Data Security on Foreign Travel

This page identifies key information-security recommendations on how to protect Penn systems and data while abroad. The following is intended to complement the information contained on Penn's Global Travel Logistics webpage. The information is presented under the following categories.

Before Travel

Steps to take before you travel

Identify options for computer repair and service. Contact your LSP in advance of your travel and work with them to identify options for computer repair and service during travel. Information Technology support is provided at Penn through Local Support Providers (LSPs). LSPs provide various technical support services to Penn constituencies, e.g. faculty, staff, and students. If you are not sure who your LSP is, visit www.upenn.edu/computing/view/support/ for details.
Backup your computer. Work with your LSP to conduct a full backup of your computer. Ensure all software is up to date and appropriate security tools (such as disk/device encryption, password locking, location services, and remote wiping) are functional. Install and run anti-virus software. Sophos Home is available for no cost to members of the Penn community.
Enroll in Penn's Two Factor. Work with your LSP to enroll in Penn's Two Factor service for PennKey. Information on how to enroll is available at www.upenn.edu/computing/weblogin/two-step/. It's important to print out sufficient single-use codes in case your phone is lost or stolen. Discuss with your LSP enrolling in two-factor for email.
Avoid carrying any University sensitive or confidential data unless absolutely necessary. An example of University sensitive data includes but not limited to Personally Identifiable Information (PII), proprietary information, or data whose disclosure would cause significant harm to Penn or its constituents.
- The Office of Information Security recommends you work with your LSP to locate sensitive data on your computer to secure it or delete unneeded data.
Encrypt data. If it is essential to travel carrying University sensitive data, you need to consider the following:
- Users intending to travel to certain countries listed under the U.S.Department of State travel advisory as "DO NOT Travel" or "Exercise Increased Caution" should contact the Office of Research Services for assistance before carrying Penn-owned equipment or data. Please check the U.S. Department of State Travel Advisories webpage at https://travel.state.gov/content/travel/en/traveladvisories/traveladvisories.html/ for travel advisory levels.
- Be prepared that you may be compelled to share any data brought with you. Certain countries may inspect laptops and data upon entry. Therefore, you should be careful about proprietary, patentable, or sensitive information that may be stored on your device. If you have encrypted files, customs officials in some countries (including the U.S.) may require you to decrypt the files for inspection.
Ask your LSP if a sanitized "loaner" computer is available to help avoid exposing all your data to known and/or clandestine inspection.

While Away

What to do while you are away

Know your wireless network and use encrypted services. WiFi connections that encrypt traffic are restricted with a password and are preferable to free and/or unencrypted services. Encrypted WiFi is provided by a trusted source similar to a University, a colleague, or a hotel, etc. When web-browsing use HTTPS over HTTP. The S at the end of HTTPS indicates the communication to the website is secure.
- If you must use a free WiFi connection, avoid connecting to any website or service that requires password authentication including Penn systems with sensitive data, banking or financial sites, etc.
Avoid accessing sensitive websites from public computers, such as at Internet cafes, as their security is highly unreliable.
Be cautious inserting a USB ("thumb") drive or other portable media given to you when traveling. There’s a possibility such portable media may be infected with malware; therefore, make sure your virus definitions are up-to-date, and scan any inserted media.
You can securely access Penn's network from abroad by running a Virtual Private Network (VPN) client. Talk to your LSP for instructions.
If you have a secure and reliable Internet service overseas, it may be cost-effective to leverage services hosted at Penn (e.g. Webmail, Penn+Box, etc.)
Keep your mobile devices on you or in a locked safe whenever possible. If your device is stolen, notify your LSP immediately. Lock your mobile device with a passcode or PIN and use remote wiping among other key security features as recommended in Penn's Top 10 Security Tips for Smartphone & Tablets.

Upon Return

Steps to take upon your return

Work with LSP to securely transfer any new data. Restore any removed data and scan your system for malware. It may make sense to wipe and reinstall the operating system as a precautionary countermeasure against unseen tampering or infection.
Consider changing your Pennkey password if you used it while on your trip. Visit https://weblogin.pennkey.upenn.edu/changeexpiredpassword for instruction.

Helpful Information

Additional information on privacy, export control compliance and resources

Privacy

Be sensitive to local privacy laws. Contact the Office of Audit, Compliance, and Privacy at privacy@upenn.edu for advice regarding the applicability of international privacy regulations if you will be working with other people's personal information. This is true if you are traveling to the European Union member countries, Argentina, Australia, Hong Kong, Sweden and Canada where privacy laws are extensive.

Export Control Compliance

Some software and data may be subject to Export Control Regulations. Simply accessing export-controlled data while outside the U.S. may be considered as an export of that information and subject to the regulations. Export controlled data may include opening files on a Penn server accessed via a VPN connection.

For questions related to Export Administration Regulations (EAR) compliance, please contact the Office of Research Services at https://researchservices.upenn.edu/areas-of-service/export-compliance/.

Resources

Penn Almanac One Step Ahead Security Tip - Traveling Safely with Devices
Penn Almanac One Step Ahead Security Tip - Data Security During Travel

External Links & Resources

Check the U.S. Department of State International Travel Advisories at https://travel.state.gov/content/passports/en/alertswarning.html
Review the Federal Bureau of Investigation tips on Safety & Security Abroad for Professionals & U.S. Students at https://www.fbi.gov/file-repository/business-travel-brochure.pdf
Read New York Times article on Traveling Light in a Time of Digital Thievery at www.nytimes.com/2012/02/11/technology/electronic-security-a-worry-in-an-age-of-digital-espionage.html?_r=2

For more information and resources visit the Office of Information Security website at www.isc.upenn.edu/security or contact us at (215) 898-2172.

Search form

You are here