Before you go:
- Let the Information Security Office know the details of your international travel - dates, countries where you'll be traveling, and any UVM-owned devices you might be bringing along (this is unnecessary for Study Abroad program participants).
- Be sure that any devices you'll be bringing are compliant with the encryption provisions of UVM's Information Security Procedures (see sections 7.9-7.11)
- If you are traveling internationally, be aware that local laws may prohibit whole disk or local encryption. This may mean that it is impossible to travel with a UVM-owned device (or a personal device containing UVM information) while being compliant with both UVM policy and local laws. In this case, do not plan to travel with UVM devices or access Protected University Information (as defined in the Information Security Policy) while traveling.
- Be sure that the operating system on your computer and mobile devices have received the most recent updates and patches.
- Update your antivirus software to ensure that you have the most recent malware definitions.
- Make a note of your device's manufacturer, model, and serial number.
- Check for US State Department travel advisories.
- Be aware that some countries regulate the use of encryption (see above) and the use of Virtual Private Networks (including UVM's), which may impact your ability to conduct University business while abroad. Please discuss these limitations with your department early in your planning and contact the Information Security Office with questions.
- Be aware of US regulations that may affect your use of technology while traveling, including:
- The Office of Foreign Assets Control (OFAC) maintains a list of countries with which US entities may not do business. Critically, this affects Duo Multifactor Authentication. If you are traveling in a country restricted by OFAC, you WILL NOT be able to access UVM resources and services protected by Duo MFA, including but not limited to mail.uvm.edu, the sslvpn/sslvpn2, Teams, OneDrive, and BrightSpace. The list of countries regulated by OFAC as of March, 2023 includes:
- Iran
- Syria
- Cuba
- North Korea
- Sudan
- Some regions of eastern Ukraine
- Bureau of Industry and Security(BIS) Commerce Control List (for items that have a legitimate scientific or commercial purpose but may cause a threat to national security if misused)
- International Traffic in Arms Regulations (for technology or information that is inherently military in nature)
- OFAC, BIS and other agencies also regulate the export of certain types of software, particularly those that use encryption/cryptography, navigational technology, and satellite imagery. Depending on the travel destination and other circumstances, this may include software that is commonly used at (and licensed by) UVM, such as MatLab, ArcGIS, and AutoCAD. Be sure to review the relevant License Agreements and Terms of Use, and contact UVM's Office of Vice President for Research if you have questions.
- The Office of Foreign Assets Control (OFAC) maintains a list of countries with which US entities may not do business. Critically, this affects Duo Multifactor Authentication. If you are traveling in a country restricted by OFAC, you WILL NOT be able to access UVM resources and services protected by Duo MFA, including but not limited to mail.uvm.edu, the sslvpn/sslvpn2, Teams, OneDrive, and BrightSpace. The list of countries regulated by OFAC as of March, 2023 includes:
- Consider contacting your IT support to see if a loaner device may be available to you for the duration of your travel. Traveling with a borrowed device reduces the risk of exposure of sensitive information stored on your primary workstation through tampering or malware, and the device can be returned to a baseline state upon your return.
While you are traveling:
- Use the UVM VPN whenever possible (where it is legal to do so).
- Disable Bluetooth and NFC (Near-field Communication) whenever you're not using it.
- Avoid using public WiFi networks, particularly those that are not password protected.
- When using public WiFi of any kind, avoid transmitting sensitive information, particularly on websites that do not use https
- Use Eduroam when possible.
- Do not leave your computer or mobile device unattended.
- Take extra care when using payment cards:
- Consider using a low-limit credit card that is not your primary card nor linked to your bank accounts
- Let your bank know that you are traveling
- Ask if your bank can provide a virtual card or virtual card numbers
- If your UVM-owned device is lost or stolen, please contact the Information Security Office and the department that owns it. Likewise, please let us know if your personal device is lost or stolen and may contain UVM data.
- If you suspect your device may have been tampered with at a border crossing or when it is otherwise outside your control, use it judiciously for the remainder of your trip. Do not access any system that requires your UVM NetID and password and/or provides access to sensitive information. Contact your IT support to alert them of your suspicions when you return.