Before You Go
No device can be protected at all times. Your data or device may be lost, stolen, or hacked while you are travelling, or it could be subject to seizure by authorities.
Cybersecurity Tips for International Travellers
International Device and Data Expectations
When you are travelling outside of Canada, there are different laws and requirements related to the use of technological devices and information. The expectation of privacy also varies dependent upon the country you are visiting.
Every country has its own expectations with respect to importing and exporting technology, information protection and privacy, legal and illegal content, and freedom of speech. It is highly recommended that you make yourself aware of the local laws with respect to devices and data for the countries to which you are travelling.
Travellers should expect their devices (phones, laptops, tablets, etc.) to be openly examined and scrutinized by immigration officials and perhaps local law enforcement. You may be expected to give officials your password to unlock your devices or decrypt your data and failure to do so could result in your device being confiscated and possible detention or expulsion from the country.
You are encouraged to contact Research Security (researchsecurity@ucalgary.ca) to inquire about a Security briefing, in advance of your departure.
This is the online version of Cybersecurity Tips for International Travellers. Download a copy of the documentation for your use.
For more tips on how to keep your systems and data secure, please review the UCalgary IT security website.
Check out their new YouTube video as well.
Consider the data that is on your device
Data and devices that are legal in Canada may be illegal in other countries. Check the Global Affairs Canada Travel Advice and Advisories for the country you will be travelling to. Choose the Laws and Culture tab. It will usually include a section on imports and exports that may indicate if a particular type of technology is illegal for import.
Use unique passwords
Use unique passwords for accounts you will use during your travel. When returning from travel, change the password as soon as possible after you return. Be aware that all of your passwords are at risk of being detected and recorded.
Get authorization
If you are carrying departmental data on your device, ensure that you have authorization to take the data off‐site.
Consider a temporary email account
Consider a temporary email account, where possible, to avoid your UCalgary or personal email history and content being copied or monitored.
Limit the amount of sensitive data that is stored
Only take the data you will need to access while travelling. Consider previously deleted information on your device, as it is not automatically removed from a hard disk or storage environment.
Travel with clean formatted loaner technology
If possible, travel with clean formatted loaner technology rather than your day‐to‐day working devices. If you are a UCalgary employee using a university owned device, contact the IT Support Centre for assistance.
Do not carry materials linked to sensitive topics
Do not carry materials or information perceived to be linked to sensitive topics in that country.
Keep your data on a protected USB device
Keep your data on an encrypted/password protected USB device instead of your computer.
Encrypt
Encrypt sensitive information at all times and ensure that you understand the classification of data that you are carrying when you travel. If you are carrying university owned or research data, see the Information Security Classification Standard. If your data includes Level 3 (Confidential) or Level 4 (Restricted) information, contact your IT partner prior to travelling with this information.
Consider setting up additional security measures
Consider setting up additional security measures if it is necessary to connect to the university’s network. For example, you may want to move data you need while travelling to OneDrive so you can access it securely online and avoid syncing data on any mobile device you may be carrying with you, or you could set up multi‐factor authentication to increase webmail security.
Remove all apps you don't need as you cross a border
For example, remove your gmail account from your device (with all your email and contacts) prior to going through immigration and security. Once you have passed through those points, you can add it back on to your device. This will allow you to comply with any immigration or security requests to view your device information. You may also consider doing this with any banking information that you have on your device.
Ensure your anti‐malware software is running and up to date prior to the travel
While Abroad
Accede to requests of law enforcement officials
If you are asked by an immigration or other law enforcement official to unlock or decrypt your device for their perusal, accede to their request in accordance with local legal requirements.
If your university owned equipment or university data is stolen
If your device or data is stolen while you are abroad and it is university owned equipment or university data, report it to the university’s IT Security Department as well as Campus Security.
Exercise caution before sending documents or information
Excercise caution before sending documents or information abroad that would fall under the coverage of that country’s secrets laws.
Avoid using public computer workstations and charging stations
Public infrastructure is easily modified to detect and record anything that is typed to them including account identifiers and credentials.
Be aware that public wireless networks are untrusted, avoid them if possible
Do not connect unknown USB flash drives to your device, they may contain malicious software
Do not connect to the university’s network unless absolutely necessary
Consider that all network connections, including encrypted connections, are being monitored.
Be extra careful when presented with unknown links or attachments
Be aware of websites that may push inappropriate content or malware without your authorization
Do not install software
Do not install software from an unknown source or software that is delivered through an unknown channel.
Do not leave your device in an unattended area or vehicle
Lock all unattended technology to prevent unauthorized access, do not allow anyone to use or access your device.
If your device has been compromised unknowingly
If your device has been compromised unknowingly during travel, it is a risk to all systems that the device connects to. If it is university owned equipment, do not use the technology upon return without it being wiped and refreshed by the IT Support Centre.
Electronic data has the same legal status as paper based information assets
The content, not the medium, determines the treatment of the data. Protect notebooks and paper documents with the same diligence as electronic information.