Last updated January 10, 2025
Is there a trip abroad in your future? Read this to find out while preparing to leave, when out of the country and upon your return how to keep your accounts, devices and data safe.
Getting prepared
This is an accordion element with a series of buttons that open and close related content panels.
Generate backup passcodes for future use
Generate a back-up or temporary MFA code so you do not need your MFA device to connect to the network. Multi-factor authentication is an added layer of security to protect you while traveling and using available wireless networks.
Reserve a loaner device
Consider taking a loaner device rather than your personal equipment. This will limit the amount of data at risk should your laptop or phone be lost, stolen or searched. If you are an employee, we suggest checking with your desktop support services first to see if they can provide a temporary computer with specific software and security pre-installed for you.
PC and Macintosh laptops with appropriate up-to-date security protections are also available for checkout from DoIT, however we do not offer software installation beyond what is currently on our general loaner image.
Make sure you are prepared to use VPN services which will allow Multi-factor authentication which only you can validate. If you are not going to take your FOB with you, generate several MFA security sequences that you can use while traveling and then dispose of after use.
Prepare your laptop/tablet for travel
If you can not take a loaner device, sanitize your device by backing up the information and remove all information not needed during your travels. Ensure up-to-date protections for anti-malware, security patching and firewalls. Be sure to empty your Trash/Recycle Bin and enable screen lock and timeout functions prior to travel. Also make note of your laptop’s serial number.
Minimize the information you take with you
Minimize data transported or accessed while abroad. Particularly identify and safeguard data subject to regulations and laws, which include:
- International Traffic in Arms Regulations (ITAR) or Export Administration Regulations (EAR)
- Controlled Unclassified Information (CUI)
- Personally identifiable Information (PII)
- Protected health information (HIPAA)
- Student information (FERPA)
- Sensitive financial information
Evaluate the sensitivity of the information you are considering taking by knowing in many countries/cultures there is no expectation of privacy. Backup all information you do take and leave the backup at work. Use Spirion (Identity Finder) to locate and remove restricted data. Remove all external storage media (e.g. CDs, USBs, etc.) from the computer before you travel.
Review university and personal passwords
Do not use the same login credentials for university and personal business. Where possible, ensure passwords for sensitive enterprise systems (e.g SIS, HR, etc) are not the same as self-service passwords (e.g. email, calendar, myuw, etc.). Make any necessary password changes warranted by this review, particularly for systems you will be accessing while abroad.
Familiarize yourself with local laws and security
Is the country you are traveling to on the sanctioned or embargoed country list?
Visit the Department of State Travel Advisory and the OSAC Country Security Report to obtain information about the safety and security of the country you are visiting and to enroll in the Smart Traveler Enrollment Program (STEP). You can also go to the International Safety and Security Director’s (ISSD) site for valuable resources, links, and information to help you plan safe and secure travel abroad.
Learn how to recognize secure websites, and avoid insecure ones.
Contact your mobile phone service provider
Contact your mobile phone service provider and ask what they recommend for international cellular service while traveling. Consider leaving your normally used devices at home and traveling with a clean unlocked device that does not have sensitive information or personal account information on it. You can also consider purchasing an inexpensive local “burner” phone on arrival (often available for purchase on arrival at an international airport). Device theft is a growing problem in many locations around the world, so avoid traveling with a device you cannot afford to lose.
During your stay
This is an accordion element with a series of buttons that open and close related content panels.
Have no expectation of privacy
Eavesdropping is routine in some countries. Limit electronic and face-to-face discussion of sensitive information. If possible, wait to discuss sensitive matters upon return or using a known secure mechanism. Surveillance can occur through talk, text or application-based communications. In some countries, law enforcement may be able to seize or search your devices arbitrarily without any expectation or even pretense of due process, device return or compensation. Travelers should avoid keeping sensitive or contentious information on your phone, computer or tablet that you would not want host-country authorities to see.
Treat electronic devices as compromised
Do not use computers or faxes at foreign hotels or business centers for sensitive matters. Do not charge your devices by connecting them to charging stations, computers, televisions, DVRs, etc. Do not allow foreign storage devices e.g. USB, CDs, etc. to be connected to your computer or phone. Do not download new apps or allow your operating system or existing apps or programs to update. Do not click on links in messages or use links to move from internet site to site. We do understand that some of this may not be feasible. In China you may be required to use local application-based e-payments or local applications for public transit or other public messaging. It is always best to have a borrowed device to install this software on.
Keep electronic devices in your physical possession
Do not leave these devices unattended e.g in your hotel room, in hotel safes, in your checked baggage, or do not ask someone to watch for you.
Disable devices network capabilities when not in use
Turn off Bluetooth and wifi capability on your device when not in use. Consider turning off your cellular phone when it is not in use and particularly if you have a data plan enabled. Using Airplane Mode on your device will simplify the activation or deactivation of wireless capabilities.
Avoid accessing systems with sensitive or restricted information from abroad
This is particularly advisable in countries where there is no expectation of privacy. See the the Department of State Travel Advisory and the OSAC Country Security Report for country specific issues. In general, when accessing University systems minimize the length of time and amount of information accessed. Use VPN whenever possible to connect to campus resources, unless you are in a country that doesn’t allow encryption.
Report loss or theft of information or electronic devices to help@doit.wisc.edu
Upon your return
This is an accordion element with a series of buttons that open and close related content panels.
Clean and/or rebuild all electronic devices
Please remove any information from the laptop prior to returning it. Any information that resides on the laptop at the time of its return to the Help Desk will be removed upon its return. If you took your personal computer, we highly recommend that the laptop is analyzed for malware, unauthorized access and if necessary re-built before next use. DoIT can assist in this effort.
Change passwords
Consider changing passwords for all systems you accessed while traveling.
Get help
Anyone traveling internationally should also visit the International Studies website and review the International Travel Policy.
The DoIT Help Desk can also answer any questions you have, or connect you with the right group.