IT & Data Security
Protecting Your Data
Data security risks take many different forms abroad, from surveillance and theft to malware and hacks. The degrees of privacy and security can vary greatly from one country to the next.
To protect your information and devices—especially if you’ll be conducting research—it’s important that you develop a data security plan that both serves your project’s needs and adheres to the import and export controls and local laws of the host country.
You can start by:
- Understanding the most common risks and the specific risks of your host country.
- Planning your precise IT needs to minimize data loss or vulnerability.
- Consulting with us and your local IT group or HUIT to address specific concerns.
4 Key Data Security Considerations
Cyberattacks and cyber monitoring are becoming more prolific and sophisticated. Be aware of and comply with visa, customs, and security rules to minimize the chances that you or your devices will be easy targets or selected for scrutiny.
High risk locations: The U.S. government has identified a “pervasive threat” to information security from certain countries deemed “high risk,” including China and Russia. If you’re working in a high-risk location, assume all data is compromised.
Research data: Some foreign governments and groups specifically target research data, especially at border crossings and in transit. This is particularly true when traveling in or through countries with intense scientific competition.
Reliability: Internet connectivity, network security, and IT resources may be much less reliable or different than you’re accustomed to in the U.S., especially in countries with political unrest or civil discord.
Laws: Foreign regulations on data protection can be more rigid or have a different focus than U.S. regulations. For example, some countries do not permit encrypted devices because it would hamper the activities of their intelligence and law enforcement agencies.
See our list of resources for country-specific information.
Planning Your IT Needs
You may find it helpful to review our International Data Security Guide for Travelers. Many of the tips and recommendations for travelers are applicable to programs.
In-country IT Support
If you’ll need IT support in your host country, we can help you identify and source a local vendor. It’s important to determine this early in the project so that you can budget accordingly.
If you plan to connect to the Internet, determine the risk level of your location and whether or not you have access to secure networks. If secure network access is available, always connect to Harvard’s network via VPN. And if a secure network is not available, consider using an “empty” machine to collect the data.
Consider using an iron key (provided by HUIT) or an encrypted external hard drive to store documents. Access to a SharePoint site or cloud service may also be accessible.
If your project involves working with human subject data, contact your School’s Institutional Review Board (IRB) for approval. They may be able to connect you with a foreign IRB that can help you navigate the host country’s privacy and data protection regulations. The foreign IRB may also need to approve your research.
And if you’re working with sensitive or confidential information, refer to the Research Data Security & Management Guidance from the Office of the Vice Provost for Research as well as HUIT's Information Security Policy Quick Reference Guide.
If you’re taking a group of students, faculty, or staff overseas and you’re concerned about IT security, we can coordinate an IT security overview for your group, conducted by your local IT group or HUIT. Contact us as soon as possible and at least a month before your travel.
If you believe you’re an especially high-risk traveler due to the nature of your work or your destination, contact us for a personalized IT security plan in consultation with your local IT group or HUIT.