Travel Tips Checklist
Please get the assistance of your departmental IT support staff to help you with evaluation of the appropriate level of security to meet your travel needs.
This information will help prepare individuals leaving on University related business, and reminds staff and faculty of their security responsibilities/best practices for protection of both physical assets and data. We encourage you to carefully review the material below to better understand security regulations and policies and to facilitate you in the successful performance of your University related travel.
Fill out the fields, check the appropriate boxes and click the print button below to print out a copy.
Things to consider before you leave the office:
Name of System:
Date Check was done:
Software needs:
Change your Hawk ID password ahead of time to avoid the inconvenience of an expired password.Never write your passwords down and leave them with/on your computer or in the carrying case. If you must record a password, keep it in your wallet or in another highly secure location e.g. a password safe.
Don’t set your browser to remember login passwords. Always clear out the browser cache before you leave. (Check your Internet Options, and delete any saved files, pages, passwords, or the entire browser history.)
Make sure your Antivirus software and all of your operating system and program updates are current.
Do not store any sensitive personally identifiable information (PII), sensitive research data, or (if traveling abroad) export controlled software on any electronic device you intend to take with you on your trip. Should the device fall into the wrong hands the sensitive data or software could become compromised. Review the files stored locally on the device and remove anything unnecessary for the trip. Consider installing and running Identity Finder on your computer to see if you have PII.
If there is a business need to access and use PII, do so via a remote desktop application installed locally on the device to securely access UI information resources through your computer desktop at work. Example applications are Windows Remote Desktop, VNC, or Apple Remote Desktop. If you are not leaving the country, SecureCRT or a similar SSH program can be utilized. Test out the remote connections you intend to use before you leave, to ensure they work as expected.
Consider utilizing some form of disk or folder encryption to protect sensitive files. (Please seek the assistance of your dept. IT support staff if you activate/use encryption, as if it’s done incorrectly you could lose ALL your data). If you are traveling abroad, keep in mind that some encryption software is export controlled, so investigate your options and consider remotely accessing sensitive data from your portable computer.
Make sure your wireless device connection is capable of using some form of encryption when accessing a wireless hotspot (via WPA or similar). Unencrypted data can be intercepted (“sniffed”).
Configure your screen to automatically lock after a short period of inactivity, and require your password to resume (unlock) it. Never leave your computer turned on and logged in, even in your hotel room.
Pre-equip your device to help in the effort of tracking down stolen equipment; there are various vendor related hardware and software products available, look into the most appropriate option that meets your needs.
Be especially aware if your travels take you abroad, that current export control laws give Customs and Border Patrol the authority to enact an onsite COMPEX (compliance exam) on ANY personal device you may be carrying. This includes cell phones, PDA's, and laptops. They can demand your passwords, PINs, and/or encryption keys and have authority to detain you if you do not comply. If a device is identified as having probable investigative cause it could be confiscated for analysis, running the risk of exposing sensitive information, and possible permanent loss of the device.
If you have a presentation saved in or are using disks that use a commercial DVD format and you are traveling internationally be aware that there are 6 different region codes. DVD's purchased in the US could potentially not work on equipment at your intended destination.
Hardware needs
If you plan to print out documentation in the duration of your visit copy it onto external media (e.g. DVD, CD, USB key). It is a much more convenient way to print documents in a business center (hotel/conference facility or similar) than connecting and configuring machines to reach network printers, or transporting a personal printer with you.
Invest in some form of physical locking device - a laptop security cable or similarly appropriate technology.
If you need to use your machine on an airline it may be a good idea to check ahead of time to see if the airline you are taking has the required power connections. (http://www.seatguru.com/ is one web site you can visit to get information.)
If you are traveling internationally, keep in mind the different voltage requirements. Investigate and purchase a plug adapter to accommodate the type of electrical outlet used at your destination be sure to look at your adapter label to find out its voltage range.
Some international destinations only have dial-up (modem) access as an internet connection option, but most new laptops do not ship standard with a modem (remote dial-up port). There are numerous USB modem devices available for purchase as an add-on.
Power fluctuations in some travel destinations can cause serious damage to your equipment, look into the acquisition of a surge protector if there is a risk of danger.
Things to consider while traveling:
If working with PII in a public place i.e. at a conference, be aware of your physical location as shoulder surfers (persons observing what you type) are a risk.
Disable infrared and or bluetooth ports and any other features when not in use.
Do not leave your mobile device unattended in your hotel room, or at any time. If you are not using it, lock it away in your hotel safe, or if you do not have one, lock it away in your luggage.
In some international destinations, laptops are a sign of wealth and could attract the attention of thieves. Limit the use of your device in public, where possible.
Before you return, be sure to transfer all sensitive data files that you created or copied and worked on while traveling back to your UI workstation, and then delete the files from your portable device.
A lot of mobile devices come packaged with all sorts of software or peripherals and on occasion you may not be entirely sure how they work. Good rule of thumb with anything of this nature not just software, if you are not using it does not need to be turned on.
Using Public Computers
NEVER access any sensitive personally identifiable information (PII) or sensitive research data on public computers.
Remember to close out and LOG out of all programs and applications before you leave the computer.
Remove all disks and USB drives you may have inserted into the machine before you leave.
Things to consider upon returning:
It is a recommended best practice to change your Hawk ID password upon your return. This is just in case someone was able to sniff, observe, or otherwise obtain it while you were traveling.
Run antivirus and spyware detection tool(s) on your portable device to ensure no malicious software infected your device, before you reconnect it in your home or reconnect it to the UI network.
If your laptop is a rental, make certain it is wiped clean and then re-imaged before you return it. (Ask your department IT support staff or the personnel at rental pool to assist you.)
Check to ensure all removable media and documents used are appropriately stored or destroyed.
Links:
http://cio.uiowa.edu/policy/policy-InstitutionalDataAccess.shtml
http://helpdesk.its.uiowa.edu/encryption
http://helpdesk.its.uiowa.edu/software
Research Data Export Controls
http://www.ncix.gov/publications/reports/traveltips.pdf
Encryption License Exception Information
Send questions/comments to IT Security
Phone: 319-335-6332
E-mail: security@uiowa.edu