International travel exposes your device to risks that take many different forms. The good news is that vigilance and a few simple steps can protect you, your device, and your information.
International Data Security Guidance
We’ve developed the following recommendations in consultation with HUIT to help keep your personal and Harvard-issued devices as safe as possible.
Before You Leave
- Know your destination's IT security laws and practices. It's common for some governments to monitor and store Internet activity or copy data from your device without your consent. At your port of entry, some government authorities may request access to your electronic devices and accounts.
- Install updates to your software and operating systems to prevent cyber criminals from exploiting known bugs.
- Change passwords, and use different passwords for different accounts. See how to create a strong password, or use a password manager like LastPass, offered for free by Harvard.
- Enable 2-step verification on your accounts, if available. Note: Duo—the third-party tool that Harvard uses for 2-step verification—blocks authentications from OFAC-sanctioned countries and regions.
- Back up your data and media to a device you'll leave at home.
- Sanitize your devices to clear them of documents or media that could be perceived as provocative or inflammatory by certain governments.
- Less is best. Bring the least amount of information and data and the fewest devices possible.
- Utilize travel-only devices that are stripped down to only necessary documents, services, and applications. These devices can be wiped or re-imaged easily after travel and, if confiscated at Customs, contain less personal information. Ask your IT department if they have loaner devices.
- Download and set up device managers like Find my iPhone/iPad/Mac and Find My Device (for Android) to locate your device if lost or stolen and erase it remotely if needed.
- Encrypt your devices in case of loss or theft. Harvard-owned devices should be encrypted by policy. Check with your local IT department or personnel to ensure that your system is encrypted. Be aware that certain countries restrict encrypted devices.
- Consider a loaner device. Bringing personal laptops or mobile devices when traveling increases the possibility of data and identity theft, especially in countries deemed to be high risk. If you're traveling for approved University business, you may be eligible to loan a device from HUIT for the duration of your trip. Note: This is a pilot program limited to junior and senior faculty members in the FAS Division of Sciences. HUIT hopes to offer this service to a broader population in the future.
During Your Trip
- Power off your device, or at least the Wi-Fi and Bluetooth capabilities, when crossing through security checkpoints and when not in use.
- Use a Virtual Private Network (VPN) if using hotel or public Wi-Fi. A VPN creates a more secure connection between your device and the resources you access.
- Limit use of public terminals, and don’t use accounts requiring usernames and passwords—especially for Harvard accounts—on public machines.
- Clear your Internet browser after each use to delete your history, cookies, cache, and downloaded or temporary files. Alternatively, use your browser’s private browsing or incognito feature.
- Report incidents when you believe your device or confidential information may have been compromised. Contact your local IT department as soon as possible. If your device contained high risk confidential information, follow Harvard Information Security’s protocol for reporting the incident.
Upon Your Return
- Run antivirus software to scan your device for malware, and follow the instructions to correct any issues.
- Change passwords again, using different passwords for different accounts.
- Report incidents to your local IT department if you discover any breaches.
Specific Traveler Concerns
If you’re a researcher working with confidential information, review Harvard's Guidance for Data Security & Management from the Office of the Vice Provost for Research (VPR) as well as HUIT's Information Security Quick Reference Guide.
If you’re an especially high-risk traveler due to the nature of your work or your destination, contact us for a personalized IT security plan in consultation with your local IT group or HUIT.
If you’re taking a group of students, faculty, or staff overseas and you’re concerned about IT security, we can coordinate a brief IT security overview for your group, conducted by your local IT group or HUIT. Contact us at least a month in advance of your travel.