT allowed in a number of countries. You will need to research and understand the restrictions of the country/ies to which you will be traveling to or through.

  • You should assume no right to privacy at U.S. borders and points of entry.

    U.S. Customs and Border Protection officers can deny entry to the U.S. to non-citizens who refuse to unlock or surrender their electronic devices for inspection.

  • Do not leave devices unattended, if at all possible.

    Assume individuals may attempt to access unattended devices and may have access to hotel rooms, safes, or your luggage.

  • Know what technologies and devices are subject to restrictions and/or export controls.

    If traveling with encrypted devices or devices with encryption software, be aware of which countries are restricted (groups D:1 and E:1 here) or require licenses (groups NS1 and AT1 here) for the exportation of such devices/software. Work with our ISO team on any questions. If they can’t answer, they can guide you to a department that can.

    If you are traveling to any of these locations and need an International Loaner Laptop, please ensure that you discuss this with the ISO team so can give you proper guidance.

  • Consider leaving your devices and data at home.

    If you must travel with personal devices, consider backing up the content and then wiping before your departure. Reinstall only those applications required for your trip. Once you return, you can restore from a backup.

    Ensure you have a way to do two factor authentication.

  • Understand the sensitivity of any data you bring or access.

    If you don't need it, it's best to leave it behind and avoid transmitting or accessing sensitive information such as banking information or any personally identifiable information about yourself or another person.

  • Install and test two-factor authentication (2FA) on a mobile device.

    Yubikeys (hardware tokens that can be used for 2FA instead of a cell phone or offline codes) are available for a charge from our Information Security Office. If you need a Yubikey, ensure that you arrange that in advance of travel with our ISO team. If needed, print backup codes in case of theft and purchase an international data plan or SIM card that will work in your destination country. Duo Multi-Factor Authentication – UVM Knowledge Base

  • Avoid connecting to public wireless networks.

    If you must utilize public WiFi, using the university's VPN may afford a basic level of security.  Do not plug into untrusted electronics, such as a USB port in a hotel lobby, and change passwords after returning from your trip. Remember that VPN is NOT allowed in all countries. Know your restrictions before traveling. 

  • Accessibility and speed for internet services will vary during travel.

    Prepare to have some time off the grid. Make the most of your time with connectivity so that you are more able to accept the off time.

  • Review the US State Department Travel Advisories and CIA World Factbook websites for any travel warnings and tips about your location.

    Become familiar with local laws and customs such as local communication tools (e.g., WeChat in China).

  • Ensure you have registered with HEALIX and installed the app available here Travel Safety | Risk Management | The University of Vermont