IT Security Travel Advisories - for Huntsman Cancer physicians, researchers and associates with IT devices or the need to connect remotely.

(Much of this advisory is based on similar material and policies from other research universites, notably Stanford University.   We've adopted Stanford's program of having "Travel Kits" - available from CATG - for those travelling abroad on official HCI business.  We expect to update this page as new information becomes available.)

Background:  As the IT Security landscape gets more perilous, there are additional precautions to consider while traveling.   Beyond the general advice to avoid public WiFi and keep your IT devices physically secured, there are additional considerations when travelling outside the US.


Travelling to High Risk nations.   There are a number of countries considered to be high risk where connecting to WiFi or even the nation's cellular network(s) means being exposed to state-level hacking and/or data gathering attempts.   

"Hacking" has become a very broad term that implies activities from individuals, to networks of organized criminals, to nation-level attempts to gather enormous sums of data to be later harvested for information, intellectual property, usernames/password, credit card numbers, etc.   High Risk nations typically involve much greater threats from both organized crime type of hacking and nation-state level "network fishing" of IT activity within that nation.   These hacking threats involve computers, laptops, "tablet" devices, and smart phones.

(Borrowing from Stanford's advice on travel to High Risk countries and Harvard's Data security for International Travel)

Best Scenario:   Don't take computers or smart phones to high risk nations.   This effectively eliminates the risk.  (We're not aware of "wearable" devices being hacked for personal data, but it's not inconceivable.)

Next Best Scenario Use a CATG provided laptop for your trip, and leave your smart phone at home.

- Don't take information you don't need for that trip, including Contact Information

- When the laptop is returned to CATG, we'll wipe the system clean, and reload it as though it was "factory new"

- For Telephones, if you need a cell phone during your trip, buy a phone, for that trip.

Minimum Security Scenario: - if you must take your own laptop and smart phone to a high risk country, plan on having them reset to factory settings upon your return.  Corporations and universities have seen such a high ratio of infected systems after trips to high risk countries that most organizatoins explicitly prohibit using regular use systems for those trips.

- Backup everything on your laptop and smart phone

- When you're back in the US, reset the computer and smart phone to "factory settings" and reload all your applications, data, etc.

- If you retrieve HCI Voicemail from a high risk nation, reset your voicemail PIN upon re-entry to the US.


Common Questions:

"Aren't you guys just being paranoid?"

- the Stanford University IT advisory answers this question well:  https://uit.stanford.edu/security/travel

- an FBI advisory on Higher Education IT security risks from abroad:  https://www.fbi.gov/file-repository/higher-education-national-security.pdf/view

- Harvard University's statement on traveling abroad with Laptops, smart phones, and other electronic devices:  https://www.dni.gov/index.php/ncsc-how-we-work/ncsc-know-the-risk-raise-your-shield/ncsc-travel-tips