Go Directly to Page Content
Go Directly to Site Search
Go Directly to Site Navigation
ITS Safe Computing

Computing Guidelines for Traveling to High-Risk Locations

When traveling to a high-risk location, especially if you work with sensitive university data when traveling, follow the Mobile Computing Guidelines for Traveling or Conducting Field Research and take these additional precautions to get access to U-M computing services and to protect your device and university data.

Use the U-M Travel Registry

University faculty, staff, and students are required to register their international travel plans on the U-M Travel Registry when traveling for university-related purposes.

Accessing Computing Resources

Some countries have laws and regulations that restrict Internet access. Always respect and adhere to the laws and regulations of countries you visit.

  • Prepare for Limited Access.

    • You may not be able to access YouTube, Google, Facebook, Twitter, blogs, and other websites in some countries on a consistent or reliable basis. If you will need materials from the web for your work while traveling, consider downloading them to your computer or mobile device ahead of time.
    • You may not be able to access some M+Google apps or features from some locations. For example, due to international sanctions, users are unable to access Google Apps from Crimea as of January 31, 2015. Some governments restrict access. Plan ahead for this and let people know that you may not be able to read and respond to email while traveling.
    • You may find that you are better able to get to your email from your phone using a cellular network than from a computer connected to the Internet. Check with your phone carrier about international data plans before you travel. You might consider getting a local phone with a pre-paid card in the country you are visiting.
    • Have a personal email account as an alternative. If you have difficulties using M+Google Mail while you are overseas, or if your mail is blocked from reaching your overseas collegues, you could try using a personal non-Google account. If you do use a personal email account, be aware that you may not use it to share sensitive institutional data as noted in Sensitive Regulated Data: Permitted and Restricted Uses (DS-06) and the Personal Account page in the Sensitive Data Guide to IT Services.
  • Use the VPN.

    • The U-M Virtual Private Network (VPN) provides a secure computing experience when accessing a University of Michigan network from a remote location or when using a wireless connection. It can also help you bypass Chinese firewalls. Use it when you connect to the Internet from your smartphone, tablet, or laptop. Install the VPN client and/or U-M profile on your device before your trip. See Use a Secure Internet Connection to download the VPN for your campus.
    • You may find VPN access blocked from locations in China and elsewhere. Do not attempt to illegally bypass the blocks. Do not put yourself at risk of being accused of cyber espionage or other crimes.
  • Avoid Internet Cafes and Untrusted Networks. Do not use untrusted networks, such as those in Internet Cafes and hotels, to access the Internet. In general, cellular networks are more secure than such publically available networks. Turn on VPN for your device as soon as you connect to the Internet over a wireless connection or from any remote network.
  • Use Virtual Sites. With Virtual Sites, you can use the software on Campus Computing Sites Windows workstations remotely from any Mac or Windows computer with an Internet connection. Virtual Sites lets you use computers on the U-M campus remotely. Go through to Virtual Sites webpage to connect. You can then access your email and other U-M services from the Sites workstation.
  • Be Mindful that Your Colleagues May Have Limited Access. If you collaborate with colleagues in countries where censorship is pervasive or substantial, be mindful of the large number of websites that are inaccessible to them. Understand that they are subject to the laws and regulations of their land—as are you if you travel there. If your M+Google Mail is blocked from reaching overseas colleagues, you could try using a personal non-Google account. Be aware, though, that you may not use it to share sensitive institutional data as noted in Sensitive Regulated Data: Permitted and Restricted Uses (DS-06) and the Personal Account page in the Sensitive Data Guide to IT Services.

Protecting Devices and Data

See our general recommendations for protecting your devices and data and consider these additional precautions:

  • Take a Loaner Device. If you can, take a device with just the files and applications you will need while traveling. Officials in some countries inspect electronic devices and may download material from them. Some countries have encryption import restrictions that prevent you from encrypting data on your device. Protect yourself—and the university—by not taking any sensitive or private information with you. Check with your departmental IT staff to see if loaner laptop computers and other mobile devices are available to you.
  • Keep Devices Close at Hand or Locked Up. Perhaps the biggest risk to data and devices while traveling is loss or theft. Keep electronic devices close at hand and in view when you travel. If your hotel room has a safe, use it.
  • Change Your Password. Change your UMICH password to one that will be used only during your trip. Change your password before you leave and again on your return. Also change any other passwords you expect to use while traveling.
  • Don't Accept Thumbdrives from Others. Do not accept thumbdrives or other such devices from colleagues or others. Such devices may expose your computer to malware.
  • Use Encryption. Apply full disk encryption. This will provide a substantial layer of protection should your laptop, smartphone, or other mobile device become lost or stolen. See Protect Your Data and your unit IT support for instructions on encrypting your PC or encrypting your Mac laptop. Be aware that some countries ban or regulate the import, export, and use of encryption products; see Data Encryption and Export Controls for information.
  • Follow export control regulations. Export Controls is the body of federal law intended to prevent the transfer of sensitive items and technology to foreign nations, organizations, and individuals. It includes International Trafficking in Arms Regulations (ITAR) and Export Administration Regulations (EAR) compliance. For more information, including contact information for the university's export controls officer, see Export Control Compliance for University of Michigan Researchers. Also see Frequently Asked Questions about Export Regulations.
  • Be aware that MTokens are subject to export control regulations. According to Federal export control regulations, MTokens (hardware or software) may not be transported or sent to embargoed nations identified by the federal government. The following nations are on the embargoed list as of December 2014: Cuba, Iran, North Korea, Syria, and Sudan.
  • Do Not Access Sensitive Data. When in a high risk location, do not use any system that accesses sensitive data, even when using the university VPN. For general information about storing and sharing sensitive university data, see the Sensitive Data Guide to IT Services.
  • Disable Bluetooth, Wi-Fi, and GPS when not in use to limit potential unauthorized access to your device or data.
  • Turn Devices Off When Not in Use. In general, turn your devices off when you are not using them. During meetings in a high-risk location, for example, power off devices and remove batteries to mitigate risk of the microphone being turned on remotely.
  • Wipe Your Device When You Return. To ensure no hidden spyware returns with you and infects the U-M computing environment, have your IT department completely wipe your device and install a new image. Taking a loaner device makes it easier to take this precaution without losing information you wish to keep.
Back To Top

Additional Resources

These articles describe risks of computing from China and offer guidance:

Additional travel security information and tips:

Back To Top

Related Policies and Standards

Back To Top