Travelling

Consider where you are going and what is absolutely necessary to take with you, leave any devices that are not required at home. If you will require a device, consider taking one that presents a smaller attack surface, for example, a laptop has a larger attack surface than an iPad because the laptop has a full operating system with more features and programs creating more potential for attack. Taking an iPad as opposed to a laptop would be one method of reducing your overall attack surface. 

If you require your laptop then consider encrypting the hard drive, or purchase an encrypted portable USB drive for transporting any sensitive data you require during your travel. This can help prevent access to data by unauthorized persons and provides a layer of security against hackers and other online threats. 

Run an up to date malware/virus scan on your devices before, during and upon your return.

Backup any data from your devices that may be sensitive or confidential, this includes Western data, usernames, passwords, your identification or any personal data. Once backed up, remove the data from the device.

Consider having your phone unlocked before you leave. Doing so will allow you to purchase a data plan from a local carrier when you arrive in a different country. This can save you money as data plans are typically much less expensive overseas. This will also save you from having to worry about your Canadian data usage, and gives you an added level of security provided by the fact that with a large data plan you will have no need to connect to free Wi-Fi.

If you do not wish to use a different carrier, then pre-purchase as large of a Travel Data plan as your carrier offers. This way you can avoid using free Wi-Fi completely.

Consider purchasing an unlocked phone or device specifically to travel with, or purchase one when you arrive at your destination. This would be considered a sanitized device, as it is not your normal everyday device and therefore would not contain any sensitive or confidential data.

Consider that you may not be able to rely on “Find my Device” type applications to find your device, should you lose or misplace it while traveling. These services may not work for several reasons, including:

In some countries the applications to find your device may be blocked.

If the device has been severely damaged when you try to locate it.

If the device has been stolen it is likely that the battery has been removed.

Consider purchasing access to a reputable personal VPN service. Do not use free VPN services as they generally do not provide any privacy policies or contractual guarantees. Western staff and Faculty, on request, have access to use the Western Roams VPN, however in some countries, access to more than one VPN service is helpful, as access issues could exist randomly with one or the other.

Change your passwords before you leave. Also ensure you use different passwords for every account. Should a malicious actor gain access to one of your passwords or an account, they will not automatically gain access to all of your accounts.

Consider turning on two-factor authentication for any accounts that you will require use of during your travels.

Leave behind any accounts or applications that you don't need for traveling.

Log out of all social media accounts (Facebook, Snapchat, Reddit etc.) and then remove the application from your device. This will prevent your accounts from being compromised by eavesdropping, as applications continuously try to get a connection, and automatically log in.

Log out of your western accounts.

Consider creating a new temporary email account, with a disposable username and password for use while travelling. For example, you could make a free Gmail account and forward a copy of your personal email to it while travelling, instead of taking the risk of logging into your primary email account each day. Note: Some countries block access to services like Gmail. 

Try to use your cell phone data plan as your primary internet connection, while avoiding the use of free Wi-Fi whenever possible. Consider using your phones “Personal Hotspot” feature in order to use the data plan for your laptop or iPad’s internet access. 

If you must use Wi-Fi try to use Eduroam. Eduroam is available to students, faculty and staff while visiting other universities and colleges and other locations throughout the world.

Keep your devices with you at all times, and be aware of your surroundings when using them. Avoid the use of hotel safes, as hotels have governance over their safes, and some malicious actors might exploit this access.

Always be situationally aware. Watch for people casually trying to shoulder surf your device or waiting for you to set it down. Be aware of what and who is around you and be discreet with your device usage.

Use a VPN connection whenever using Wi-Fi, even in your hotel.

Be wary of common Wi-Fi names. Malicious actors will often set up Wi-Fi access in an airport or hotel and name it something relevant in order to fool you into connecting to their Wi-Fi as opposed to the real hotel or airport Wi-Fi. Confirm with the establishment the name of the internet connection they provide to customers.

Beware of Wi-Fi with weak encryption. If your device is giving you warning messages about logging into Wi-Fi that is not safe, you need to take those messages seriously.

Refrain from logging in to your accounts as much as possible while travelling, however it is recommended that you never log into your accounts from a public or shared computer.

Where possible use the web browser’s private browsing or incognito feature, particularly when using a public or shared computer.

Try to avoid using public USB charger kiosks. These free charging stations could have a computer at the other end, providing a malicious actor the opportunity to either collect your data or place malware on your device.

Turn your device off, or place it into “Airplane” mode when not in use. This prevents any potential unauthorized access, and can prevent inadvertent data usage.

Disable your alerts or any personal information from showing up on the lock screen, and always lock your device when you are done using it.

Try to avoid accepting software updates when on public Wi-Fi.

Do not accept USB thumb drives or any external USB storage devices from any source.

Faculty, and staff traveling abroad with Western devices should contact their departmental I.T. promptly if a device is lost or stolen, or if you require changing your passwords while still traveling.

Change your passwords again once returned to Canada. This is especially important if you logged into any of your personal or Western accounts while away. 

Run an up to date malware/virus scan on your device again, before connecting it to any home or Western networks..

Consider completely wiping your device, and restoring it from the backup taken before you left. This will ensure no residual malicious content remains.

Monitor your devices and accounts in the coming weeks for any abnormal activity and report as necessary.