Whether you’re travelling for leisure or work, there are potential risks associated with using computers abroad.
This page provides details of the things that you can do to protect yourself and your data when using computing facilities outside the UK.
Passing through airport security
Caution: You might think that airport security is a safe environment, given the presence of so many security staff. However, it is surprising how many items are ‘taken by mistake’ or stolen here.
Warning: Opportunist thieves can take advantage of the distractions involved in getting through security. In the chaos, smartphones, tablets and laptops can be spirited away very quickly.
Advice: Keep a close watch on your belongings. Recover laptops, tablets and mobile telephones before refitting shoes and belts etc.
Using your own or a University-owned laptop outside the UK
If you are using a University-owned laptop it should be encrypted to the University’s encryption standard, so that any data on it is safe in the event of the laptop being lost or stolen, but what if you are using your own laptop?
If you own a Windows, Mac or Linux laptop you can encrypt it using a free product such as TrueCrypt. Apple Macintosh laptops can also use built in encryption software . As an alternative to TrueCrypt, Linux users can use LUKS. Search for these products online for more details.
Caution: The University Encryption Standard provides a range of benefits to enable the recovery of passwords and data if you forget your password. These safe guards are rarely a feature of encryption software intended for domestic use, so it’s important that you can recover your password. Depending on the software you use, you’ll need to record your password or produce a ‘recovery key’, either of which you’ll need to keep secure and away from your laptop.
Warning: Some countries don’t allow either the import of, or the use of, encrypted devices (including smartphones and tablets) without first getting the correct permit or licence. In some cases this can take several months If you don’t, your device could be seized, or you could be prosecuted. More information on travelling abroad with encryption.
Advice: It is your responsibility to check whether the country (or countries) that you are visiting impose import or use restrictions, and if so, to obtain the required permission.
Much of the following advice is also good practice in the UK.
Advice: If you synchronise your phone with your University Exchange account, set it so that it only retains the minimum amount of emails, ie 1 to 2 days.
Apply any PIN or password mechanism that is available to you, and minimise the auto-lock time mechanism so that if the device is lost or stolen your data will be protected. In some cases setting an access control also means the device is encrypted using in-built encryption technology.
Activate the “find-my-phone setting” (iPhone) so that if it is lost or stolen you can track it.
Turn off Bluetooth settings so that you are not broadcasting data locally.
Be careful using untrusted wireless connections as these can be a security risk.
If your smartphone is lost or stolen and you use it to synchronise to your University Exchange account, report it to the IT Help Desk as soon as possible so that it can be remotely wiped the next time it trys to synchronise with Exchange.
If you are working abroad remember that not all wireless networks are secure. Your most secure way of working is to access Desktop Anywhere or Outlook Web Access (for email only) which use the University’s secure servers and encrypt network traffic. You can access these from any device (laptop, tablet or smartphone).
If you have to input and store work-related data on a mobile device, you should upload it to the University’s servers at the first opportunity. If you’re using a laptop and can’t connect to University servers, create a backup of your data, which you should store separate from your laptop. However, remember that ‘classified’ data can only be stored on encrypted University-owned devices and must be transferred to a secure University server at the earliest opportunity.
Caution: If you have to use a third party’s computer remember that it may not be as secure as your University computer. Only use it as a last resort if you need to access University systems or use a sensitive site such as on-line banking etc. Computers which are unpatched or which have outdated anti-virus software may be compromised and may capture your logon details, payment card details and even every keystroke you make.
Warning: Avoid using computers in internet cafes, especially if you are visiting a developing country. If you really must use a third party’s computer use a machine in a leading hotel, but remember it could still be compromised!
Advice: If you have used a third party computer abroad to access a University system or a sensitive personal site such as your on-line banking, change the password to that account as soon as possible. Remember, you don’t have to wait until you return to the UK to do so, if you can do so on a known secure device, eg a University-owned device.
Keeping in touch with family and friends
If you’re travelling abroad without a mobile device and want to keep in touch with family and friends, create a new email account (Hotmail, Gmail etc) just for this before you leave. Then, if your logon credentials are captured, the potential damage and inconvenience to you will be minimised. Similarly, you should also create temporary accounts on social networking sites.
Securing personal documents
Before travelling, it’s good practice to scan personal documents, such as your passport, visas, travel insurance documents, driving licence, E111 (for European countries), etc. You should also consider any other important documents, such as a prescription list, glasses prescription and any special licence, such as a permit to import or use encryption.
Likewise, record key details such as your payment cards’ account numbers and the telephone number to call if they are lost or stolen(the telephone number is on the back of each card).
It is also a good idea to list the address and telephone number of the British (or respective) Embassy or Consulate in each country you are visiting.
Once you’ve created these scans, transfer them to an encrypted memory stick and keep this separate from your payment cards, travel documents and other documents.
Caution: Remember some countries prohibit the importation of an encrypted device without a licence or permit. This may apply if you are have an encrypted memory stick.
Warning: Do not carry scans or sensitive personal data, such as payment card details, on an unencrypted memory stick. If a device containing such details was lost or stolen this could result in your identity theft and / or misuse of your payment cards.
Advice: If you don’t have software available to encrypt a memory stick, you can buy a hardware encrypted memory stick which will wipe all of its data after a given number of incorrect password attempts. Search online for more information.
Remember: The degree of protection assigned to any password protected device is only as strong at the password itself, so always choose a strong but memorable password or better still a passphrase. For example, Mary had a little lamb 1958 is effectively a 27 character password (spaces count).
Note: Some overseas keyboards have a different layout to UK keyboards and many have different special characters. So, to avoid typing the wrong password into a device and risking wiping it, avoid using special characters in a password or passphrase on an encrypted memory stick.