Traveling Securely

Traveling with University of Regina assets, including data, and computer equipment requires special consideration and preparation. The following guidelines are designed to help travelers secure their devices and work-related information while traveling.

Prior to Departing

  • Forward your voicemail to email, or access your voicemail from the voicemail webpage at: Directions to send voicemail to email can be found in the voicemail manual . This configuration saves you from having to dial into your voicemail account which can potentially reveal your voicemail passcode on insecure lines.
  • Ensure you have strong passwords according to the published password guidelines .
  • Ensure your antivirus is up to date and actively running scans.
  • Back up your devices before traveling. Should your device be lost or stolen, your data will be stored safely elsewhere. Do not store the backup on portable media, such as a USB drive, and pack it with your luggage.  Leave the backup at home, or at the office in an appropriately locked storage.
  • Travel light: Plan to bring a minimum number of devices. Reducing the number of devices that are being traveled with reduces the risk of compromise. Do not bring a device unless it is required.
  • Ensure all devices are configured to utilize a password, passphrase, or passcode. Ensure the passcode or password is automatically enabled when the device is unattended, when locked, or sleeps. Never store the passcode with or on the device.
  • Remove all sensitive, or personal data from devices before traveling. For example, for a smartphone or tablet, prior to traveling it is recommended that you save your data, reset to factory defaults, and restore your backup when you return. For laptop computers, remove any documents containing personally identifiable data, confidential data, or institutional data from your computer.
  • Ensure the VPN client is installed. The VPN client should be utilized when accessing University services across the internet.
Note: The VPN tunnel does not encrypt all traffic. Only traffic associated with University Network services is encrypted. A technote for installation of the VPN client is published for multiple types of devices.
  • Familiarize yourself with the Information Security policy. These policies apply when you are traveling for University business.
  • Complete the online Information Security Awareness Training. The Information Security Awareness Training is designed to raise awareness about information security, good information security practices, and related policy in order to help prevent unintentional compromises of sensitive information and computing systems.  Specific topics related to traveling include handling of confidential data, physical security, wireless access points, recognizing and reporting a security incident, and working in public places.
  • Storage Encryption: Whenever possible enable encryption on devices and storage:
    • If it is a requirement to travel with portable media such as USB drives, utilize encrypted drives which protect the stored data if they are lost or stolen. Where encrypted drives are not in use, consider file encryption.
    • Ensure mobile devices such as phones and tablets are encrypted. Modern Apple iOS (iPhone, iPad) devices running version 8 and up are encrypted by default. Android devices running version 6 and up are encrypted by default. If your device is not encrypted by default, it is recommended you enable device encryption if supported. Encryption makes data stored on the mobile device impossible to access without the passcode.
    • Laptops are also recommended to be encrypted. For details on your device please contact the IT Support Centre, as the proccess will vary depending on operating system.

While traveling

  • Do not plug your phone or tablet into public USB chargers or kiosks. This can be a threat to the data on the phone as the cable may be connected to a hostile computer or device designed to infect your phone. It is recommended to only use your own trusted chargers, cables, and power supplies.
  • Do not leave your devices unattended. Do not assume that a computer or mobile device left in a hotel room will be secure.
  • Be aware of your surroundings. Watch for those looking over your shoulder.
  • Do not share your device with anyone else.
  • Do not use public computers provided by libraries, hotels, etc. These machines should not be trusted as there is no way to confirm if malware such as keyloggers for password capturing has been installed.
  • Do not accept software updates or install software while when traveling. Some attackers push application updates containing malware to hotel network users, or app stores. It is better to update your applications before traveling and then avoid updates until you return home.
  • Complete only the minimum amount of business necessary while traveling. Minimizing the amount of sensitive data created, stored, and transmitted is important in reducing information security risk.
  • Public Networks: Use caution when connecting to the internet using public networks. A public network is generally open and unsecured, which allows anyone access to it. These networks are available in airports, hotels, restaurants, and coffee shops, usually in the form of a Wi-Fi (wireless) connection. When you connect to a public network, your online activities and data transmissions can be monitored by others, and your data may be at risk. When using a public network:
    • Avoid entering any personal or confidential information, such as passwords, credit cards, etc., until you have a more secure network connection.
    • Limit your use to casual browsing only, e.g., checking the news, looking up restaurant or movie information, or flight information, etc.
    • Use only encrypted web services, such as websites that connect to over HTTPS, or traffic can be intercepted.
    • Read, understand, and heed ALL browser warnings you see (i.e. pop-ups).
    • Consider alternative Wi-Fi connections such as using a cell phone to connect to the Internet (tethering).
    • Seek trusted networks that require an encryption key to utilize.
    • Use VPN when accessing University network services.

When Returning