Information Security To Go!

Protect your data and devices when you travel.

Almost 88 million Americans traveled abroad in 2017, and whether for business or personal use, our technology devices seem indispensable during our travels. Unfortunately, traveling with devices also means that you must take care to protect those devices—and the data contained on them—while you are away from home. That preparation begins before you leave, and you may need to restore settings when you return.

Many people love the adventure that traveling provides: meeting new people, seeing new places, and having new experiences are part of the allure. Technology makes it easier than ever to satisfy our wanderlust. We can use our connected devices to discover the exotic locales we wish to visit, book tickets on planes and trains, practice driving virtually, and seamlessly navigate once we get to our final destination. For all this ease that technology brings, we should prepare our technology for travel as carefully as we plan our travel itineraries.

Travel tips

• Back-up your data! Backing up your data ensures that you won't lose information if your device is lost or stolen. Consider encrypting your data as well, but check with your IT support staff first about how best to implement encryption.
• Protect your devices with a strong password or lengthy passcode. Sometimes devices get lost or stolen, even when we are being careful. By protecting your device with a passcode or lengthy password, you make it harder for your device to be used and data to be accessed by others.
• Make sure your devices and applications are up to date. Keep your applications and devices up to date and patched. This helps protect your device and data from security vulnerabilities and threats.
• Just say no to unsecured public Wi-Fi. Having a wireless connection is almost a necessity for the modern traveler. However, using an unsecured public Wi-Fi hotspot can allow others to view the contents of your electronic activity. Never access your sensitive financial accounts from an unsecured network. If you must access sensitive data from an unsecured network, be sure that you use a VPN service.
• Double check your MFA settings. Many of us rely on multifactor authentication (MFA) to secure both personal and work-related accounts. Be sure that you know how (or if) that will work in the countries that you are visiting. For instance, if your MFA relies on SMS, be sure that you will be able to receive that message in the destination that you are visiting. If the option is available to you, consider using a physical token option to ensure you'll be able to login to your accounts.
• Update your physical location with your password vault. Many people use password vaults to manage all of their account passwords. Don't be surprised if your password vault requires additional verification steps when logging into it from a location that is not in your home country. (After all, we count on these vaults to be secure!) Check the vendor documentation or your account settings to make sure that there are no country restrictions or settings that you need to change before your trip. Also double-check that you're able to access your recovery/secondary email address just in case there is an issue.
• Consider leaving your daily devices at home. If you are traveling to a location where you are concerned about your individual privacy rights, consider leaving your primary mobile device at home and purchasing a replacement device to take with you instead. Put only the apps, services, and data that you need for that trip on the device. Some businesses and colleges and universities offer programs where a traveler can check out a "clean laptop" when traveling for business purposes. Using these types of devices help limit any exposure of your personal data. Check your data plan as well. A "burner phone" or car GPS may be cheaper.
• Be smart about posting on social media. It is always fun to post vacation pictures in the moment, but online postings on social networks (e.g., Twitter, Facebook, Instagram, Snapchat, etc.) can let other people know that you are not at home and that your home may be empty. Posting vacation pictures on social media once you are safely home helps protect your physical belongings.
• Use hotel safes to protect your technology. Here's another place where there is an overlap between online safety and physical safety. Just like you would put your passport, jewelry, and money in a hotel safe, consider using that safe to hold your electronic devices when you are not carrying them with you. Not only are the devices themselves expensive to replace, your personal data contained in the device can be irreplaceable (especially if you skipped the first tip on this list).
• Remember your adapters! Make sure you have power adapters that will work with three-prong plugs and that they fit the country's outlets. Some travel adapters only accept two-prong plugs. (If you're attending a conference, you may be able to borrow a charging cable temporarily.) Outlets also vary, even, for example, between the UK and Ireland. Your technology gadgets are not very helpful when they run out of charge or cannot be powered on. Charge and take a portable battery pack.
• Mind your voltage! Like plug types, different parts of the world use different voltages. Make sure that your technology devices can run on the voltage used at your destination. Getting shocked with 220V is not the same as 110V.

As surely as you can reduce wrinkles in your clothing with careful packing, so too can you avoid the most common technology travel woes by preparing before you leave home.

Refer to Manhattan College's Cyber Safety Site site for additional resources.

Refer to Manhattan College's Email Signature Knowledge Base Article for instructions on how to create your own email signature.

From The Barefoot Nomad's How Not to Fry Your Smartphone Overseas: A Quick Guide

Partially reposted from Educause September 2019: Information Security To Go!

Keeping Tabs on Mobile Devices

As we roll out campaigns and educate our community on cybersecurity, we need to help make sure everyone understands and keeps in mind physical security risks. Because of the portability of devices, users have laptops, smartphones, and tablets with them when they are on the go, whether it is a trip to the coffee shop or a trip across the country. Make sure to secure your mobile devices to protect the device and the data it contains. Here are resources to help remind our community not to skip out on physical security!

With an increasing amount of sensitive data being stored on personal devices, the value and mobility of smartphones, tablets, and laptops make them appealing and easy targets. These simple tips will help you be prepared in case your mobile device is stolen or misplaced.

• Secure those devices and backup data! Make sure that you can remotely lock or wipe each mobile device. That also means backing up data on each device in case you need to use the remote wipe function. Backups are advantageous on multiple levels. Not only will you be able to restore the information, but you'll be able to identify and report exactly what information is at risk. (See Good Security Habits for more information).
• Never leave your devices unattended in a public place or office. If you must leave your device in your car, place it in the truck, out of sight, before you get to your destination, and be aware that the summer heat of a parked car could damage your device.
• Password-protect your devices. Give yourself more time to protect your data and remotely wipe your device if it is lost or stolen by enabling passwords, PINs, fingerprint scans, or other forms of authentication. (See Choosing and Protecting Passwords.) Do not choose options that allow your computer to remember your passwords.
• Put that shredder to work! Make sure to shred documents with any personal, medical, financial, or other sensitive data before throwing them away.
• Be smart about recycling or disposing of old computers and mobile devices. Properly destroy your computer's hard drive. Use the factory reset option on your mobile devices and erase or remove SIM and SD cards.
• Verify app permissions. Don't forget to review an app’s specifications and privacy permissions before installing it!
• Be cautious of public Wi-Fi hot spots. Avoid financial or other sensitive transactions while connected to public Wi-Fi hot spots.
• Keep software up to date. If the vendor releases updates for the software operating your device, install them as soon as possible. Installing them will prevent attackers from being able to take advantage of known problems or vulnerabilities. 

Keeping Tabs on Mobile Devices

Partially reposted from Educause July 2019 Keeping Tabs on Mobile Devices

How to Protect Your Data and Devices While Traveling with Tech

Due to enhanced security measures in most countries, travelers with tech should be prepared for possible disruptions or additional wait times during the screening process. Here are some steps you can take to help secure your devices and your privacy.

Good to know:

• While traveling within the United States, TSA agents at the gate are not allowed to confiscate your digital devices or demand your passwords.
• Different rules apply to U.S. border patrol agents and agents in other countries. Federal border patrol agents have broad authority to search everyone entering the U.S. This includes looking through any electronic devices you have with you while you are traveling. They can seize your devices and make a copy for experts to examine offsite. Learn more from the Electronic Frontier Foundation about digital privacy at the U.S. border.

Protect your tech and data when traveling:

• Travel only with the data that you need; look at reducing the amount of digital information that you take with you. This may mean leaving some of your devices at home, using temporary devices, removing personal data from your devices, or shifting your data to a secure cloud service. Authorities or criminals can't search what you don't have.
• Most travelers will likely decide that inconvenience overrides risk and travel with electronic devices anyway. If this is the case, travelers should focus on protecting the information that they take with them. One of the best ways to do this is to use encryption. Make sure to fully encrypt your device and make a full backup of the data that you leave at home.
• Before you arrive at the border, travelers should power off their devices. This is when the encryption services are at their strongest and will help resist a variety of high-tech attacks that may attempt to break your encryption. Travelers should not rely solely on biometric locks, which can be less secure than passwords.
• Make sure to log out of browsers and apps that give you access to online content, and remove any saved login credentials (turn off cookies and autofill). This will prevent anyone from using your devices (without your knowledge) to access your private online information. You could also temporarily uninstall mobile apps and clear browser history so that it is not immediately apparent which online services you use.

Get your device travel ready:

• Change your passwords or passphrases before you go. Consider using a password manager if you don't use one already.
• Set up multifactor authentication for your accounts whenever possible for an additional layer of security.
• Delete apps you no longer use.
• Update any software, including antivirus protection, to make sure you are running the most secure version available.
• Turn off Wi-Fi and Bluetooth to avoid automatic connections.
• Turn on "Find My [Device Name]" tracking and/or remote wiping options in case it is lost or stolen.
• Charge your devices before you go.
• Stay informed of TSA regulations and be sure to check with the State Department's website for any travel alerts or warnings concerning the specific countries you plan to visit, including any tech restrictions.
• Clear your devices of any content that may be considered illegal or questionable in other countries, and verify whether the location you are traveling to has restrictions on encrypted digital content.
• Don't overlook low-tech solutions:
  • Tape over the camera of your laptop or mobile device for privacy.
  • Use a privacy screen on your laptop to avoid people "shoulder surfing" for personal information.
  • Physically lock your devices and keep them on you whenever possible, or use a hotel safe.
  • Label all devices in case they get left behind!

These guidelines are not foolproof, but security experts say every additional measure taken can help reduce the chances of cybertheft.

Partially reposted from https://er.educause.edu/blogs/2017/9/march-2018-how-to-protect-your-data-and-devices-while-traveling-with-tech

Mobile Devices Won't Secure Themselves!

Mobile security at one time meant using a laptop lock and keeping tabs on your phone. However, the growing capabilities and use of mobile devices — coupled with the ubiquity of smart devices stitched into the very fabric of our daily lives (figuratively and literally) — now require a more sophisticated defense-in-depth approach to match the growing threat. Following are a few things you can do to protect your devices and personal information on campus, at home, or at work.

• Secure your devices with a strong password, pattern, or biometric authentication. Check the settings for each device to enable a screen-lock option. For home routers, reset the default password with a strong one.
• Install anti-malware. Some software includes features that let you do automatic backups and track your device.
• Check your Bluetooth and GPS access. Disable these settings on all devices when not needed and avoid using them in public areas.
• Update your devices often. Install operating system and application updates when they become available.
• Review phone apps regularly. Remove any apps you don’t use. Be selective when buying or installing new apps. Install only those from trusted sources and avoid any that ask for unnecessary access to your personal information.
• Treat devices like cash! Don’t let your devices out of your sight or grasp. Maintain physical control of your device in public areas. Get a lock (alarmed is best) for your laptop and use it.
• Keep it sunny in the cloud. Whether using Google Drive, Dropbox, OneDrive, iCloud, Amazon Drive, or any of the many cloud options, set privacy restrictions on your files to share them only with those you intend. Protect access to your cloud drive with two-factor authentication.
• Create a secure wireless network. Configure your wireless router to protect your bandwidth, identifiable information, and personal computer. Secure it with proper set up and placement, router configuration, and a unique password, using the strongest encryption option. See http://www.wi-fi.org/ for more tips.
• Protect your Internet of Things (IoT) devices. Are you sharing your livestreaming nanny cam with the world? Review privacy settings for all Internet-ready devices before connecting them to the web.

Partially reposted from:  https://er.educause.edu/blogs/2016/11/december-2017-your-mobile-devices-wont-secure-themselves