Keeping Your Data Safe Abroad
International Data Security Guidance
International travel exposes your device to risks that take many different forms. The good news is that vigilance and a few simple steps can protect you, your device, and your information.
We’ve developed the following recommendations in consultation with HUIT to help keep your personal and Harvard-issued devices as safe as possible. You can also download our information security checklist for travelers.
Before You Leave
- Know your destination’s IT security laws and practices. It’s common for some governments to monitor and store Internet activity or copy data from your device without your consent. See our resources for country-specific information.
- Install updates to your software and operating systems to prevent cyber criminals from exploiting known bugs.
- Change passwords, and use different passwords for different accounts. See how to create a strong password.
- Back up your data and media to a device you'll leave at home.
- Sanitize your devices to clear them of documents or media that could be perceived as provocative or inflammatory by certain governments.
- Less is best. Bring the least amount of information and data and the fewest devices possible.
- Utilize travel-only devices that are stripped down to only necessary documents, services, and applications. These devices can easily be wiped or re-imaged after travel and, if confiscated at Customs, contain less personal information. Ask your IT department if they have loaner devices.*
- Encrypt your devices in case of loss or theft. Harvard-owned devices should be encrypted by policy. Check with your local IT department or personnel to ensure that your system is encrypted.
- Certain countries restrict encrypted devices. CryptoLaw is a useful starting point to research country-specific encryption laws. If government officials ask you to enter your password, do so immediately. Refer to the U.S. State Department’s guidelines for protecting business information overseas.
During Your Trip
- Turn off your device, or at least the Wi-Fi and Bluetooth capabilities, when not in use.
- Use a Virtual Private Network (VPN) if using hotel or public Wi-Fi to create a more secure connection between your device and the resources you access. Learn more from HUIT.
- Limit use of public terminals, and don’t use accounts requiring usernames and passwords—especially for Harvard accounts—on public machines.
- Clear your Internet browser after each use to delete your history, cookies, cache, and downloaded or temporary files. Alternatively, use your browser’s private browsing or incognito feature.
- Report incidents when you believe your device or confidential information may have been compromised. Contact your local IT department as soon as possible. If your device contained high risk confidential information, follow Harvard Information Security’s protocol for reporting the incident.
Upon Your Return
- Run antivirus software to scan your device for malware, and follow the instructions to correct any issues.
- Change passwords again, using different passwords for different accounts.
- Report incidents to your local IT department if you discover any breaches.
Specific Traveler Concerns
If you’re a researcher working with confidential information, review Harvard's Guidance for Data Security & Management from the Office of the Vice Provost for Research.
If you’re an especially high-risk traveler due to the nature of your work or your destination, contact us for a personalized IT security plan in consultation with your local IT group or HUIT.
If you’re taking a group of students, faculty, or staff overseas and you’re concerned about IT security, we can coordinate a brief IT security overview for your group, conducted by your local IT group or HUIT. Contact us at least a month in advance of your travel.
Contact us if you have questions or concerns about your IT security abroad. You may also find the following resources helpful for your pre-departure preparation.
- HUIT travel checklist
- HUIT travel advisory
- Report a lost laptop (Central Administration)
- Report a lost laptop (University-wide)
- VPR guidance on exports
*If your department has frequent international travelers and you’re interested in developing a loaner device program, contact us for guidance and assistance, in coordination with your local IT group or HUIT. The University is exploring the future possibility of a centrally-administered loaner laptop/tablet program.