Computing Guidelines for Traveling to High-Risk Locations
When traveling to a high-risk location, especially if you work with sensitive university data when traveling, follow the Mobile Computing Guidelines for Traveling or Conducting Field Research and take these additional precautions to get access to U-M computing services and to protect your device and university data.
Use the U-M Travel Registry
University faculty, staff, and students are required to register their international travel plans on the U-M Travel Registry when traveling for university-related purposes.
Accessing Computing Resources
Some countries have laws and regulations that restrict Internet access. Always respect and adhere to the laws and regulations of countries you visit.
Protecting Devices and Data
See our general recommendations for protecting your devices and data and consider these additional precautions:
- Take a Loaner Device. If you can, take a device with just the files and applications you will need while traveling. Officials in some countries inspect electronic devices and may download material from them. Some countries have encryption import restrictions that prevent you from encrypting data on your device. Protect yourself—and the university—by not taking any sensitive or private information with you. Check with your departmental IT staff to see if loaner laptop computers and other mobile devices are available to you.
- Keep Devices Close at Hand or Locked Up. Perhaps the biggest risk to data and devices while traveling is loss or theft. Keep electronic devices close at hand and in view when you travel. If your hotel room has a safe, use it.
- Change Your Password. Change your UMICH password to one that will be used only during your trip. Change your password before you leave and again on your return. Also change any other passwords you expect to use while traveling.
- Don't Accept Thumbdrives from Others. Do not accept thumbdrives or other such devices from colleagues or others. Such devices may expose your computer to malware.
- Use Encryption. Apply full disk encryption. This will provide a substantial layer of protection should your laptop, smartphone, or other mobile device become lost or stolen. See Protect Your Data and your unit IT support for instructions on encrypting your PC or encrypting your Mac laptop. Be aware that some countries ban or regulate the import, export, and use of encryption products; see Data Encryption and Export Controls for information.
- Follow export control regulations. Export Controls is the body of federal law intended to prevent the transfer of sensitive items and technology to foreign nations, organizations, and individuals. It includes International Trafficking in Arms Regulations (ITAR) and Export Administration Regulations (EAR) compliance. For more information, including contact information for the university's export controls officer, see Export Control Compliance for University of Michigan Researchers. Also see Frequently Asked Questions about Export Regulations.
- Plan for two-factor if needed. If you use Duo two-factor authentication for access to some systems, you may want to enroll in additional Duo options before your trip. Also be aware that the Duo Mobile app and hardware tokens are subject to export control regulations and may not be transported or sent to embargoed nations identified by the U.S. State Department. See Traveling with Duo for tips and details. (Mtokens, both hardware and software are also subject to export control reglations and may be to transported or sent to embargoed nations.)
- Do Not Access Sensitive Data. When in a high risk location, do not use any system that accesses sensitive data, even when using the university VPN. For general information about storing and sharing sensitive university data, see the Sensitive Data Guide to IT Services.
- Disable Bluetooth, Wi-Fi, and GPS when not in use to limit potential unauthorized access to your device or data.
- Turn Devices Off When Not in Use. In general, turn your devices off when you are not using them. During meetings in a high-risk location, for example, power off devices and remove batteries to mitigate risk of the microphone being turned on remotely.
- Wipe Your Device When You Return. To ensure no hidden spyware returns with you and infects the U-M computing environment, have your IT department completely wipe your device and install a new image. Taking a loaner device makes it easier to take this precaution without losing information you wish to keep.
These articles describe risks of computing from China and offer guidance:
Additional travel security information and tips:
Related Policies and Standards