IT Travel checklist - Things to be aware of when planning and going on a university business trip

The following is intended to help prepare travelers planning and leaving campus on University related business, with personal or university owned equipment; reminding the student, staff and faculty of their security responsibilities/best practices for protection of both physical assets and data.

Staffs (Faculty, Student and Staff) are encouraged to carefully review the material below to better understand security regulations and policies for University related travel guidance.

Whether using a personal computing device or a university provisioned resource, individuals are required to fully understand the risks associated with working with UI owned and personal data, whilst off campus.

Employees and or students should seek the assistance of collegiate/ departmental IT support staff to help evaluate the appropriate level of security for their travel needs.

Before leaving the office

Traveling abroad  -  Do not take any devices or data you cannot replace or would not want to lose.

1. If you have not already done so, work with your supervisor to submit a workflow request to work remotely. The approval will help determine what resources are needed to facilitate working remotely. 
2. In most foreign countries you have no expectation of privacy. Assume the possibility that any and all communications you work on are insecure.
3. If traveling on university related business, check to see if there are any travel restrictions or export controls that might affect you and plan accordingly.
4. Where possible, limit the number of IT devices including cell phones you take with you on your trip. 
5. Limit the amount of institutional (and personal) data you take with you, to only what is required for the trip. Ensure you make appropriate backups and have implemented appropriate security protections (such as de-identifying sensitive data, or using encryption) prior to the trip.  Be prepared for the possibility that your data may be exposed or taken during the course of your travel.    
6. If you plan to access and work with research restricted data in the country you visit, have your departmental support person and or the Export Control Coordinator - export-control@uiowa.edu assist to ensure you have permission/license to handle the data from the country visited.
7. Keep in mind that some software, particularly encryption-related technology is export controlled.  Investigate your options with your local IT support, Principle Investigator for the research, or the Export Control Coordinator -  export-control@uiowa.edu before leaving. In most foreign countries, using the operating systems' built-in encryption is permissible.
8. Be aware that current export control laws give Customs and Border Patrol officials the authority to enact a "Border Search" of ANY electronic device carried.  This includes cell phones, laptops, tablets, and other computing devices.  These organizations can demand your passwords, PINs, and/or encryption keys and have authority to detain for compliance. Confiscated devices run the risk of exposing sensitive or Institutional data, including the possible permanent loss of the confiscated device. 
9. When traveling internationally, be aware of the different voltage requirements. Investigate and purchase a plug adapter to accommodate the type of electrical outlets used at your destination.
10. Some international destinations may only have dial-up (modem) access as an internet connection option, but most new laptops do not ship standard with a modem (remote dial-up port). There are numerous USB modem devices available for purchase as an add-on.
11. Power fluctuations in some travel destinations can cause serious damage to your equipment, so look into the acquisition of a surge protector if there is a risk of danger.
12. Review the US Department of State Traveler's Checklist at https://travel.state.gov/content/travel/en/international-travel/before-you-go/travelers-checklist.html.

Software needs - Work with your local IT Support with university devices

1. Change your Hawk ID password ahead of time to avoid the inconvenience of an expired password.
2. Never write your passwords down and leave them with/on your computer or in the carrying case.
3. NEVER set device web browsers to remember login passwords. Always clear out the browser cache before you leave. (Check your Internet Options, and delete any saved files, pages, passwords, or the entire browser history.)
4. Update the device Operating System including application/ program updates.
5. Work with your local IT support and or Help Desk to set up DUO Two-step login ahead of domestic and international travel.
6. Do not travel with/ store sensitive personally identifiable information (PII), or restricted/ regulated data on any device.  Should the device fall into the wrong hands the sensitive data or software could become compromised/ lost.
7. If traveling with personal devices, consider utilizing some form of disk or folder encryption software to protect your personal files.
   **NOTE** Consult your local IT support staff before turning on encryption. If you activate/use encryption incorrectly, you could lose your data.  See the Traveling abroad section for additional information.
8. Unsecured wireless can easily be intercepted ("sniffed"), so consider only using secured wireless services (WPA2 with password, or similar) in combination with either the UI AnyConnect VPN or GlobalProtect VPN service to connect to university resources for more details see: https://its.uiowa.edu/vpn. N.B. GlobalProtect VPN is not intended for use outside the United States.  
9. Configure the device's screen to automatically lock after a short period of inactivity, and require your password to resume (unlock) it. Never leave your computer turned on and logged in, even in your hotel room.
10. To help track/locate stolen or lost personal devices, consider activating location software included on your device, or purchasing and installing location hardware and software products.
11. Consider setting up your device(s) to allow you to remotely wipe the device in the event it is either lost or stolen. Work with your local IT support person to set this up correctly.

 Hardware Needs - Work with your local IT Support with university devices

Not as common anymore however, if you plan to print out documentation in the duration of your visit, copy it onto external media (e.g. USB flash drive). It is a much more convenient way to print documents in a business center (hotel/conference facility or similar) than connecting and configuring your devices to reach networked printers.

Invest in some form of physical locking device - a laptop security cable or similarly appropriate technology.

If you need to use your computer on one of the airlines, it may be a good idea to check ahead of time to see if the airline you are taking has the required power connections. (https://www.seatguru.com/ is one web site you can visit to get information.)

While traveling

If working with protected information in a public place i.e. at a conference, be aware of your physical location as shoulder surfers (persons observing what you type) are a risk.

Disable infrared and or Bluetooth ports and any other device communication features when they are not in use.

Do not leave your mobile device unattended in your hotel room, or at any time. If you are not using it, lock it away in an hotel safe, or if you do not have one, lock it away in your luggage. In some international destinations, laptops are a sign of wealth and could attract the attention of thieves. Limit the use of your device/s in public, where possible.

Before you return, be sure to transfer all data files that you handled while traveling back to your personal or departmental file storage location (H, S, R, or L drive), and then delete the files from your portable device. It may be a good idea to create a list of equipment before you leave and check it to make sure you're not leaving anything behind.

A lot of mobile devices come preinstalled/ packaged with all sorts of software or peripherals and on occasion you may not be entirely sure how they work. A good rule of thumb with anything of this nature, not just software, is if you are not going to use it, it does not need to be started, turned on, or plugged in.
 

Using public computers

NEVER access any sensitive personally identifiable information (PII), sensitive, regulated institutional data from public computers.

Remember to LOG out and exit out of all programs and applications before you leave the public computer.

Remove all external media inserted into the computer before leaving.

Things to do upon returning from travel

Check to ensure all removable media and documents you may have used on your trip are appropriately stored or destroyed.

It is a recommended best practice to change your Hawk ID password upon your arrival back to campus. This is just in case someone was able to sniff, observe, or otherwise obtain it while you were traveling.

If you traveled abroad, work with your local IT Support or Help Desk to reformat/reinstall portable devices that were used outside of the US before connecting to either your home or the campus network.  (For US travel,  also consider having your portable device reformatted/reinstalled if you suspect an issue.)  This is to ensure the device is free of malware (keystroke loggers etc.), or other problems potentially introduced over the course of travel.

Links

University related

• Accounts Payable, Purchasing and Travel
• Division of Sponsored Programs - Export Controls
• ITS Encryption resources
• Managing regulated and institutional data
• Risk Management Insurance, and Loss Prevention
• Self-managed computers - place holder to internal linked resource
• Software download site
• University VPN resources

Policies

Export Control
https://dsp.research.uiowa.edu/policies-and-procedures

Institutional data access

AP Purchasing travel policy and guidelines: https://ap-purchasing.fo.uiowa.edu/travel

External resource guides

Department of State travel resources
General travel resources: https://www.state.gov/travelers/
Traveler's checklist: https://travel.state.gov/content/travel/en/international-travel/before-you-go/travelers-checklist.html
Destination travel advisory - country specific information - https://travel.state.gov/content/travel/en/traveladvisories/traveladvisories.html

Customs and Border Patrol - Search authority and traveler resources: https://www.cbp.gov/travel/cbp-search-authority

Federal Bureau of Investigation - Travel resources safety and security for the: business professional traveling abroad
https://www.fbi.gov/file-repository/business-travel-brochure.pdf/view

Send questions/comments to the Information Security and Policy Office
Phone: 319-335-6332
E-mail: it-security@uiowa.edu 

Last updated 4-12-2023