Page Comparison

Purpose

As you travel or work remotely, you will encounter untrusted or public infrastructure, as well as an increased risk of loss or theft, so it is important to prepare for these additional risks to ensure that your data confidential, intact, and available when you need it.  

Audience

On this page

Initial considerations

Travelling with data.

• Determine whether your data is subject to export controls or if you can travel with it.

  • https://research.utoronto.ca/engaging-research/export-control-controlled-goods-program

Foreign data security restrictions.

• Determine if there are restrictions regarding data security, including, but not limited to, the use of encryption or virtual private networks (VPNs).

  • https://cio.ubc.ca/information-security/policy-standards-and-resources/international-travel-mobile

What can I do?

Consult the safeguarding your data while travelling tip sheet.

Before you travel

1. Make sure the software on all your travel devices is up to date. Updates to your computer software and mobile device applications will work to fix known security gaps. Ensure that your virus and malware protection is up-to-date as well.

   • Updates and patching

   • Virus and malware protection

2. Empty the devices you will take with you. You should not travel with confidential data on your mobile phone and computer. Create temporary online data stores with only the data you need for the trip.

3. Use a “burner” device. Burners are inexpensive devices that can be used on a temporary basis when travelling. If you choose to bring your own personal devices, back up your information with a cloud service or a secure device you leave at home.

4. Before you depart, turn off “remember me” and wipe stored passwords from all travel device applications and browsers. Change your existing device and online account passwords to temporary travel passwords. To keep secure records of your new passwords, use a password manager such as 1Password or Bitwarden.

5. If you need to bring a portable hard drive or USB drive with you, ensure the devices are trusted and encrypted. Never use an unfamiliar or untrusted device for this purpose.

   • Encrypt data and devices

6. Make sure all devices and accounts are protected by strong passwords. Where possible, set up multi-factor authentication (also known as MFA, 2FA, two-factor authentication and two-step authentication). This will ensure that the only person with access to your accounts is you.

   1. Passwords, passphrases and passkeys

7. Ensure you have the departmental authorization to take data off-site. Always check with your departmental contact first.

As you travel

1. Keep your devices with you at all times. Pay extra attention at airport screening and other security checkpoints, and never leave your belongings unattended at conferences.

   • Physically secure data and devices

2. Turn off auto-connect for Bluetooth and Wi-Fi. This will prevent your devices from connecting to unsecured and potentially malicious wireless networks.

3. Avoid using untrusted wireless networks such as those at hotels, airports and coffee shops to conduct University-related business.

4. Use a virtual private network (VPN) such as UTORvpn before connecting to any University or personal online service. Check with your department when creating your travel security plan as not all VPNs will work in all countries.

   • Virtual private networks (VPN)

5. When travelling, access your confidential files via O365’s M365’s web interface. The system is designed to maintain the University’s data security.

6. Do not use unfamiliar devices. Avoid publicly accessible computers, and do not plug in unknown and untrusted devices such as USB drives and power chargers.

7. In case of loss, make sure you know how to remotely wipe your personal devices. Travel with a copy of your cellular provider’s toll-free phone number so you can quickly have service suspended or blocked. You can also set your mobile lock screen to a photo of your emergency contact information to facilitate retrieval in the case of a lost device.

8. Practice the same caution you would at home. Do not download or click links from untrusted sources, and delete emails that seem suspicious.

9. When you return, use a trusted device to change all the passwords you used while travelling.

Consult the Remote Security Matters site.

• https://securitymatters.utoronto.ca/remote-security-matters/

Consult additional guidance documents.

Canadian Centre for Cyber Security

• https://www.cyber.gc.ca/en/guidance/mobile-device-guidance-high-profile-travellers-itsap-00088

Universities Canada

• Travel security guide for university researchers and staff (univcan.ca)

Australian Cyber Security Centre

• https://www.cyber.gov.au/resources-business-and-government/maintaining-devices-and-systems/remote-working-and-secure-mobility/secure-mobility/travelling-with-mobile-devices