Traveling Internationally/To High-Risk Locations

When traveling to a high-risk location, especially if you work with sensitive university data when traveling, follow the guidelines in Travel Safely With Technology and take these additional precautions to get access to U-M computing services and to protect your device and university data.

Use the U-M Travel Registry

University faculty, staff, and students are required to register their international travel plans on the U-M Travel Registry when traveling for university-related purposes.

Expand All Content

Accessing Computing Resources

Prepare for limited access by having an alternate email account and downloading materials.
  • You may not be able to access YouTube, Google, Facebook, Twitter, blogs, and other websites in some countries on a consistent or reliable basis. If you will need materials from the web for your work while traveling, consider downloading them to your computer or mobile device ahead of time.
  • You may not be able to access some U-M Google apps or features from some locations. For example, due to international sanctions, users are unable to access Google Apps from Crimea as of January 31, 2015. Some governments restrict access. Plan ahead for this and let people know that you may not be able to read and respond to email while traveling.
  • You may find that you are better able to get to your email from your phone using a cellular network than from a computer connected to the Internet. Check with your phone carrier about international data plans before you travel. You might consider getting a local phone with a pre-paid card in the country you are visiting.
  • Have a personal email account as an alternative. If you have difficulties using U-M Google Mail while you are overseas, or if your mail is blocked from reaching your overseas colleagues, you could try using a personal non-Google account. If you do use a personal email account, be aware that you may not use it to share sensitive institutional data as noted in Sensitive Regulated Data: Permitted and Restricted Uses (DS-06) and the Personal Account page in the Sensitive Data Guide to IT Services.
Use the VPN to protect your connection.

The U-M Virtual Private Network (VPN) provides a secure computing experience when accessing a University of Michigan service from a remote location or when using a wireless connection. It can also help you bypass Chinese firewalls. Use it when you connect to the internet from your smartphone, tablet, or laptop. Install the VPN client and/or U-M profile on your device before your trip. See Use a Secure Internet Connection to download the appropriate VPN for your campus (Ann Arbor, Michigan Medicine, Dearborn, or Flint).

You may find VPN access blocked from locations in China and elsewhere. Do not attempt to illegally bypass the blocks. Do not put yourself at risk of being accused of cyber espionage or other crimes.

Avoid internet cafes and untrusted networks.

Do not use untrusted networks, such as those in Internet Ccafes and hotels, to access the Internet. In general, cellular networks are more secure than such publicly available networks. If you must use an untrusted network, turn on a VPN for your device as soon as you connect and avoid accessing sensitive university data.

Use Virtual Sites for remote access to U-M software.

With Virtual Sites, you can use the software on Campus Computing Sites Windows workstations remotely from any Mac or Windows computer with an Internet connection. Virtual Sites lets you use computers on the U-M campus remotely. Go through the Virtual Sites webpage to connect. You can then access your email and other U-M services from the Sites workstation.

Be mindful that your colleagues in some countries you visit may have limited access.

If you collaborate with colleagues in countries where censorship is pervasive or substantial, be mindful of the large number of websites that are inaccessible to them. Understand that they are subject to the laws and regulations of their land—as are you if you travel there.

If your U-M Google Mail is blocked from reaching overseas colleagues, you could try using a personal non-Google account. Be aware, though, that you may not use it to share sensitive institutional data as noted in Sensitive Regulated Data: Permitted and Restricted Uses (DS-06) and the Personal Account page in the Sensitive Data Guide to IT Services.

Protecting Devices and Data

Take a loaner device to limit exposure of your accounts and data.

If you can, take a device with just the files and applications you will need while traveling. Officials in some countries inspect electronic devices and may download material from them. Some countries have encryption import restrictions that prevent you from encrypting data on your device. Protect yourself—and the university—by not taking any sensitive or private information with you.

Check with your departmental IT staff to see if loaner laptop computers and other mobile devices are available to you.

Keep devices close at hand or locked up.

Perhaps the biggest risk to data and devices while traveling is loss or theft. Keep electronic devices close at hand and in view when you travel. If your hotel room has a safe, use it.

Change your password before your trip—and again after you return..

Change your UMICH (Level-1) password to one that will be used only during your trip. Change your password before you leave and again on your return. Also change any other passwords you expect to use while traveling.

Don't accept thumbdrives from others; they could contain malware.

Do not accept thumbdrives or other such devices from colleagues or others. Such devices may expose your computer to malware.

Encrypt your device.

Apply full disk encryption. This will provide a substantial layer of protection should your laptop, smartphone, or other mobile device become lost or stolen. See Encrypt Your Data and your unit IT support for instructions on encrypting your device.

Be aware that some countries ban or regulate the import, export and use of encryption products; see Encrypted Data Export Controls for information.

Follow export control regulations.

Export Controls is the body of federal law intended to prevent the transfer of sensitive items and technology to foreign nations, organizations and individuals. It includes International Trafficking in Arms Regulations (ITAR) and Export Administration Regulations (EAR) compliance.

For more information, including contact information for the university's export controls officer, see Export Control Compliance for University of Michigan Researchers.

If you use two-factor, enroll in additional options for added convenience.

If you use Duo two-factor authentication for access to some systems, you may want to enroll in additional Duo options before your trip. You might, for example, want to enroll an additional phone number or arrange for emergency bypass codes to use while traveling. Also be aware that the Duo Mobile app and hardware tokens are subject to export control regulations and may not be transported or sent to embargoed nations identified by the U.S. State Department. See Traveling with Duo for tips and details.

Do not access sensitive university data.

When in a high risk location, do not use any system that accesses sensitive data, even when using a university VPN.

For general information about storing and sharing sensitive university data, see the Sensitive Data Guide to IT Services.

Disable Bluetooth, Wi-Fi, and GPS when not in use to limit potential unauthorized access to your device or data.
Turn devices off when not in use.

In general, turn your devices off when you are not using them. During meetings in a high-risk location, for example, power off devices and remove batteries to mitigate risk of the microphone being turned on remotely.

Wipe (erase) your device when you return.

To ensure no hidden spyware returns with you and infects the U-M computing environment, have your IT department completely wipe your device and install a new image. Taking a loaner device makes it easier to take this precaution without losing information you wish to keep.