Travel & VPN
The world is your campus! Whether you're looking for a spring getaway in France, embarking on a study abroad program in Thailand, attending a conference in New York, or venturing to the new donut shop two blocks over, the world of information security becomes much more fraught the moment you leave the safety of home or campus. Hackers are eager to pry information and money from people in unfamiliar places, and they've developed sophisticated techniques to do so. But by following a few fundamental principles and rules, you can keep attackers at bay while you pose for another selfie.
Principles
- Limit how connected your device is to the Internet.
- Limit how much data a hacker could steal from your device.
- Limit the number of devices and accessories you use.
- Limit the ways a hacker could enter or damage your device.
- Be wise with the information and money you handle.
Pre-flight Checks
- Leave unneeded devices or information at home. If your laptop contains sensitive files that you won't need abroad, leave it and check out a loaner laptop instead. If you need the laptop but not the files, back up the files to a secure location, then remove them. The same goes for keys, fobs, cards, and papers—if you won't need them, don't bring them.
- Encrypt your device with BitLocker (Windows) or FileVault2 (Mac). Note: The US government prohibits bringing an encrypted device to Cuba, Iran, North Korea, Sudan, and Syria. China and other countries also prohibit the import of encrypted devices. If your destination country falls under either of these categories, contact your university travel office for guidance.
- Install a VPN (virtual private network). A VPN is a service that takes all your internet traffic and routes it through a third-party server in a different location. For example, if you're sitting in Paris and you log in to Facebook while on a VPN, the credentials you type in will go first to a VPN server in Nebraska, in an encrypted format, before moving on to Facebook's own servers. To Facebook, it will appear that you're in Nebraska, and the information Facebook sends back your way will reflect that. A VPN can help you access websites and information that would be inaccessible in your destination country. Because a VPN encrypts everything your device sends and receives, it also blocks hackers from stealing your data if you need to use public Wi-Fi. We recommend using established, reputable VPN services, as smaller and less well-known VPNs can often be malicious themselves. Examples of reliable services include ExpressVPN, NordVPN, and Surfshark. If you are traveling as a university employee, you should log in to the VPN that corresponds to your university or department (links in the sidebar).
- Stock up on the accessories you'll need—chargers, charging cables, external mobile hotspots, hard drives, outlet adapters, etc. Gadgets bought abroad can pose a risk to your device. For example, a poorly manufactured charger could catch fire, or a public USB cable could be a conduit for malware.
- Consider purchasing credit card sleeves. These simple protective devices prevent hackers from stealing card data with RFID technology.
- Cover your laptop cameras with tape or integrated covers. As they say, modern problems require modern solutions.
- Install anti-malware software. You can read more in our article about antivirus & malware.
- Set up strong passwords for all your accounts. Each password should be 16-20 characters long and unique to its account. You can read more in our article about strong passwords.
- Update your software and operating system. Updating software while not on your home or school network can be slow or even dangerous. You can read more in our article about software updates.
- Back up your data. It's best to store working files in the cloud while traveling. You can read more in our article about data storage.
As you go through airport security in some countries, you may be asked to turn on and unlock devices you've packed. If this happens to you, comply by entering any passwords or codes yourself. If asked to give a password, you can state that university policies prohibit the sharing of passwords. If security officers continue to request your password, comply calmly, but change your password immediately after the check.
While Abroad
- Assume that nothing is 100% secure. Unfortunately, privacy laws and security protocols aren't always favorable or evenly enforced worldwide. Of course, outright paranoia isn't the best attitude when exploring a new part of the world, but a healthy sense of skepticism will help keep you on your toes.
- Don’t abandon a device. If you can't bring it with you on some excursion, either leave it with someone you trust or in a hotel safe.
- Avoid public Wi-Fi. Hackers can easily create fake networks or tap into unsecured ones. The Wi-Fi networks in airports, hotels, cafes, libraries, and restaurants are rarely secured, which leaves any data you view or transmit accessible to a hacker. If you must use a public Wi-Fi network, ask an employee to confirm the name of the network. While logged in, don't input passwords, make online purchases, or view banking information. Finally, good alternatives include:
- Using your VPN while on public Wi-Fi—you know, the one you installed before you left!
- External mobile hotspot—a small device that can offer a private, pay-as-you-go Wi-Fi network while you're on the road.
- Mobile data—Most mobile providers offer attractive rates and plans for international travel.
- Turn off Wi-Fi and Bluetooth whenever you don't need them.
- Turn off automatic network connection on any Wi-Fi-enabled devices.
- Use a privacy screen if you need to work with sensitive information in public. Privacy screens make the screen's contents invisible to all but the person directly in front of the computer.
- Avoid public computers. Devices in hotels and internet cafés are rarely secured. It's possible, for example, for someone to hack a public keyboard and nab passwords and data as you type.
- Avoid public chargers and charging ports. So-called "juice jackers" can hack USB connections to secretly transfer malware or steal data. If you need to charge in a public place, use your own cord and adapter.
- Only purchase and use accessories from a reputable vendor if you realize you're missing a cord or need some form of local storage (USB, SD cards, etc.). Be wary of technology bought in street markets or internet cafés.
- Avoid online shopping. Don't input or save payment information in your browser. Stay away from sites with "http" in the URL instead of "https."
Back at Home
- Update the software on all the devices you brought.
- Clear your browser data—cookies, cache, and history.
- Change any passwords you used while abroad.
- Run a virus scan on all devices used.
- Contact your University IT department before connecting a device to a university network.
Although the steps to keeping yourself and your data secure while out and about may seem complex, your care and preparation can prevent the far more complex consequences of getting hacked or robbed while abroad. Apply these principles generously, then enjoy your voyage!