Information security is an important consideration while traveling. The risks of data breaches, device compromise, and intellectual property theft increase significantly in unfamiliar environments. To assist UMBC travelers, DoIT has compiled the following advice on protecting devices and information during travel.

1 What Device(s) should I take?
2 What technologies are prohibited while traveling?
3 Can I access email and cloud storage while abroad?
4 What is a “Tools of the Trade” Letter?
5 What should I consider while abroad?
6 What should I do when I return?

What Device(s) should I take?

It depends on the country or countries you will be traveling to and through. The State Department issues travel advisory levels to indicate the safety and security risks in a country or region. You can find the current level for any country or region on the State Department’s Travel Advisory page: https://travel.state.gov/content/travel/en/traveladvisories/traveladvisories.html

For countries and regions at Level 3 or above, DoIT recommends the use of a loaner device while traveling; preferably a Chromebook. This device is a clean installation with only the data absolutely necessary for the trip. DoIT can inspect loaners before a trip to ensure they are locked down appropriately. The use of the loaner device is to protect against data theft and loss, and limit technologies that may be restricted in certain regions.

If your destination is a country or region at Level 2 or below, it's advisable not to bring your UMBC-issued laptop unless it's essential for your work. You may use a personal device to access UMBC systems for basic functions like calendar management or email; however, for sensitive departments, these tasks must be completed on a UMBC-issued device or the Virtual Desktop environment.

If you must travel with your UMBC-issued laptop, we encourage you to remove any sensitive data prior to traveling. This may include documents you have stored locally on the device, email that has been downloaded to the device by an email client such as Outlook or Apple Mail, and disabling any cloud storage sync processes.

Before you travel, make sure all your personal and UMBC-issued devices have the latest patches, updates, and active antivirus software. To enhance security, disable unnecessary services like Bluetooth, GPS, or Wi-Fi. It's also recommended to postpone any application updates until you return to the US.

Lastly, if you do not need to take your device, it is sometimes best to leave it at home.

What technologies are prohibited while traveling?

Some regions prohibit technologies used regularly in the United States, like web conferencing, virtual desktops, and virtual private networks, so make sure to check local restrictions. The Department of State OSAC program office maintains Country Security Reports on its website, https://www.osac.gov/, that may help identify cybersecurity concerns.

It should be noted that DUO may not work or be permissible in some regions. DoIT recommends downloading the DUO application to your phone prior to traveling, and in cases where it is not permissible DoIT can assist with alternatives like one-time password devices or hardware tokens if provided sufficient notice. For more information about traveling with Duo, please see https://umbc.atlassian.net/wiki/x/uTLVAQ.

Can I access email and cloud storage while abroad?

Yes, you may access email and cloud storage (i.e., Google Drive, Box, and OneDrive) while abroad, but there are a few considerations.

Ideally, access these services via the web browser interface. This will reduce the amount of data downloaded to the device while abroad. This is recommended for both personal and UMBC devices accessing these services.
If you are discussing or storing unpublished research information in these services, caution is advised when considering whether to access these services abroad. This is especially true if you are traveling to a country or region designated by the State Department as Level 3 or above.
If you work in a sensitive department, consider leveraging the Virtual Desktop environment to access your email and documents. This will ensure access to your account is performed through a trusted infrastructure.
If you access your email or cloud storage while abroad, we recommend changing your myUMBC password once you return to the United States from a trusted device.
You should never take export-controlled data with you while traveling overseas without prior authorization from the Office of Research Protections and Compliance (ORPC).

If you are accessing UMBC resources remotely while traveling overseas, even with a personal device, you should never remotely access any data that is export restricted without prior authorization from ORPC.

What is a “Tools of the Trade” Letter?

A “Tools of the Trade” letter is a document provided by ORPC for travelers who take UMBC devices abroad to provide documentation to U.S. Customs and Border Protection that they are authorized by UMBC to take a device out of the country, which may prevent delays in clearing customs. OPRC will review your travel to certify that you will not be taking any export-controlled material with you. A “Tools of the Trade” letter will not be accepted by foreign customs inspectors at foreign ports of entry.

What should I consider while abroad?

While you are abroad, you should use care to safeguard your device from unauthorized access or theft. Loss of device custody (e.g., due to theft, inspection by an external party, or customs seizure), should be reported to the appropriate UMBC offices (e.g., Travel, ORPC, Police, Cybersecurity, Department or College) as soon as it is safe to do so.

When traveling internationally, be mindful that communications can be intercepted. Exercise caution when discussing or transmitting sensitive information. If connecting to a local network, use the UMBC VPN if permitted by local regulations. Avoid applying device updates or changing passwords while on untrusted networks.

For additional tips on “Traveling Overseas with Mobile Phones, Laptops, PDAs, and Other Electronic Devices,” please see the following guidance from the Office of the Director of National Intelligence. https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-travel-tips

What should I do when I return?

We recommend changing your myUMBC password from a trusted device once you return to the United States and running a full antivirus scan on any laptops or devices taken abroad.