Since Mount Holyoke College faculty and staff travel around the world, LITS has assembled frequently asked questions to inform you about appropriate considerations when traveling with College-owned or personal technology devices. Traveling with technology is subject to both legal restrictions and security concerns, and it is important to be aware of the risks and best practices associated with carrying laptops or mobile devices abroad.
What are the main points I need to remember?
Understand and comply with all export control laws.
Carry only the minimum software, data and devices you need on your trip.
Always use the College's VPN service to connect to College resources; in higher-risk countries, use only the VPN service to connect to the internet.
Store data in the cloud or on remote systems that require secure authentication to access, rather than on your laptop's local hard drive.
Upon your return, clean any computers or mobile devices you brought by wiping and reimaging their hard drives, and change your passwords, especially those used to access College resources.
Consult with LITS on your specific situation to ensure you are following best practices during your trip.
For details on each of these points, please see the additional questions and answers below.
Can I bring my College-assigned laptop with me when I travel outside the country?
The answer depends on the countries you are traveling to and the data or software stored on your laptop.
Federal export control law prohibits carrying certain types of technology and data outside the country, and it is important to be aware of and comply with these regulations first and foremost. Travel to the U.S.-sanctioned countries of Cuba, Sudan, North Korea, Iran and Syria requires that you carry only LITS-prepared travel loaner laptops that have “clean” software images and no data. These loaner laptops are also recommended for travel to other countries considered high risk for data compromise, such as China and Russia.
If you plan to travel with a College-owned laptop or with institutional or research data, you should contact the Mount Holyoke Export Control Task Force so the Five College Risk Management office can review your plans. You will require licenses to conduct many kinds of activities in sanctioned countries.
In addition, you should plan to load only the minimum data required for your local use onto the laptop and to ensure that this data does not violate export control regulations. Remember that data can be stored in the cloud on Google Drive or on the College's local file server and accessed while off campus through a secure virtual private network (VPN) connection to protect against unauthorized access. Local data is less secure data; it is far better to retrieve your data from a secured location than to store it on the local hard drive of a laptop or mobile device.
Finally, travel loaner laptops may be either encrypted by LITS for high-risk countries or unencrypted to comply with export control restrictions against bringing encryption technology to U.S.-sanctioned countries. It is important for LITS to know which countries you plan to travel to so that the appropriate encryption standard can be applied.
How should I access on-campus technology resources while traveling internationally?
You should always use the College's virtual private network (VPN) service. In addition, it is advisable in high-risk countries to use the College's VPN for all online activities, as an extra layer of defense against data compromise. We recommend setting up your VPN software connection from your home in the U.S. first, so that you can confirm it is working properly and can easily consult the Help Desk for any support issues. While traveling, you should activate VPN software as your first step, before accessing any data or services on the internet, within Google or in the cloud.
What considerations should I follow if I plan to carry and use a mobile device while I am traveling abroad?
In most countries, you have no expectation of privacy in internet cafes, hotels, offices or public places. Hotel business centers and phone networks are regularly monitored in many countries. All information you send electronically can be intercepted. Wireless devices are especially vulnerable. Security services and criminals can track your movements using your mobile phone, and they can also insert malicious software into your device through any connection they control. They can even do it wirelessly if your device is enabled for wireless. It is possible for malware to migrate from your compromised device to your connected institutional systems, where it can send information back to a malicious party. Malware can also be transferred to your device through thumb drives (USB sticks) and computer disks — so do not accept these items from other parties while traveling.
If you can do without the mobile device on your trip, don’t take it with you. If you must bring it, don’t take information you don’t need, including sensitive contact information. Consider the consequences if your information were stolen. Back up all information you take, and leave the backed-up data at home for safekeeping. Secure your mobile device with a passcode, and if it supports remote locking or wiping, enable that service in case it is lost or stolen. If you need assistance setting up these services or performing backups or restores, the LITS Help Desk can advise you.
How should I protect my data from unauthorized access at border crossings?
Consider traveling with an inexpensive computer or mobile device that does not contain any data, rather than your everyday laptop or smartphone. Using a travel-only device will also help secure you against theft while you are traveling. Remove social media apps and accounts from the device before crossing the border. In addition, if your mobile device can be unlocked with a fingerprint reader, consider disabling that functionality so that you cannot be forced to unlock your device. If you must travel with data on your device, consider encrypting its drive. All LITS-issued laptops are encrypted by default, and LITS can also lend travelers “clean” laptops that are free of data. Personal devices can be encrypted using programs such as BitLocker for PCs or FileVault for Macs. Finally, consider storing whatever data you need on a cloud service, such as Google Drive, rather than locally on your device.
What precautions should I take upon return?
If you traveled to a U.S.-sanctioned or high-risk country, you should assume that your system was compromised during your trip. Even trips to lower-risk countries will often result in a compromised system if a laptop or mobile device was used to connect to the internet. LITS recommends wiping and reimaging any laptop or mobile device that you brought. Wiping and reimaging is done routinely on all LITS travel loaner laptops when they are returned to LITS. In addition, you should change your password(s) used to access College resources, as a precaution. The Technology Help Desk can assist with these processes if necessary.