When traveling to a high-risk location, especially if you work with sensitive university data when traveling, follow the guidelines in Travel Safely With Technology and take these additional precautions to get access to U-M computing services and to protect your device and university data.
Use the U-M Travel Registry
University faculty, staff, and students are required to register their international travel plans on the U-M Travel Registry when traveling for university-related purposes.
Expand All Content
Accessing Computing Resources
- You may not be able to access YouTube, Google, Facebook, Twitter, blogs, and other websites in some countries on a consistent or reliable basis. If you will need materials from the web for your work while traveling, consider downloading them to your computer or mobile device ahead of time.
- You may not be able to access some U-M Google apps or features from some locations. For example, due to international sanctions, users are unable to access Google Apps from Crimea as of January 31, 2015. Some governments restrict access. Plan ahead for this and let people know that you may not be able to read and respond to email while traveling.
- You may find that you are better able to get to your email from your phone using a cellular network than from a computer connected to the Internet. Check with your phone carrier about international data plans before you travel. You might consider getting a local phone with a pre-paid card in the country you are visiting.
- Have a personal email account as an alternative. If you have difficulties using U-M Google Mail while you are overseas, or if your mail is blocked from reaching your overseas colleagues, you could try using a personal non-Google account. If you do use a personal email account, be aware that you may not use it to share sensitive institutional data as noted in Sensitive Regulated Data: Permitted and Restricted Uses (DS-06) and the Personal Account page in the Sensitive Data Guide to IT Services.
The U-M Virtual Private Network (VPN) provides a secure computing experience when accessing a University of Michigan service from a remote location or when using a wireless connection. It can also help you bypass Chinese firewalls. Use it when you connect to the internet from your smartphone, tablet, or laptop. Install the VPN client and/or U-M profile on your device before your trip. See Use a Secure Internet Connection to download the appropriate VPN for your campus (Ann Arbor, Michigan Medicine, Dearborn, or Flint).
You may find VPN access blocked from locations in China and elsewhere. Do not attempt to illegally bypass the blocks. Do not put yourself at risk of being accused of cyber espionage or other crimes.
Do not use untrusted networks, such as those in Internet Ccafes and hotels, to access the Internet. In general, cellular networks are more secure than such publicly available networks. If you must use an untrusted network, turn on a VPN for your device as soon as you connect and avoid accessing sensitive university data.
With Virtual Sites, you can use the software on Campus Computing Sites Windows workstations remotely from any Mac or Windows computer with an Internet connection. Virtual Sites lets you use computers on the U-M campus remotely. Go through the Virtual Sites webpage to connect. You can then access your email and other U-M services from the Sites workstation.
If you collaborate with colleagues in countries where censorship is pervasive or substantial, be mindful of the large number of websites that are inaccessible to them. Understand that they are subject to the laws and regulations of their land—as are you if you travel there.
If your U-M Google Mail is blocked from reaching overseas colleagues, you could try using a personal non-Google account. Be aware, though, that you may not use it to share sensitive institutional data as noted in Sensitive Regulated Data: Permitted and Restricted Uses (DS-06) and the Personal Account page in the Sensitive Data Guide to IT Services.
Protecting Devices and Data
If you can, take a device with just the files and applications you will need while traveling. Officials in some countries inspect electronic devices and may download material from them. Some countries have encryption import restrictions that prevent you from encrypting data on your device. Protect yourself—and the university—by not taking any sensitive or private information with you.
Check with your departmental IT staff to see if loaner laptop computers and other mobile devices are available to you.
Perhaps the biggest risk to data and devices while traveling is loss or theft. Keep electronic devices close at hand and in view when you travel. If your hotel room has a safe, use it.
Change your UMICH (Level-1) password to one that will be used only during your trip. Change your password before you leave and again on your return. Also change any other passwords you expect to use while traveling.
Do not accept thumbdrives or other such devices from colleagues or others. Such devices may expose your computer to malware.
Apply full disk encryption. This will provide a substantial layer of protection should your laptop, smartphone, or other mobile device become lost or stolen. See Encrypt Your Data and your unit IT support for instructions on encrypting your device.
Be aware that some countries ban or regulate the import, export and use of encryption products; see Encrypted Data Export Controls for information.
Export Controls is the body of federal law intended to prevent the transfer of sensitive items and technology to foreign nations, organizations and individuals. It includes International Trafficking in Arms Regulations (ITAR) and Export Administration Regulations (EAR) compliance.
For more information, including contact information for the university's export controls officer, see Export Control Compliance for University of Michigan Researchers.
If you use Duo two-factor authentication for access to some systems, you may want to enroll in additional Duo options before your trip. You might, for example, want to enroll an additional phone number or arrange for emergency bypass codes to use while traveling. Also be aware that the Duo Mobile app and hardware tokens are subject to export control regulations and may not be transported or sent to embargoed nations identified by the U.S. State Department. See Traveling with Duo for tips and details.
When in a high risk location, do not use any system that accesses sensitive data, even when using a university VPN.
For general information about storing and sharing sensitive university data, see the Sensitive Data Guide to IT Services.
In general, turn your devices off when you are not using them. During meetings in a high-risk location, for example, power off devices and remove batteries to mitigate risk of the microphone being turned on remotely.
To ensure no hidden spyware returns with you and infects the U-M computing environment, have your IT department completely wipe your device and install a new image. Taking a loaner device makes it easier to take this precaution without losing information you wish to keep.
- Responsible Use of Information Resources (SPG 601.07)
- Institutional Data Resource Management Policy (SPG 601.12)
- Sensitive Regulated Data: Permitted and Restricted Uses Standard (DS-06)
- Security of Personally Owned Devices that Access or Maintain Sensitive Institutional Data (SPG 601.33)
- Unit-Specific Requirements for Self-Management of Personally Owned Devices that Access Sensitive Institutional Data (DS-07)
- Information Security Incident Reporting Policy (SPG 601.25)
- Traveling Light in a Time of Digital Thievery (The New York Times, 2/10/12)
- Threats to Traveling Data (The New York Times, 3/14/2011)
- Malware installed on Travelers' Laptops Through Software Updates On Hotel Internet Connections