Close
Close
Search this website

Cybersecurity Travel Guidelines

In preparation for travel, one thing we often forget and overlook is cybersecurity. However, the risk for loss, theft, and unauthorized access of devices and sensitive information increases. The purpose of this guide is to assist with cybersecurity measures that can be taken before, during and after travel to minimize these risks. The precautions can be applied whether traveling for work, leisure, to a high risk destination, and on any device, including mobile devices.

General Travel

Expand all
  • Before Travel
    • Plan to take only the necessary devices, data (work, personal and sensitive data) and documents (including credit cards). Less is best
    • Consider using a device solely for travel with only the data, applications and services needed. If a device solely for travel cannot be used, back up data
    • Remove all sensitive and personal data, including clearing browser history, cookies, cache, autofilled data, saved passwords and disabling remember me features
    • Enable Two Factor Authentication (2FA) for all accounts, especially those that may be accessed during travel
    • Submit a request with the Division of IT (DoIT) or designated IT Administrator (ITA) to install any needed programs and applications prior to travel
    • Ensure the device is up to date and all operating system (OS), antivirus, application and program updates are installed
    • Verify the device is encrypted, and firewall, screen locks and timeout/screensaver functions are implemented
    • Implement a strong password to log into the device
    • If an external storage device is needed, it should be encrypted and approved by the IT Security Office
    • Consider using RFID blocking products to protect credit cards and passport
  • During Travel
    • Keep device with you. Do not leave device unattended or in unsecure locations, such as at the hotel, including in the safe
    • Always lock the device screen when not in use for a short/temporary time period
    • Shut down device when not in use for a prolonged time period. Do not put in sleep mode or simply close the laptop
    • Do not allow others to use the device
    • Refrain from accessing any sensitive information, if possible
    • Do not connect to any unknown public/WIFI networks, especially when accessing sensitive information or resources. Only use secure networks, such as the hotel WIFI, in addition to VPN
    • Always use FIU VPN, if possible, especially when accessing sensitive information or any FIU resources, including Office365 and MyFIU/PantherSoft
    • Use OneDrive for data storage rather than storing on device
    • Do not download or store any sensitive information on the device, including from MyFIU/PantherSoft
    • Do not use personal phone to access FIU resources, especially without VPN
    • Only use trusted external storage devices, such as USB drive/flash drive/external hard drive, that are owned by you. If you are provided with an external storage device while abroad, refrain from connecting it to your laptop/mobile device until it can be scanned for malicious applications to ensure safe use
    • If the device has a USB power cord, do not use public charging stations, such as at the airport, mall or hotel, to charge it, but rather always use your own power cord and an electrical outlet
    • Do not use any public computer to access personal and sensitive resources, including FIU resources
    • Do not use any public or untrusted computer for anything that requires you to enter passwords
    • Do not install updates or unknown software via unknown network or public WIFI. Updates and software installation should take place when on VPN. Beware of security warnings and pop ups from browser
    • If you receive Duo (Two Factor Authentication/2FA) prompts that were not initiated by you, deny the request, reset your password and notify the IT Security Office as soon as possible
    • If you notice any suspicious activity on the laptop, stop using it, disconnect it from Internet access (turn off WIFI and Bluetooth, if applicable) and notify the IT Security Office as soon as possible
    • If device is lost or stolen, notify the IT Security Office as soon as possible
    • Be mindful of the information shared on social media, which may provide answers to security questions or knowledge of your whereabouts
    • Browse the web safely by being mindful of suspicious emails, links, pop ups, malware alerts (not from antivirus) and social engineering tactics. Ensure a secure browsing connection by verifying the website is using https or has a padlock next to the URL/website address when conducting transactions that involve entering passwords, sensitive information or making purchases
  • After Travel
    • If FIU credentials will be used on the device to access any FIU resources, such as email, Office365 products (including OneDrive, Word, PowerPoint, etc.), reset FIU password upon return
    • Reset all passwords that may have been used during travel
    • Scan device for malware

High Risk Destinations

There are some countries that are considered high risk destinations. As a result, further steps are recommended in addition to the general travel guidelines. See General Travel section for additional guidelines.

Expand all
  • Before Travel
    • Follow the requirements of FIU's International Travel Policy for Employees and Students
    • Submit a request for a loaner laptop via FIU's Library
    • Install any needed applications. If the applications are from Microsoft, plan to use Office365 online
    • If the travel is for research purposes or will otherwise involve use or access to sensitive data, including student/FERPA, HIPAA, etc., consult the IT Security Office
    • If 2FA is affected at the destination, consult the IT Security Office for recommendations, which may include obtaining a YubiKey
    • If the high risk destination restricts access to VPN, plan accordingly by taking the following into consideration
    • Backup data needed on an encrypted storage device
    • Delay Internet access, if possible, to when VPN can be used, especially when needing to access sensitive data or FIU resources
    • If the high risk destination limits Internet connection, consider using cellular network and roaming via a mobile device for a more secure connection, which can also be used for tethering/to hotspot, instead of connecting laptop to unsecure or public WIFI
      See Mobile Device section for additional guidelines
    • Be aware of and follow export controls, encryption and VPN guidelines of the US and/or high risk destination
  • During Travel
    • Always use FIU VPN, if possible, especially when accessing any FIU resources, including Office365 and MyFIU/PantherSoft. There is a possibility that VPN may not always be accessible due to cut off times of the country
    • If VPN is not accessible, it is then recommended to store files on device or encrypted external storage device
    • If device is searched, confiscated, lost or stolen, notify the IT Security Office as soon as possible
  • After Travel
    • Upon return, refrain from using the device, including not connecting it to FIU's network or storage devices, etc. It should be returned to FIU's Library to be wiped

Travel Guidelines for Mobile Device

Like laptops, mobile devices, such as phones and tablets, are often brought along during travel to stay connected. Mobile devices should also be secured and may have specific guidelines in addition to the general travel guidelines. See General Travel section for additional guidelines.

Expand all
  • Before Travel
    • Consider using a mobile device solely for travel with only the data and apps needed. If a mobile device solely for travel cannot be used, back up data
    • Enable 2FA for all accounts, especially those that may be accessed during travel
    • Install any needed apps prior to travel
    • Ensure mobile device is up to date by installing all updates for the mobile device and apps installed, including antivirus
    • Install VPN
    • Consider encrypting the mobile device
    • Verify the device has screen lock or strong password and timeout/screensaver functions implemented
    • Setup find my device feature
    • Remove all sensitive and personal data, including clearing browser history, cookies, cache, autofilled data, saved passwords and disabling remember me features
  • During Travel
    • Do not use personal phone to access FIU resources, especially without VPN
    • Disable WIFI, GPS and Bluetooth when not in use
    • Quit all applications and use WIFI to avoid roaming charges when a secure Internet connection is not needed
    • Be mindful of scanning QR codes and if necessary, ensure it is provided by a trusted or known source
  • After Travel
    • If FIU credentials will be used on the device to access any FIU resources, such as email, Office365 products (including OneDrive, Word, PowerPoint, etc.), reset FIU password upon return
    • Reset all passwords that may have been used during travel
    • Scan mobile device for malware and/or reset to factory settings