Body
Overview
From time to time, University students, staff, and faculty may travel outside of the United States and need access to University information technology resources and data while traveling. In these situations, the individual must understand whether there are any legal or contractual requirements regarding whether the data can be processed, stored, or transmitted outside of the United States.
In addition, the individual should consider requesting a travel device from the University’s Global Operations Support. The individual should also follow the University’s Workstation Security Standards for Remote Work, Mobile Device Security Guidelines and Best Practices, and review the Technology Guidelines and Tips for International Travel website.
Please contact Pitt Information Technology (412-624-HELP [4357] or helpdesk@pitt.edu) at any time if you need assistance or have questions about any of the guidelines listed below.
Detail
University of Pittsburgh Travel Registry
Over the last few years, two forces have shaped the University’s thinking about international travel of students, faculty, and staff. First, events and disasters around the world have made it important for us to be able to quickly identify University personnel abroad. Second, as we increasingly are engaged in global programs, it would be useful to be able to provide an aggregate overview of the range of engagement abroad each year.
Thus, the Council of Deans has adopted a policy that requires registration of international travel for all University students and staff and strongly encourages registration for faculty. You can register your trip through the Travel Registry.
Who is required to register?
- Undergraduate students (but most of this travel is registered through the study abroad process, see below)
- Graduate students
- Staff
- Faculty (strongly encouraged, but not required)
You should register using this system if:
- You are conducting research abroad
- You are attending a conference or meeting abroad
- You are part of a University group or club and traveling abroad as part of a University-sponsored activity
You should not register using this system if:
- You are participating in a program administered through the University’s Study Abroad office website
- You are helping to manage a study abroad program managed through the Study Abroad office website
- You are not on University business (e.g., you are going on vacation abroad)
Technology Guidelines from Pitt IT
General Guidelines
Assume everything you do on your devices is being intercepted
The information that you send over a network may be monitored, even when using a hotel or business connection. It is always best to assume you are being monitored so that you can adjust your actions accordingly.
Never use public Wi-Fi, computers, or devices
Shared computers in cybercafes, public areas, hotel business centers, and foreign institutions–as well as devices that belong to other travelers–should never be used to access University or personal systems that are protected by a username and password. Public, free Wi-Fi connections cannot be trusted and may compromise your device if you attempt to connect to them.
Keep your device with you at all times
Do not let your devices leave your sight. Should customs or other airport officials take your devices out of your view, those devices should be considered compromised and should not be used. Even if you will not be using your device, it should not be left in a hotel room, conference center, or foreign office unattended.
Do not use unknown storage devices
USB keys can be used to install malicious software on your devices and allow unauthorized individuals to compromise your data and accounts. Only plug items into your devices that you have brought with you. Public charging stations at airports or hotels should also be avoided, as they can transmit harmful software to your devices.
Be aware of your surroundings
When entering your username and password into your devices, be aware of those around you. Someone may be closely watching your screen and keyboard in an attempt to steal your credentials.
All devices should be erased and rebuilt upon you return
All devices with which you traveled should be considered compromised upon your return. They could contain malicious software that you do not want to introduce to the University's network or your home network. The safest course of action is to have the device securely erased and rebuilt, either from an existing backup or through a new installation of the operating system.
Change your passwords
You must change your password for all services that you have accessed while abroad. This should be done for your University Computing Account as well as any personal email, social, or financial sites that you accessed while traveling. By limiting the sites that you visit abroad, you reduce the number of passwords you need to change.
Laptops
Follow the University’s Workstation Security Standards for Remote Work.
Keep your operating system updated
The laptop's operating system, whether it be Windows, macOS, or Linux, should have all of the latest security patches applied to it.
Uninstall applications that you do not need
Keep on the laptop only those applications that are necessary for your travel. Uninstall any applications that you do not need or do not use. For those applications that remain, ensure that they are up to date with the latest security patches. This is especially important for those applications that interact with the web, including web browsers, Adobe Acrobat and Flash, Silverlight, and Java. Be aware that U.S. export control laws preclude bringing some software applications across the borders of many countries.
Update the settings on your web browsers
All web browsers should be set to automatically clear your browsing history and cache after each session. Contact the Technology Help Desk for assistance in applying these settings to your preferred web browser.
Verify your antivirus software is up to date
Ensure the latest version of antivirus software is installed on the laptop.
Encryption
Devices must encrypted with tools such as BitLocker (Windows) or FileVault (Mac).
Remove any sensitive or confidential data
Prior to your travels, remove any sensitive or confidential data from your laptop. This includes student information (grades, comments on student work, information not available in a public directory), proprietary information (including unpublished research), University business or planning documents, personal/financial information, and any other materials that should not be made public. Materials related to the travel arrangements, presentations, supporting materials, educational information, and any other public domain documents can reside on the laptop.
Cellphones and Mobile Devices
Follow the Unviersity's Mobile Device Security Guidelines and Best Practices,
Consider using a non-smartphone
Our phones have become mini-computers and generally contain all of our email, private communications, and contact lists. These are high-value targets for international cybercriminals. The safest course of action when traveling abroad is to procure a non-smartphone that will be used only for making calls.
Back up and reset your device
If you will be traveling with a smartphone or mobile device, you should back up the device and then reset it to its factory default setting. This will clear all personal information from the device and allow you to selectively copy certain information back on to the device. Upon return, your device can then be restored to its previous state.
Limit data contained on the device
Email and contact lists contained on cell phones are often filled with information that international cybercriminals covet. Email can contain non-sensitive but highly confidential information. When traveling, it is best to remove from your device any email accounts, including your University email account and personal accounts like Gmail. At a minimum, the contacts and amount of email synced to your devices should be limited.
Use strong passcodes
Use a strong passcode to protect cell phones and mobile devices. This will prevent others from picking up your device and gaining access to it.
Disable Bluetooth and Wi-Fi
Unless you are actively using these features, you should disable them on your phone. Allowing these services to run provides potential attackers with a method for gaining access to your device.
Pitt IT Assistance
Inventory your equipment
Pitt Information Technology can inventory your equipment prior to your travels. This will allow us to assist you in reporting lost or stolen devices, should you need to do so while traveling. We can then also verify the state of your operating system and applications, and we can determine whether any sensitive data is present on the devices.
Monitor your accounts
When notified of your travel dates, Pitt Information Technology will monitor the logins from your University Computing Account to look for any anomalous behavior. Should we identify any suspicious behavior associated with your account, we will contact you immediately to change your password.
Answer questions
Contact the Technology Help Desk (412-624-HELP [4357] or helpdesk@pitt.edu) at any time-before or during your travels-if you have questions about any of the topics covered in this document. Should you suspect your account has been compromised or University data has been breached, the 24/7 IT Help Desk can notify our security team 24 hours a day, seven days a week.
Additional International Travel Tips for Researchers
The University of Pittsburgh’s Office of Trade Compliance recommends that faculty and staff consider the following tips when traveling internationally:
- To determine prior to traveling and with as much advance notice as possible if an export authorization will be required (obtaining a license can take up to several weeks)
- To know in advance with whom (individuals and entities) you will be communicating and collaborating, so that you can conduct complete Restricted Party Screenings (RPS)
- To travel with a clean laptop with a recovery system
- To remove any export-controlled information, technical data, and software from your devices prior to leaving the U.S. Use a "shredder" program to erase the information that you do not want to share. In most cases, it is easier to physically remove the hard-drive and replace it with a clean system
- To back-up all of the information that you take before your departure and to leave the backed-up data in the U.S
- Not to take devices/technology/information with you that you do not need
- To refrain, when possible, from consulting your Pitt emails and from using any cloud-based storage while abroad
- Not to exchange controlled-information by phone, fax, email, etc.
- To take business cards, contact information of any person who wants to know more about your project
Related Information
Additional Resources
For everyone
For faculty and staff
For students