IT Travel Checklist - Things to be aware of when planning and going on a business trip


check


This information will help prepare individuals leaving on University related business, with personal or university owned equipment and reminds the student, staff and faculty of their security responsibilities/best practices for protection of both physical assets and data.

Staffs (Faculty, Student and Staff) are encouraged to carefully review the material below to better understand security regulations and policies and to facilitate them in the successful performance of their University related travels.

Whether using a personal computing device or a university provisioned resource, individuals are required to fully understand the risks associated with working with UI owned and personal data, whilst off campus.

Employees and or students should seek the assistance of collegiate/ departmental IT support staff to help evaluate the appropriate level of security for their travel needs.

Before Leaving The Office


Traveling Abroad  -  Do not take any devices or data you cannot replace or would not want to lose.


  1. In most foreign countries you have no expectation of privacy. Assume the possibility that any and all communications you work on are insecure.
  2. If traveling on university related business, check to see if there are any travel restrictions or export controls that might affect you and plan accordingly.
  3. Where possible, limit the number of IT devices including cell phones you take with you on your trip. 
  4. Limit the amount of institutional (and personal) data you take with you, to only what is required for the trip. Ensure you make appropriate backups and have implemented appropriate security protections (such as de-identifying sensitive data, or using encryption) prior to the trip.  Be prepared for the possibility that your data may be exposed or taken during the course of your travel.    
  5. If you plan to access and work with research restricted data in the country you visit, have your departmental support person and or the Export Control Coordinator - export-control@uiowa.edu assist to ensure you have permission/license to handle the data from the country visited.
  6. Keep in mind that some software, particularly encryption is export controlled.  Investigate your options with your local IT support, Principle Investigator for the research, or the Export Control Coordinator -  export-control@uiowa.edu before leaving. In most foreign countries, using the operating systems' built-in encryption is permissible.
  7. Be aware that current export control laws give Customs and Border Patrol the authority to enact an onsite COMPEX (compliance exam) on ANY device you may be carrying.  This includes cell phones, laptops, tablets, and other computing devices.  These organizations can demand your passwords, PINs, and/or encryption keys and have authority to detain you if you do not comply. If a device is identified as having probable investigative cause it could be confiscated for analysis, running the risk of exposing sensitive information, and possible permanent loss of the device. 
  8. When traveling internationally, be aware of the different voltage requirements. Investigate and purchase a plug adapter to accommodate the type of electrical outlets used at your destination.
  9. Some international destinations only have dial-up (modem) access as an internet connection option, but most new laptops do not ship standard with a modem (remote dial-up port). There are numerous USB modem devices available for purchase as an add-on.
  10. Power fluctuations in some travel destinations can cause serious damage to your equipment, so look into the acquisition of a surge protector if there is a risk of danger.
  11. Review the US Department of State Traveler's Checklist at http://travel.state.gov/content/passports/en/go/checklist.html including the detailed country information search tool at the bottom.

Software needs


  1. Change your Hawk ID password ahead of time to avoid the inconvenience of an expired password.
  2. Never write your passwords down and leave them with/on your computer or in the carrying case. If you must record a password, keep it in your wallet or in another highly secure location e.g. a password keeper program of your choice. Examples of a few are, Password Safe, Password Gorilla and Password Dragon.
  3. NEVER set your web browser to remember login passwords. Always clear out the browser cache before you leave. (Check your Internet Options, and delete any saved files, pages, passwords, or the entire browser history.)
  4. Make sure your Antivirus software and all of your operating system and program updates are current.
  5. Do not store sensitive personally identifiable information (PII), or restricted Level III data (ITAR, FISMA etc.) on your device.  Should the device fall into the wrong hands the sensitive data or software could become compromised. Install and run Identity Finder on your computer to see if you have sensitive PII installed on the device, and remove it.
  6. Install the UI Anywhere VPN client software and use it to secure your connection to university resources. Instructions on how to download, install and use the client can be found on the Software Central website. Alternatively seek the assistance of your collegiate/ unit support staff.

    Note: The UI AnyConnect client only encrypts traffic destined to the University network; all non-UI websites you visit do NOT flow through the VPN encrypted tunnel.

  7. Once the UI AnyConnect client is installed and started, you can connect to campus resources using Windows Remote Desktop, VNC, or Apple Remote Desktop. You can also map and access your home and departmental file storage space (commonly H or S and L drives).
  8. If bringing your personal device, consider utilizing some form of disk or folder encryption software to protect your personal files.
    **NOTE** Consult your local IT support staff before turning on encryption. If you activate/use encryption incorrectly, you could lose your data.  See the Traveling abroad section for additional information.
  9. Unsecured wireless can easily be intercepted ("sniffed"), so consider to only use secured wireless services (WPA2 with password, or similar).  Another option is to use the UI Anywhere VPN service with an unsecured ("open") wireless to add security to your connection to university resources.  
  10. Configure your screen to automatically lock after a short period of inactivity, and require your password to resume (unlock) it. Never leave your computer turned on and logged in, even in your hotel room.
  11. To help track/locate stolen or lost personal devices, consider activating location software included on your device, or purchasing and installing location hardware and software products.
  12. Consider setting up your device(s) to allow you to remotely wipe the device in the event it is either lost or stolen. Work with your local IT support person to set this up correctly.

 Hardware Needs


If you plan to print out documentation in the duration of your visit copy it onto external media (e.g. DVD, CD, USB key). It is a much more convenient way to print documents in a business center (hotel/conference facility or similar) than connecting and configuring machines to reach network printers, or transporting a personal printer with you.

Invest in some form of physical locking device - a laptop security cable or similarly appropriate technology.

If you need to use your computer on one of the airlines, it may be a good idea to check ahead of time to see if the airline you are taking has the required power connections. (http://www.seatguru.com/ is one web site you can visit to get information.)

 


While Traveling


If working with protected information in a public place i.e. at a conference, be aware of your physical location as shoulder surfers (persons observing what you type) are a risk.

Disable infrared and or Bluetooth ports and any other device communication features when they are not in use.

Do not leave your mobile device unattended in your hotel room, or at any time. If you are not using it, lock it away in your hotel safe, or if you do not have one, lock it away in your luggage. In some international destinations, laptops are a sign of wealth and could attract the attention of thieves. Limit the use of your device in public, where possible.

Before you return, be sure to transfer all data files that you handled while traveling back to your personal or departmental file storage location (H, S, R, or L drive), and then delete the files from your portable device. It may be a good idea to create a list of equipment before you leave and check it to make sure you're not leaving anything behind.

A lot of mobile devices come pre-installed/ packaged with all sorts of software or peripherals and on occasion you may not be entirely sure how they work. A good rule of thumb with anything of this nature, not just software, is if you are not going to use it, it does not need to be started, turned on, or plugged in.
 

 

Using Public Computers


NEVER access any sensitive personally identifiable information (PII) or sensitive data from public computers.

Remember to LOG out and exit out of all programs and applications before you leave the public computer.

Remove all disks and USB drives you may have inserted into the machine before you leave. Virus scan it/them before inserting into a personal or university owned computer. 

 

Things to do upon returning from travel


Check to ensure all removable media and documents you may have used on your trip are appropriately stored or destroyed.

It is a recommended best practice to change your Hawk ID password upon your arrival back to campus. This is just in case someone was able to sniff, observe, or otherwise obtain it while you were traveling.

If you traveled abroad, work with your local IT Support or Help Desk to reformat/reinstall portable devices that were used outside of the US before connecting to either your home or the campus network.  (For US travel,  also consider having your portable device reformatted/reinstalled if you suspect an issue.)  This is to ensure the device is free of malicious software, keystroke loggers, remote access trojans, or other problems that can be introduced in the course of your travel.

 

Links

University Related


Accounts Payable, Purchasing and Travel
http://www.uiowa.edu/ap-purchasing/travel

Division of Sponsored Programs - Export Controls
http://dsp.research.uiowa.edu/export-controls-home

Encryption resources
http://its.uiowa.edu/encryption

Identity Finder
http://its.uiowa.edu/identity/

Institutional Data Classification Guidelines
http://itsecurity.uiowa.edu/resources/everyone/institutional-data-classification-guidelines

Risk Management Insurance, and Loss Prevention
http://www.uiowa.edu/riskmanagement/

Self-Managed Computers
http://itsecurity.uiowa.edu/resources/everyone/self-managedcomputers

Software Download site
http://helpdesk.its.uiowa.edu/software

UI AnyConnect VPN Installation instructions
http://its.uiowa.edu/vpn

 

Policies


Export Control
http://dsp.research.uiowa.edu/policies-and-procedures

Institutional Data Access
http://itsecurity.uiowa.edu/policy/institutional-data-access-policy

Travel
www.uiowa.edu/ap-purchasing/

External Resource Guides

Department of State Travel Resources
General Travel Resources: http://www.state.gov/travel/
Travel Checklist: http://travel.state.gov/content/passports/en/go/checklist.html

Customs and Border Patrol
http://www.cbp.gov/travel/cbp-search-authority#

FBI - Travel Resources Safety and Security for the:
Business Professional Traveling Abroad
https://www.fbi.gov/file-repository/business-travel-brochure.pdf/view


Send questions/comments to the Information Security and Policy Office
Phone: 319-335-6332
E-mail: it-security@uiowa.edu