Information Security Travel Tips

Traveling can present some unique security challenges. If you are planning a domestic or international trip, keep these items in mind:

  • Make sure you’ve backed up any important data before traveling – Ensure that you’ve backed up any important data before traveling. If something happens to your devices while traveling you won’t be able to get the data back without a backup.
  • Keep your devices with you and within sight at all times – It doesn’t take long for a laptop, smartphone, or tablet to be stolen.  This is particularly important in busy and crowded places such as: buses, subways, airports, and at conferences.
  • Are you traveling with sensitive or confidential information? – Only travel with the data that you absolutely need. If you don’t need it, don’t take it. Check with your division to see if they offer blank loaner laptops that you can use while traveling instead of bringing your own. If you are traveling with data on a flash drive, ensure that you're using an approved encrypted flash drive.
  • Ensure that your laptop is encrypted – Laptop encryption will ensure that your data won’t be accessible if it is lost or stolen. If you must travel with certain sensitive data types such as social security numbers, identifiable human subject research data, ePHI, or non-directory student information, your laptop must be encrypted according to Emory policy.
  • Are you traveling with anything that is subject to export controls? – It is illegal in some cases to bring certain software or hardware to other countries. See www.orc.emory.edu/export_control/index.cfm for more information.
airport_laptop
  • Beware of public computers – Avoid using public computers in places like hotels and Internet cafes whenever possible. If you have to use one, ensure that you change any password that you entered on a public computer when you return from your travels.
  • Ensure that your smartphone or tablet is securely configured – Before traveling, ensure that your smart devices are in compliance with Emory’s Smart Device Security Policy. Your devices should be protected with a PIN or password, and employ encryption whenever possible.
  • Ensure that your computer is up-to-date and running antivirus software – Before traveling, make sure that you’ve installed all of the latest updates from Microsoft or Apple, and ensure that you are running Emory’s managed antivirus software.
  • Enable a firewall on your computer - Make sure that you have a firewall enabled on your computer. A firewall will help protect your computer while connected to insecure networks.
  • Only connect to trusted wireless networks – Avoid joining just any available wireless network. Only connect to those networks that you know are legitimate (such as those provided by a hotel).
  • Avoid using insecure websites on wireless networks – It’s easy for someone to listen in to what you’re doing on an open wireless network. Most networks that you’ll use while traveling are open. Make sure that if you’re logging into websites while on open network that your connection is secure. This is usually denoted by the presence of a lock icon in your browser, or “https://” in front of the address you’re visiting.
  • Utilize Emory’s VPN Service – If you plan on accessing Emory resources while traveling be sure to use Emory’s VPN to ensure that information sent to and from Emory is secure. Visit http://it.emory.edu/vpn for more information.

Searches of Electronic Devices by U.S. Customs and Border Protection (CBP)

Since late 2016 CBP has been subjecting some international travelers (mostly non-US citizens) to searches of electronic devices as the person attempts to enter the United States at a port of entry. CBP may demand that individuals turn over devices to be inspected or copied. The Department of Homeland Security has also discussed implementing a proposal that would require some individuals to turn over usernames and passwords to their social media and other accounts. Emory understands that employees may be subject to such searches and may have no choice but to comply in order to enter the country.

If you are concerned about being subjected to this kind of search, Emory provides the following guidance:

1. Both U.S. citizens and non-citizens may be subject to search by CBP. Each individual should determine whether to consent to a search, but refusal to consent could result in a denial to enter into the United States, or temporary detention.

2. Travel with the minimum amount of data that you need stored on your laptop or smart phone. You may also choose to store your data in Emory Box and access it there while you travel. Assume that any information that you travel with is potentially subject to inspection by U.S. and international authorities. 

3. If available in your school or department, you may be able to travel with a temporary device, such as a loaner laptop, and access any data that you need directly from Box.

4. Do not travel with highly sensitive data, such as ePHI, identifiable human subject research, or attorney/client privileged information. Be aware that CBP's own policies may require that "special handling procedures" be followed when dealing with these types of data. See: https://www.dhs.gov/xlibrary/assets/cbp_directive_3340-049.pdf
While you should never travel with these types of data, if you must, and CBP copies the data, ensure that the agent is aware of sensitive data stored on the device. When you return please notify the Emory Healthcare Privacy Office, or the Office of Compliance.

5. If you are required to disclose any passwords to customs officials, change them as soon as you are able to do so. Prior to traveling, enable two-factor authentication for any of your accounts that it is available. Facebook and Twitter, for example, support two-factor authentication.

Remember that if you use an e-mail client, such as Microsoft Outlook, or the iOS Mail app, your emails will be available for review as well. While traveling you may wish to remove your email account from your laptop/smartphone's email client, and use https://email.emory.edu instead.

Information from CBP on electronic device inspection: https://www.cbp.gov/sites/default/files/documents/inspection-electronic-devices-tearsheet.pdf