ɫ

Cybersecurity Tips for International Travellers


International Device and Data Expectations

When you are travelling outside of Canada, there are different laws and requirements related to the use of technological devices and information. The expectation of privacy also varies dependent upon the country you are visiting.

Every country has its own expectations with respect to importing and exporting technology, information protection and privacy, legal and illegal content, and freedom of speech. It is highly recommended that you make yourself aware of the local laws with respect to devices and data for the countries to which you are travelling. 

Travellers should expect their devices (phones, laptops, tablets, etc.) to be openly examined and scrutinized by immigration officials and perhaps local law enforcement. You may be expected to give officials your password to unlock your devices or decrypt your data and failure to do so could result in your device being confiscated and possible detention or expulsion from the country.

You are encouraged to contact Research Security (researchsecurity@ucalgary.ca) to inquire about a Security briefing, in advance of your departure.

This is the online version of Cybersecurity Tips for International Travellers. Download a copy of the documentation for your use.

For more tips on how to keep your systems and data secure, please review the UCalgary IT security website.

Check out their new YouTube video as well.


Before You Go

No device can be protected at all times. Your data or device may be lost, stolen, or hacked while you are travelling, or it could be subject to seizure by authorities. 


Consider the data that is on your device

Data and devices that are legal in Canada may be illegal in other countries. Check the  for the country you will be travelling to. Choose the Laws and Culture tab. It will usually include a section on imports and exports that may indicate if a particular type of technology is illegal for import.

Use unique passwords

Use unique passwords for accounts you will use during your travel. When returning from travel, change the password as soon as possible after you return. Be aware that all of your passwords are at risk of being detected and recorded.

Get authorization

If you are carrying departmental data on your device, ensure that you have authorization to take the data off‐site.

Consider a temporary email account

Consider a temporary email account, where possible, to avoid your UCalgary or personal email history and content being copied or monitored.

Limit the amount of sensitive data that is stored

Only take the data you will need to access while travelling. Consider previously deleted information on your device, as it is not automatically removed from a hard disk or storage environment.

Travel with clean formatted loaner technology

If possible, travel with clean formatted loaner technology rather than your day‐to‐day working devices. If you are a UCalgary employee using a university owned device, contact the IT Support Centre for assistance.

Do not carry materials linked to sensitive topics

Do not carry materials or information perceived to be linked to sensitive topics in that country.

Keep your data on a protected USB device

Keep your data on an encrypted/password protected USB device instead of your computer.

Encrypt

Encrypt sensitive information at all times and ensure that you understand the classification of data that you are carrying when you travel. If you are carrying university owned or research data, see the Information Security Classification Standard. If your data includes Level 3 (Confidential) or Level 4 (Restricted) information, contact your IT partner prior to travelling with this information.

Consider setting up additional security measures

Consider setting up additional security measures if it is necessary to connect to the university’s network. For example, you may want to move data you need while travelling to OneDrive so you can access it securely online and avoid syncing data on any mobile device you may be carrying with you, or you could set up multi‐factor authentication to increase webmail security.

Remove all apps you don't need as you cross a border

For example, remove your gmail account from your device (with all your email and contacts) prior to going through immigration and security. Once you have passed through those points, you can add it back on to your device. This will allow you to comply with any immigration or security requests to view your device information. You may also consider doing this with any banking information that you have on your device.

Ensure your anti‐malware software is running and up to date prior to the travel


While Abroad


Accede to requests of law enforcement officials

If you are asked by an immigration or other law enforcement official to unlock or decrypt your device for their perusal, accede to their request in accordance with local legal requirements.

If your university owned equipment or university data is stolen

If your device or data is stolen while you are abroad and it is university owned equipment or university data, report it to the university’s IT Security Department as well as Campus Security.

Exercise caution before sending documents or information

Excercise caution before sending documents or information abroad that would fall under the coverage of that country’s secrets laws.

Avoid using public computer workstations and charging stations

Public infrastructure is easily modified to detect and record anything that is typed to them including account identifiers and credentials.

Be aware that public wireless networks are untrusted, avoid them if possible

Do not connect unknown USB flash drives to your device, they may contain malicious software

Do not connect to the university’s network unless absolutely necessary

Consider that all network connections, including encrypted connections, are being monitored.

Be extra careful when presented with unknown links or attachments

Be aware of websites that may push inappropriate content or malware without your authorization

Do not install software

Do not install software from an unknown source or software that is delivered through an unknown channel.

Do not leave your device in an unattended area or vehicle

Lock all unattended technology to prevent unauthorized access, do not allow anyone to use or access your device.

If your device has been compromised unknowingly

If your device has been compromised unknowingly during travel, it is a risk to all systems that the device connects to. If it is university owned equipment, do not use the technology upon return without it being wiped and refreshed by the IT Support Centre.

Electronic data has the same legal status as paper based information assets

The content, not the medium, determines the treatment of the data. Protect notebooks and paper documents with the same diligence as electronic information.