Cybersecurity Tips for Travellers
The risks associated with carrying electronic devices while traveling arise from two sources: the likelihood that your device will be compromised and the impact of such a compromise.
These risks fall into two main categories: exposing private information the university is required to protect (i.e., restricted data) and being compromised by malware while traveling.
The likelihood of being compromised by malware is greater when traveling outside of the Australia and especially high when governments operate and manage the Internet. ICT recommends that at a minimum the following precautions be taken when traveling. These steps reduce the likelihood that your system will be compromised and reduce the impact if it is compromised.
What to do if airport security or customs officials demand access to your device
The first step is to educate yourself on the country you are flying into. Allot of countries have laws allowing law enforcement bodies to access personal devices, this include providing and or unlocking devices.
The general concern is that the device information/data will be copied and this may contain sensitive, protected, personal (family pictures) or other information. To avoid this situation there are some general rules:
1. Remove any information not needed. Using Cloud Services (like O365) allows you to access these services from your destination, avoiding carrying protected, sensitive of otherwise commercial information on the device. This means if it is accessed, it does not contain that information.
2. Disable services. Disabling services while you are 'in-transit' is a really effective means to stop information being stored on the device. Apple and Android phones allow you to disable email and other services meaning that again, this information is not stored on the device. You can then re-enable them at your destination.
Before You Go
- Consider using a loaner device when traveling to High Risk Countries. This will limit the loss of both corporate and personal data if the device is lost, stolen or confiscated by officials.
- Update your Software. Keep your operating system software and apps updated, which will improve your device’s ability to defend against malware.
- Back up your information. Back up your contacts, photos, videos and other mobile device data with another device or cloud service.
- Enable encryption. Turn on device encryption, also ensuring that you have a firmware or BIOS password set.
- Lock down devices. Most smartphones, laptops, and tablets come equipped with security settings that will enable you to lock the device using a PIN number or fingerprint ID. Do this on every available device. While traveling, change the PIN numbers you regularly use.
- Keep it locked. Get into the habit of locking your device when you are not using it. Even if you only step away for a few minutes, that is enough time for someone to steal or destroy your information. Use strong PINs and passwords.
- Remove any information not needed on trip. This minimizes the exposure should the laptop be lost and while it is not physically under your control. Please keep in mind that deleting a file does not remove it from your disk and that there are applications that can retrieve deleted files.
While You Are There
- Use a VPN to access JCU resources. If you need to access sensitive services, use the JCU Full VPN service. This will tunnel all traffic back to JCU here in Australia as your internet egress point.
- Manage gifts politely. Electronic gifts are a source for malware and other nefarious content. Avoid taking electronic gifts where possible, without offending.
- Stop auto connecting. Disable remote connectivity and Bluetooth. Some devices will automatically seek and connect to available wireless networks. And Bluetooth enables your device to connect wirelessly with other devices, such as headphones or automobile infotainment systems. Disable these features so that you only connect to wireless and Bluetooth networks when you want to.
- Think before you connect. Before you connect to any public wireless hotspot – like on an airplane or in an airport, hotel, train/bus station or café – be sure to confirm the name of the network and exact login procedures with appropriate staff to ensure that the network is legitimate. Do not conduct sensitive activities, such as online shopping, banking, or sensitive work, using a public wireless network. Only use sites that begin with “https://” when online shopping or banking. Using your mobile network connection is generally more secure than using a public wireless network.
- Think before you click. Use caution when downloading or clicking on any unknown links. Delete emails that are suspicious or are from unknown sources. Review and understand the details of an application before installing.
- Guard your mobile device. To prevent theft and unauthorized access or loss of sensitive information, never leave your mobile devices–including any USB or external storage devices–unattended in a public place. Keep your devices secured in taxis, at airports, on airplanes, and in your hotel room.
- Be Cautious of Public Wi-Fi The laws and regulations that govern cyber security in other countries are typically not going to be the same as those found in Australia. Free Wi-Fi access can be very appealing for business or leisure travelers but is also particularly vulnerable to security issues. Avoid unencrypted Wi-Fi networks. Be extra cautious using Internet cafes and free Wi-Fi hotspots; if you must use them, avoid accessing personal accounts or sensitive data while connected to that network.
- Disable Auto-Connect - Most phones in the US have a setting that allows a device to automatically connect to Wi-Fi networks as you pass through them on your day-to-day activities. While this is a nice feature when used at home, it’s not something you should allow while traveling abroad. Before you travel, change this setting so that your smartphone and laptop must be manually connected each time you wish to access the Web.
- Expect to be asked for your passwords. You may be asked to decrypt data for inspection at international borders. In some countries, withholding your password is a criminal offense.
When you return
If you device was out of your sight then assume it has been compromised. One device is all it takes to bring down an enterprise network so upon your return, here are some good tips:
- Wipe the computer. If you took your normal work computer with you, wipe the computer clean, reinstall the OS, applications and data.
- Declare gifts. Before you connect that new tablet or device to the JCU network, ask ICT to check it out.
- Change passwords. If you plan on traveling, change all of the passwords you regularly use. Don’t skimp on password creation either—a numerical sequence is not ideal. Take the time to create something that will keep a criminal out of your personal property. Once you return home, you can change all the passwords back.