Information Security To Go!

Protect your data and devices when you travel.

Almost 88 million Americans traveled abroad in 2017, and whether for business or personal use, our technology devices seem indispensable during our travels. Unfortunately, traveling with devices also means that you must take care to protect those devices—and the data contained on them—while you are away from home. That preparation begins before you leave, and you may need to restore settings when you return.

Many people love the adventure that traveling provides: meeting new people, seeing new places, and having new experiences are part of the allure. Technology makes it easier than ever to satisfy our wanderlust. We can use our connected devices to discover the exotic locales we wish to visit, book tickets on planes and trains, practice driving virtually, and seamlessly navigate once we get to our final destination. For all this ease that technology brings, we should prepare our technology for travel as carefully as we plan our travel itineraries.

Travel tips

• Back-up your data! Backing up your data ensures that you won't lose information if your device is lost or stolen. Consider encrypting your data as well, but check with your IT support staff first about how best to implement encryption.
• Protect your devices with a strong password or lengthy passcode. Sometimes devices get lost or stolen, even when we are being careful. By protecting your device with a passcode or lengthy password, you make it harder for your device to be used and data to be accessed by others.
• Make sure your devices and applications are up to date. Keep your applications and devices up to date and patched. This helps protect your device and data from security vulnerabilities and threats.
• Just say no to unsecured public Wi-Fi. Having a wireless connection is almost a necessity for the modern traveler. However, using an unsecured public Wi-Fi hotspot can allow others to view the contents of your electronic activity. Never access your sensitive financial accounts from an unsecured network. If you must access sensitive data from an unsecured network, be sure that you use a VPN service.
• Double check your MFA settings. Many of us rely on multifactor authentication (MFA) to secure both personal and work-related accounts. Be sure that you know how (or if) that will work in the countries that you are visiting. For instance, if your MFA relies on SMS, be sure that you will be able to receive that message in the destination that you are visiting. If the option is available to you, consider using a physical token option to ensure you'll be able to login to your accounts.
• Update your physical location with your password vault. Many people use password vaults to manage all of their account passwords. Don't be surprised if your password vault requires additional verification steps when logging into it from a location that is not in your home country. (After all, we count on these vaults to be secure!) Check the vendor documentation or your account settings to make sure that there are no country restrictions or settings that you need to change before your trip. Also double-check that you're able to access your recovery/secondary email address just in case there is an issue.
• Consider leaving your daily devices at home. If you are traveling to a location where you are concerned about your individual privacy rights, consider leaving your primary mobile device at home and purchasing a replacement device to take with you instead. Put only the apps, services, and data that you need for that trip on the device. Some businesses and colleges and universities offer programs where a traveler can check out a "clean laptop" when traveling for business purposes. Using these types of devices help limit any exposure of your personal data. Check your data plan as well. A "burner phone" or car GPS may be cheaper.
• Be smart about posting on social media. It is always fun to post vacation pictures in the moment, but online postings on social networks (e.g., Twitter, Facebook, Instagram, Snapchat, etc.) can let other people know that you are not at home and that your home may be empty. Posting vacation pictures on social media once you are safely home helps protect your physical belongings.
• Use hotel safes to protect your technology. Here's another place where there is an overlap between online safety and physical safety. Just like you would put your passport, jewelry, and money in a hotel safe, consider using that safe to hold your electronic devices when you are not carrying them with you. Not only are the devices themselves expensive to replace, your personal data contained in the device can be irreplaceable (especially if you skipped the first tip on this list).
• Remember your adapters! Make sure you have power adapters that will work with three-prong plugs and that they fit the country's outlets. Some travel adapters only accept two-prong plugs. (If you're attending a conference, you may be able to borrow a charging cable temporarily.) Outlets also vary, even, for example, between the UK and Ireland. Your technology gadgets are not very helpful when they run out of charge or cannot be powered on. Charge and take a portable battery pack.
• Mind your voltage! Like plug types, different parts of the world use different voltages. Make sure that your technology devices can run on the voltage used at your destination. Getting shocked with 220V is not the same as 110V.

As surely as you can reduce wrinkles in your clothing with careful packing, so too can you avoid the most common technology travel woes by preparing before you leave home.

Refer to Manhattan College's Cyber Safety Site site for additional resources.

Refer to Manhattan College's Email Signature Knowledge Base Article for instructions on how to create your own email signature.

From The Barefoot Nomad's How Not to Fry Your Smartphone Overseas: A Quick Guide

Partially reposted from Educause September 2019: Information Security To Go!

Data Privacy in an Era of Compliance

January 28 is Data Privacy Day. Data privacy for individuals means reviewing privacy settings on social media, being mindful of entering data into websites, and taking ownership of one's online identity. Data privacy for higher education institutions extends these principles to caring for other people's data, from collection, processing, sharing, and storing to destruction. 

The internet is full of data about you. Whenever you play a game, shop, browse websites, or use any of numerous apps, your activity and some of your personal information may be collected and shared.

Similarly, the business of higher education requires us to collect, process, and store the digital information of others. Whenever we handle such information, we need to think about how we want our own information treated and treat other people's data with the same care and respect.

Protect yourself by following these tips:

• Know what you are sharing. Check the privacy settings on all of your social media accounts; some even include a wizard to walk you through the settings. Always be cautious about what you post publicly.
• Guard your date of birth and telephone number. These are key pieces of information used for identity and account verification, and you should not share them publicly. If an online service or site asks you to share this critical information, consider whether it is important enough to warrant it.
• Keep your work and personal presences separate. Your employer has the right to access your email account, so you should use an outside service for private emails. This also helps you ensure uninterrupted access to your private email and other services if you switch employers.

Protect the information, identity, and privacy of others by following these tips:

• Know what policies are in place at your institution. A privacy policy governs how the institution collects, processes, stores, and deletes the personal data of constituents; a data classification policy governs how the institution organizes the data it interacts with and what rules are in place for processing it; and an information security policy articulates how the institution governs and prioritizes information security activities. For reference please review the Manhattan College Data Security Policy
• Keep constituents' personal information confidential and limit access to the data.
• Only use data for its intended purpose. If you need to use data for another reason, always check relevant resources and policies first for guidance.
• Destroy or de-identify private information when you no longer need it.

Partially reposted from: Educause Blog January 2019: Data Privacy in an Era of Compliance

How to Protect Your Data and Devices While Traveling with Tech

Due to enhanced security measures in most countries, travelers with tech should be prepared for possible disruptions or additional wait times during the screening process. Here are some steps you can take to help secure your devices and your privacy.

Good to know:

• While traveling within the United States, TSA agents at the gate are not allowed to confiscate your digital devices or demand your passwords.
• Different rules apply to U.S. border patrol agents and agents in other countries. Federal border patrol agents have broad authority to search everyone entering the U.S. This includes looking through any electronic devices you have with you while you are traveling. They can seize your devices and make a copy for experts to examine offsite. Learn more from the Electronic Frontier Foundation about digital privacy at the U.S. border.

Protect your tech and data when traveling:

• Travel only with the data that you need; look at reducing the amount of digital information that you take with you. This may mean leaving some of your devices at home, using temporary devices, removing personal data from your devices, or shifting your data to a secure cloud service. Authorities or criminals can't search what you don't have.
• Most travelers will likely decide that inconvenience overrides risk and travel with electronic devices anyway. If this is the case, travelers should focus on protecting the information that they take with them. One of the best ways to do this is to use encryption. Make sure to fully encrypt your device and make a full backup of the data that you leave at home.
• Before you arrive at the border, travelers should power off their devices. This is when the encryption services are at their strongest and will help resist a variety of high-tech attacks that may attempt to break your encryption. Travelers should not rely solely on biometric locks, which can be less secure than passwords.
• Make sure to log out of browsers and apps that give you access to online content, and remove any saved login credentials (turn off cookies and autofill). This will prevent anyone from using your devices (without your knowledge) to access your private online information. You could also temporarily uninstall mobile apps and clear browser history so that it is not immediately apparent which online services you use.

Get your device travel ready:

• Change your passwords or passphrases before you go. Consider using a password manager if you don't use one already.
• Set up multifactor authentication for your accounts whenever possible for an additional layer of security.
• Delete apps you no longer use.
• Update any software, including antivirus protection, to make sure you are running the most secure version available.
• Turn off Wi-Fi and Bluetooth to avoid automatic connections.
• Turn on "Find My [Device Name]" tracking and/or remote wiping options in case it is lost or stolen.
• Charge your devices before you go.
• Stay informed of TSA regulations and be sure to check with the State Department's website for any travel alerts or warnings concerning the specific countries you plan to visit, including any tech restrictions.
• Clear your devices of any content that may be considered illegal or questionable in other countries, and verify whether the location you are traveling to has restrictions on encrypted digital content.
• Don't overlook low-tech solutions:
  • Tape over the camera of your laptop or mobile device for privacy.
  • Use a privacy screen on your laptop to avoid people "shoulder surfing" for personal information.
  • Physically lock your devices and keep them on you whenever possible, or use a hotel safe.
  • Label all devices in case they get left behind!

These guidelines are not foolproof, but security experts say every additional measure taken can help reduce the chances of cybertheft.

Partially reposted from https://er.educause.edu/blogs/2017/9/march-2018-how-to-protect-your-data-and-devices-while-traveling-with-tech