Since Mount Holyoke faculty and staff travel around the world, LITS has assembled this page to provide information about appropriate considerations when traveling with college-owned or personal technology devices. Traveling with technology is subject to both legal restrictions and security concerns, and it is important to be aware of the risks and best practices associated with carrying laptops or mobile devices abroad.
We have assembled some frequently asked questions about traveling with technology below. We encourage all travelers to review them and to feel free to reach out to the Help Desk at x2600 or email@example.com if you have additional questions.
What are the main points I need to remember while traveling with technology?
- Understand and comply with all export control laws.
- Carry only the minimum software, data and devices you must have access to on your trip.
- Always use the College's VPN service to connect back to College resources, or in higher risk countries, use only the VPN service to connect to the Internet.
- Store data in the cloud or on remote systems that require secure authentication to access, rather than on your laptop's local hard drive.
- Upon your return from traveling, clean any computers or mobile devices carried with you by wiping and re-imaging their hard drives.
- Also upon your return, change your passwords, especially those used to access College resources.
- Consult with LITS on your specific situation to ensure you are following best practices while traveling with technology.
For details on each of these points, please see the additional questions and answers below.
Can I bring my College-assigned laptop with me when I travel outside the country?
The answer to this question depends on the countries you are traveling to and the data or software stored on your laptop.
Federal export control law prohibits carrying certain types of technology and data outside the country, so it is important to be aware of and comply with export control regulations first and foremost. Travel to the U.S. sanctioned countries of Cuba, Sudan, North Korea, Iran and Syria requires that you carry only LITS-prepared travel loaner laptops which have 'clean' software images and no data. These loaner laptops are also recommended for travel to other countries considered high risk for data compromise, such as China and Russia.
If you plan to travel with a College-owned laptop or with institutional or research data, you should contact the MHC Export Control Task Force so that your plans may be reviewed by the Five College Risk Management office. Licenses are required to conduct many kinds of activities in sanctioned countries.
In addition, you should plan to load only the minimum data required for your local use onto the laptop, and to ensure that this data does not violate export control regulations. Remember that data can be stored in the cloud on Google Drive, or on the College's local file server and accessed while off campus through a secure Virtual Private Network (VPN) connection to protect against unauthorized access. Local data is less secure data and it is far better to access your data from a secured location than to store it on the local hard drive of a laptop or mobile device while traveling.
Finally, travel loaner laptops may be encrypted by LITS for high risk countries, or unencrypted to comply with export control restrictions against bringing encryption technology to U.S. sanctioned countries. It is important for LITS to know which countries you plan to travel to so that the appropriate encryption can be applied.
How should I access on-campus technology resources while traveling internationally?
Travelers who need to access on-campus technology resources while traveling should always use the College's Virtual Private Network (VPN) service to access those resources. In addition, it is advisable in high risk countries to use the College's VPN for ALL online activities, as an extra layer of defense against data compromise. We recommend setting up your VPN software connection from your home in the U.S. first, before traveling, so that you can confirm it is working properly and can easily consult the Help Desk for any support issues. While traveling, you should activate VPN software as your first step, before accessing any data or services on the Internet, within Google or on the cloud.
What considerations should I follow if I plan to carry and use a mobile device while I am traveling abroad?
In most countries you have no expectation of privacy in Internet cafes, hotels, offices, or public places. Hotel business centers and phone networks are regularly monitored in many countries. All information you send electronically can be intercepted. Wireless devices are especially vulnerable. Security services and criminals can track your movements using your mobile phone. Security services and criminals can also insert malicious software into your device through any connection they control. They can also do it wirelessly if your device is enabled for wireless. It is possible for "malware” to migrate from your compromised device to your connected institutional systems, where it can send information back to a malicious party. Malware can also be transferred to your device through thumb drives (USB sticks) and computer disks - so do not accept these items from other parties while traveling.
If you can do without the mobile device on your trip, don’t take it with you. If you must take it, don’t take information you don’t need, including sensitive contact information. Consider the consequences if your information were stolen. Back up all information you take; and leave the backed-up data at home for safe-keeping. Secure your mobile device with a passcode, and if it supports remote locking or wiping, enable that service so you can perform it if your device is lost or stolen. If you need assistance setting up these services or performing backups or restores, the LITS Help Desk can advise you.
How should I protect my data from unauthorized access at border crossings?
Consider traveling with an inexpensive computer or mobile device that does not contain any data, rather than your every-day laptop or smartphone. Using a travel-only device will also help secure you against theft while you are traveling. Remove social media apps and accounts from the device before crossing the border. In addition, if your mobile device can be unlocked with a fingerprint reader, consider disabling that functionality so that you cannot be forced to unlock your device. If you must travel with data on your device, consider encrypting the device's drive. All LITS-issued laptops are encrypted by default and LITS can also lend travelers 'clean' laptops which are free of data. Personal devices can be encrypted using programs such as BitLocker for PCs or FileVault for Macs. Finally, consider storing whatever data you need on a cloud service such as Google Drive rather than storing it locally on your device.
What precautions should I take upon returning from my travels?
If you have traveled to a U.S. sanctioned or high-risk country, you should assume that your system has been compromised during your trip. Even trips to lower-risk countries will often result in a compromised system if a laptop or mobile device was used to connect to the Internet. LITS recommends wiping and re-imaging any laptop or mobile device carried along on your trip. Wiping and re-imaging is done routinely on all LITS travel loaner laptops when they are returned to LITS. In addition, you should change your password(s) used to access College resources as a precaution. The LITS Help Desk can assist with these processes if necessary.