Cyber Safety During International Travel

This document is intended to be used as a guide for SoE faculty, staff, and students who are traveling to countries where there are concerns about keeping personal and university data protected. It contains links to both campus and external resources as well as a list of services that MERIT can provide. It includes advice compiled from several sources (see Related Documents and Websites at the bottom of this page).

Guidance for all SoE faculty, staff, and students

Getting Prepared

  • Contact the Export Control Office in the Office of the Vice Chancellor for Research (OVCR)
    If you perform any research in your role at UW-Madison, you should contact the Export Control Office to ensure compliance with US export control laws before any travel. Some restrictions may apply to activities performed in specified countries due to their designation as an embargoed or restricted country by the US government. The list of embargoed and restricted countries can be found under the "regulations" section on this site: Export Control

  • Generate backup passcodes for future use
    Generate a back-up or temporary MFA code so you do not need your MFA device to connect to the network. Multi-factor authentication is an added layer of security to protect you while traveling and using available wireless networks. 

  • Reserve a loaner device
    Consider taking a loaner device instead of your personal equipment. This will limit the amount of data at risk should your laptop or phone be lost, stolen or searched.
     

  • Prepare your laptop/tablet for travel
    If you cannot take a loaner device, sanitize your device by backing up your data and removing any data not needed during your travels. Be sure to empty your Trash/Recycle Bin and enable screen lock and timeout functions before travel. Also, make note of your laptop’s serial number.

  • Minimize the data you take with you
    Minimize data transported or accessed while abroad. Particularly identify and safeguard data subject to regulations and laws, which include:

    • International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR)
    • Controlled Unclassified Information (CUI)
    • Personally identifiable Information (PII)
    • Protected health information (HIPAA)
    • Student information (FERPA)
    • Sensitive financial information

    Evaluate the sensitivity of the data you might take by knowing in many countries/cultures, there is no expectation of privacy. Backup all information you do take and leave the backup at work or home. Remove all external storage media (e.g. CDs, USBs, etc.) from the computer before you travel.

  • Review university and personal passwords
    Do not use the same login credentials for university and personal business. Make any necessary password changes warranted by this review, particularly for systems you will be accessing while abroad.

  • Familiarize yourself with local laws and security
    Is the country you are traveling to on the sanctioned or embargoed country list?

    Visit the Department of State Travel Advisory and the OSAC Country Security Report to obtain information about the safety and security of the country you are visiting and to enroll in the Smart Traveler Enrollment Program (STEP). You can also go to the International Safety and Security Director’s (ISSD) site for valuable resources, links, and information to help you plan safe and secure travel abroad.

    Learn how to recognize secure websites, and avoid insecure ones.

  • Contact your mobile phone service provider
    Contact your mobile phone service provider and ask what they recommend for international cellular service while traveling. Consider leaving your normally used devices at home and traveling with a clean unlocked device that does not have sensitive information or personal account information on it. You can also consider purchasing an inexpensive local “burner” phone on arrival (often available for purchase on arrival at an international airport). Device theft is a growing problem in many locations around the world, so avoid traveling with a device you cannot afford to lose.

During your stay

  • Have no expectation of privacy
    Eavesdropping is routine in some countries. Limit electronic and face-to-face discussion of sensitive information. If possible, wait to discuss sensitive matters upon return or using a known secure mechanism. Surveillance can occur through talk, text or application-based communications. In some countries, law enforcement may be able to seize or search your devices arbitrarily without any expectation or pretense of due process, device return or compensation. Travelers should avoid keeping sensitive or contentious information on your phone, computer or tablet that you would not want host-country authorities to see. 

  • Treat electronic devices as compromised
    Do not use computers or faxes at foreign hotels or business centers for sensitive matters. Do not charge your devices by connecting them to charging stations, computers, televisions, DVRs, etc. Do not allow foreign storage devices e.g. USB, CDs, etc. to be connected to your computer or phone. Do not download new apps or allow your operating system or existing apps or programs to update. Do not click on links in messages or use links to move from internet site to site. We do understand that some of this may not be feasible. In China you may be required to use local application-based e-payments or local applications for public transit or other public messaging. It is always best to have a borrowed device to install this software on. 

  • Keep electronic devices in your physical possession
    Do not leave these devices unattended. For example, do not leave them in your hotel room, in hotel safes, in your checked baggage, or do not ask someone to watch for you. 

  • Disable devices network capabilities when not in use
    Turn off Bluetooth and Wi-Fi capability on your device when not in use. Consider turning off your cellular phone when it is not in use and particularly if you have a data plan enabled. Using Airplane Mode on your device will simplify the activation or deactivation of wireless capabilities. 

  • Avoid accessing systems with sensitive or restricted information from abroad
    This is particularly advisable in countries where there is no expectation of privacy.  See the the Department of State Travel Advisory and the OSAC Country Security Report for country specific issues. In general, when accessing University systems minimize the length of time and amount of information accessed.

  • Use VPN whenever possible
    Anytime your laptop, tablet, or mobile device is used to connect to network resources, be sure the VPN (GlobalProtect) is connected unless you are in a country that doesn’t allow encryption.

  • Report loss or theft of information or electronic devices
    If you experience or suspect the theft of data or any of your electronic devices, report it to helpdesk@education.wisc.edu

Upon your return

  • Clean and/or rebuild all electronic devices
    When you return, do not connect to any campus networks.

    • SoE faculty and staff: bring the loaner laptop to MERIT for analysis and cleaning. If you took your personal/work computer, we highly recommend that the laptop is analyzed for malware and unauthorized access and, if necessary, reset before continued use. MERIT can assist in this effort.

    • SoE students: if you took a loaner device from DoIT, make sure you copy any data off of it before returning to DoIT. If you have any questions about a DoIT loaner device, contact the DoIT helpdesk. If you took a personal device, it is recommended that you install and/or run a malware scan before you continue using it. DoIT provides antivirus software for personally owned Windows and macOS devices in the campus software library.

  • Change passwords
    Consider changing passwords for all systems you accessed while traveling.

Services for SoE faculty and staff

NOTE: if you are a WCER employee, WCER Research IT will provide these services to you. See the WCER guide here: https://kb.wisc.edu/wcer/internal/144796.

When traveling abroad, MERIT will provide these services to any SoE faculty or staff member to help protect your computer and data:

Provide a loaner laptop

It is recommended that you do not take your university computer outside of the United States. We also recommend you do not take any personal devices, like cell phones or laptops, to another country. MERIT loaner laptops can be checked out for use internationally. These are available on a first come, first served basis.

  • We will prepare a laptop for you and ensure you have the software you need while traveling. Please give 14 days notice for this service.
  • We will create a temporary local user on the laptop, so you will not need to use your own credentials while logging in.

Transfer data and clean laptop upon return

Some countries may attempt to install unwanted programs or software (aka, malware) on your device, just by connecting it to a network in that country. Therefore, please do not connect your loaner device to the internet once you have returned to the United States.

  • MERIT will help securely transfer any necessary data from the laptop to university storage.

Prepare your work laptop

  • If you must take your work laptop, we will check your computer to provide the best security during your travel.
  • This may include updating your computer's operating system and applications, turning on system security settings, or other actions to improve its ability to defend against malware.

If you have any questions or if you would like to discuss arrangements for your upcoming trip, please contact helpdesk@education.wisc.edu

Related Documents and Websites


Keywords:
SoE international china data security information computer privacy concern travel abroad 
Doc ID:
149221
Owned by:
Jackson K. in MERIT
Created:
2025-03-19
Updated:
2025-04-07
Sites:
MERIT