International Travel Guidelines

International travelers should limit the amount of sensitive information that is stored on or accessible to any mobile device taken on the trip, and travelers should avoid contact with the William & Mary network in general, specifically when traveling to high risk countries (see U.S. State Department's Alerts and Warnings).

Traveling internationally can pose significant risks to information stored on or accessible through computers, tablets and smartphones.  Some of the risk is associated with increased opportunities for the loss or theft of the device and just merely the distraction of traveling. Additionally, our devices are put at risk because they will use networks that may be managed by entities that monitor and capture network traffic for competitive or malicious purposes.

 

Preparing for Your Trip
Identify "high risk" countries you plan to visit

Visit the U.S. State Department's Alerts and Warnings web page to identify "high risk" countries you plan to visit.

Understand the sensitivity of any data you bring or access
Seek ways to limit the amount of sensitive information that you take on your trip.  Examples of data that should be left on campus or afforded exceptional protection include information that might be considered sensitive by the host government, and information defined as confidential or highly confidential by the university’s System & Data Classification Policy.  Removing unnecessary confidential data from any device reduces the risk of exposure to anyone gaining access to the information.  If desired, check out a loaner laptop from the Technology Support Center.
 
 
Things to Remember while Traveling
Avoid accessing the university directly with your W&M Username and password
By not logging into William & Mary applications while you travel, you eliminate the risk of your W&M Username and password being captured and used to compromise William & Mary systems.  You also reduce the amount of data that is retrievable if your mobile device is lost, stolen or otherwise compromised.  Therefore, keep your direct access to William & Mary systems and information to an absolute minimum, preferably zero. 
 
Avoid using public workstations
The security of public workstations, especially in high risk countries, cannot be trusted.  When you use a public workstation, anything that you enter into the system - IDs, passwords, data - may be captured and used, so limit your activity to the devices that you bring.
 
Be aware of your surroundings when logging in or inputting data into your devices
There have been many cases where an ID, password or a piece of confidential information had been compromised simply by watching the person input the information. Be discrete when entering your ID and passwords.
 
Notify us if a theft or loss occurs

Traveling can be fraught with a variety of distractions - going through airport security, finding your way around town, getting used to cultural norms, etc.  Unfortunately, most instances when mobile computing devices are lost or stolen occur in the areas where the distractions are the greatest.  Recognizing distracting situations and, when they occur, taking extra care to maintain your focus can prevent you from having to take the steps necessary to disable those devices and obtain replacements.

In case a laptop or mobile device is lost or stolen, contact William & Mary’s Technology Support Center at 757-221-4357 or [[support]].

 

When you Return
Change any passwords you may have used during your travels
When you return from your trip, change any passwords you may have used during your travels from a trusted device. When traveling, especially in high risk countries, the likelihood that your William & Mary ID and password will be captured is high. Quickly changing a compromised password helps prevent future attacks on that account. 
 
Restore the software on the systems with which you traveled to trusted versions
According to National Security Services, when our devices connect to a network in a high risk country, there is an increased likelihood that the device will be compromised and have malicious software installed. This software then can compromise information and other devices on the William & Mary network when the device is reconnected to the university's network.

Upon your return before reconnecting to the William & Mary network, erase and wipe the hard drive and other components that store data and software for any device you used during your travels and reimage them with trusted software versions.  Contact the Technology Support center at 757-221-4357 or [[support]] for assistance.

 
Assumptions when Traveling
  • No device can be protected against all possible forms of system and information compromise, especially when its members travel to countries that are deemed as high risk.  So, we must assume that any device taken to a high risk country will be compromised in some, potentially undetectable way.  The only truly secure option is to refrain from using digital devices when traveling.
  • Information of particular interest to someone intent on compromising your devices not only includes business data but also the traveler’s ID and password that could be used to directly access William & Mary’s systems and information resources.
  • When a device is compromised, the attacker may install software on the device that could compromise other systems and data on the William & Mary network when the traveler reconnects his or her device to our network upon return, unless measures are taken to completely restore the device to its pristine state before the network connection is established.

Additional Resources
  • The U.S. Department of State's Country Specific Information website: Allows a user to specify his or her destination country for which it provides information such as, the location of the U.S. embassy and any consular offices; whether you need a visa; crime and security information; health and medical conditions; and local laws.
  • The FBI's Travel Tips brochure: Measures that the FBI recommends taking before, during and after traveling internationally in a compact, printable document.
  • US CERT's Holiday Traveling with Personal Internet-Enabled Devices website: Tips from the US Computer Emergency Readiness Team for protecting your mobile devices when traveling.
  • Internet 2's Security Tips for Traveling Abroad website: A collection of institutional, governmental and other resources that provide guidelines for secure, international travel.
  • FAQs - Searches of Electronic Devices at the Border document: Questions and answers concerning searches of electronic devices at the border.

 

Questions? Contact the Technology Support Center (TSC)
757-221-4357 (HELP) | [[support]] | Jones 201, Monday - Friday, 8:00 am - 5:00 pm

Page content credit: Princeton Information Security Office