Traveling abroad presents additional risks related to the theft of devices and data. Connecting from unfamiliar locations and networks imposes a new threat landscape from what you traditionally are exposed to. Please consider where you are traveling, what devices you are taking, and what data you have access to through those devices during your trip. The Information Security Office has provided guidelines for employees who work while traveling in order to best protect the institution.
- If traveling internationally, identify risk advisories for your destinations by viewing the Travel Advisories posted by the U.S. Department of State(opens in a new window)
- Travel to areas identified as “Level 4 – Do Not Travel” is high risk.
- Should you travel to these areas for purposes other than to perform required work due to your employment with Ohio University, you are not permitted to take university-owned devices or access university data from these locations.
- Use of applications on personally owned devices to access university resources while traveling to these areas for non-work purposes is prohibited. To secure university data, remove applications including Outlook, Teams, and Canvas from your personal devices before travel.
- If you are traveling for university required purposes, consult your dean or department head to determine if a loaner laptop should be obtained before travel.
- Adherence to all university policies and information security standards is applicable while traveling.
- Travel to areas identified as “Level 4 – Do Not Travel” is high risk.
- Familiarize yourself with Secure Workspace Practices prior to departure.
- Limit the number of devices and amount of data you are traveling with to reduce the risk of exposure. Use temporary devices if possible, such as a University loaner device or disposable pre-paid devices as opposed to regular personal or work devices.
- Remove sensitive data from the devices you are bringing with you, as sensitive data should not be stored on a local device. Instead, opt for storing in a secure OneDrive/SharePoint site instead.
- Set up VDI and use it to access sensitive data and resources. We strongly encourage individuals working while traveling to use VDI in Lieu of VPN.
- Configure encryption(opens in a new window)
on your devices. The IT Service Desk can assist with University owned devices. For personal laptops, consider BitLocker for Windows or FileVault for Mac.
- It is also important to note that in accordance with the Information Security Standard: Safeguarding Sensitive Data, downloading sensitive data to personal devices such as a laptop, USB, or external hard drive is prohibited.
- Be aware that some foreign countries restrict the use of imported encryption software, so it is your responsibility to research the software import laws of your destination country.
- Notify the Information Security Office that you will be traveling, at minimum one week prior to your departure, if you intend to work while traveling. This allows the Information Security Office to better evaluate the legitimacy of any out of country logins.
- The Information Security Office can be contacted by emailing security@ohio.edu
- Set up multi-factor authentication (MFA) for as many services as possible. Most Ohio University services utilize MFA, but you can also set up MFA for non-OU and personal services such as banking, social networks, and email.
- Configure Ohio University's Campus VPN.
- Should you need to travel to a Level 4 “High Risk” travel location as part of your assigned work as an employee of OHIO, request a temporary account (“OHIO guest account”) to use while traveling. This reduces risk as your regular email account can be configured to forward to this service account for the duration of your stay. This allows you to access resources without utilizing your typical account, protecting the contents within and the associated university credentials
- Make sure your devices’ operating system and software are up to date.
- Ensure anti-virus is installed and enabled. Be sure to learn how to run an anti-virus scan prior to departure.
- Store documents and work products in your university affiliated Microsoft OneDrive accounts and groups to ensure that you have a current back up of your data.
- Use strong passwords . Avoid dictionary words and add special characters. For cell phones, use alpha numeric or a passphrase instead of PIN entry.
- Turn on services such as Google’s "Find My Device" or Apple’s “Find My” app, if available for your device, to aid in finding lost or stolen devices. Turn on "Find My Device" services and similar remote wiping services if available for your device.
- Turn on services such as Google’s "Find My Device" or Apple’s “Find My” app, if available for your device, to aid in finding lost or stolen devices.
- In accordance with the Information Security Standard: Microsoft O365 – Remote Data Wipe ; Microsoft offers the capability to remotely remove all data from a device that is synced to your OHIO email account in the event the device is lost or stolen. To utilize this functionality, you can contact the Information Security Office at 740-566-SAFE or via email security@ohio.edu
- As applicable, adhere to requirements under OHIO’s Export Control Program .
- Keep your devices in sight at all times.
- Be cautious when connecting to public Wi-Fi. Use cellular data when possible, but be mindful of roaming charges.
- Disable services like Bluetooth and Wi-Fi on your device when not in use.
- Use multi-factor authentication and a VDI when accessing university information and resources.
- Avoid public computers, such as in internet cafes.
- Bring your own charging cables and avoid utilizing charging kiosks as they may be infected with malware.
- Clear your internet browser after each use. (Delete history files, caches, cookies, etc.)
- If any of your devices are stolen, report it immediately to the local authorities if traveling domestically or the local US Embassy or Consulate when traveling internationally.
- If the stolen device was an Ohio University device or stored Ohio University data, contact the Ohio University Information Security Office (via email security@ohio.edu or by calling 740-566-7233) in addition to the local US Embassy or Consulate.
- Change your passwords for any credentials you used when traveling, including your OHIO account password .
- Return any loaner devices.
- If you used a temporary travel account, ensure that the forwarding has been removed.
- Run an anti-virus scan on your devices.