International travel has many benefits, but it also entails some degree of risk, especially with regard to the security of technology resources like laptops, smartphones, and mobile devices.
This page provides a number of important technology guidelines and tips for international travel. These guidelines are designed to help you protect your devices and data while traveling, and they will also help to protect University of Pittsburgh systems and data.
For many students, international travel in the form of Study Abroad programs or exchange programs is an important part of the academic experience. Similarly, Pitt faculty and staff often travel abroad on University business, to conduct research, or while representing the University at academic conferences or other activities.
Please contact Computing Services and Systems Development (412-624-HELP  or firstname.lastname@example.org) at any time if you need assistance or have questions about any of the guidelines listed below.
University of Pittsburgh Travel Registry
Over the last few years, two forces have shaped the University’s thinking about international travel of faculty, staff, and students. First, events around the world (e.g., the Tsunami in Asia, the earthquake in Japan, the change in government in Egypt) have made it important for us to be able to quickly identify University personnel abroad. Second, as we increasingly are engaged in global programs, it would be useful to be able to provide an aggregate overview of the range of engagement abroad each year.
Thus, the Council of Deans has adopted a policy that requires registration of international travel for all University students and staff and strongly encourages registration for faculty. You can register your trip through the Travel Registry community at My Pitt (my.pitt.edu).
Who is required to register?
- Undergraduate students (but most of this travel is registered through the study abroad process, see below)
- Graduate students
- Faculty (strongly encouraged, but not required)
You should register using this system if:
- You are conducting research abroad
- You are attending a conference or meeting abroad
- You are part of a University group or club and traveling abroad as part of a University-sponsored activity
You should not register using this system if:
- You are participating in a program administered through the University’s Study Abroad office website
- You are helping to manage a study abroad program managed through the Study Abroad office website
- You are not on University business (e.g., you are going on vacation abroad)
Technology Guidelines from CSSD
Assume everything you do on your devices is being intercepted
The information that you send over a network may be monitored, even when using a hotel or business connection. It is always best to assume you are being monitored so that you can adjust your actions accordingly.
Never use public WiFi, computers, or devices
Shared computers in cyber cafes, public areas, hotel business centers, and foreign institutions-as well as devices that belong to other travelers-should never be used to access University or personal systems that are protected by a username and password. Public, free WiFi connections cannot be trusted and may compromise your device if you attempt to connect to them.
Keep your device with you at all times
Do not let your devices leave your sight. Should customs or other airport officials take your devices out of your view, those devices should be considered compromised and should not be used. Even if you will not be using your device, it should not be left in a hotel room, conference center, or foreign office unattended.
Do not use unknown storage devices
USB keys can be used to install malicious software on your devices and allow unauthorized individuals to compromise your data and accounts. Only plug items into your devices that you have brought with you. Public charging stations at airports or hotels should also be avoided, as they can transmit harmful software to your devices.
Be aware of your surroundings
When entering your username and password into your devices, be aware of those around you. Someone may be closely watching your screen and keyboard in an attempt to steal your credentials.
All devices should be erased and rebuilt upon you return
All devices with which you traveled should be considered compromised upon your return. They could contain malicious software that you do not want to introduce to the University's network or your home network. The safest course of action is to have the device securely erased and rebuilt, either from an existing backup or through a new installation of the operating system.
Change your passwords
You must change your password for all services that you have accessed while abroad. This should be done for your University Computing Account as well as any personal email, social, or financial sites that you accessed while traveling. By limiting the sites that you visit abroad, you reduce the number of passwords you need to change.
Keep Your Operating System Updated
The laptop's operating system, whether it be Microsoft, Apple, or Linux, should have all of the latest security patches applied to it.
Uninstall applications that you do not need
Keep on the laptop only those applications that are necessary for your travel. Uninstall any applications that you do not need or do not use. For those applications that remain, ensure that they are up to date with the latest security patches. This is especially important for those applications that interact with the web, including web browsers, Adobe Acrobat and Flash, Silverlight, and Java. Be aware that U.S. Export control laws preclude bringing some software applications across the borders of many countries.
Update the settings on your web browsers
All web browsers should be set to automatically clear your browsing history and cache after each session. Contact the Technology Help Desk for assistance in applying these settings to your preferred web browser.
Verify your anti-virus software is up to date
Ensure the latest version of Symantec Endpoint Protection is installed on the laptop and use the LiveUpdate feature to confirm that the virus definitions are up to date.
Remove any sensitive or confidential data
Prior to your travels, remove any sensitive or confidential data from your laptop. This includes student information (grades, comments on student work, and any other information that is not available in a public directory), proprietary information (including unpublished research), University business or planning documents, personal information (including financial information), and any other materials that should not be made public. Materials related to the travel arrangements, presentations, supporting materials, educational information, and any other public domain documents can reside on the laptop.
Cell Phones and Mobile Devices
Consider using a non-smartphone
Our phones have become mini-computers and generally contain all of our email, private communications, and contact lists. These are high-value targets for international cybercriminals. The safest course of action when traveling abroad is to procure a non-smartphone that will be used only for making calls.
Back up and reset your device
If you will be traveling with a smartphone or mobile device, you should back up the device and then reset it to its factory default setting. This will clear all personal information from the device and allow you to selectively copy certain information back on to the device. Upon return, your device can then be restored to its previous state.
Limit data contained on the device
Email and contact lists contained on cell phones are often filled with information that international cybercriminals covet. Email can contain non-sensitive but highly confidential information. When traveling, it is best to remove from your device any email accounts, including your University email account and personal accounts like Gmail. At a minimum, the contacts and amount of email synced to your devices should be limited.
Use strong passcodes
Use a strong passcode to protect cell phones and mobile devices. This will prevent others from picking up your device and gaining access to it.
Disable Bluetooth and WiFi
Unless you are actively using these features, you should disable them on your phone. Allowing these services to run provides potential attackers with a method for gaining access to your device.
Inventory Your Equipment
Computing Services and Systems Development can inventory your equipment prior to your travels. This will allow us to assist you in reporting lost or stolen devices, should you need to do so while traveling. We can then also verify the state of your operating system and applications, and we can determine whether any sensitive data is present on the devices.
Monitor your accounts
When notified of your travel dates, Computing Services and Systems Development will monitor the logins from your University Computing Account to look for any anomalous behavior. Should we identify any suspicious behavior associated with your account, we will contact you immediately to change your password.
Contact the Technology Help Desk (412-624-HELP  or email@example.com) at any time-before or during your travels-if you have questions about any of the topics covered in this document. Should you suspect your account has been compromised or University data has been breached, the Technology Help Desk can notify our security team 24 hours a day, seven days a week.
Additional International Travel Tips for Researchers
The University of Pittsburgh’s Office of Research recommends that faculty and staff consider the following tips when traveling internationally:
- To determine prior to traveling and with as much advance notice as possible if an export authorization will be required (obtaining a license can take up to several weeks);
- To know in advance with whom (individuals and entities) you will be communicating and collaborating, so that you can conduct complete Restricted Party Screenings (RPS);
- To travel with a clean laptop with a recovery system;
- To remove any export-controlled information, technical data, and software from your devices prior to leaving the U.S. Use a "shredder" program to erase the information that you do not want to share. In most cases, it is easier to physically remove the hard-drive and replace it with a clean system;
- To back-up all of the information that you take before your departure and to leave the backed-up data in the U.S;
- Not to take devices/technology/information with you that you do not need;
- To refrain, when possible, from consulting your Pitt emails and from using any cloud-based storage while abroad;
- Not to exchange controlled-information by phone, fax, email, etc.;
- To take business cards, contact information of any person who wants to know more about your project
Resources for Everyone
- State Department Travel Warnings – U.S. Department of State
- Travel Registry Guidelines – Office of the Provost
- Travel Registry Community at My Pitt
- Traveling overseas with mobile phones, laptops, PDAs and other electronic devices – National Counterintelligence and Security Center
Resources for Faculty and Staff
Resources for Students
- Advice for U.S. College Students Abroad – Game of Pawns – FBI
- Current Travel Warnings and Alerts – University of Pittsburgh Categorical Designations – UCIS Study Abroad Office
- Pitt Travel Warning Policy – UCIS Study Abroad Office
- Safety and Security for U.S. students traveling abroad – FBI
- Study Abroad Office Web site – UCIS