International Travel
Why is International Travel Different?
U.S. Customs and Border Protection may search and copy the contents of travelers' laptops and expect travelers to divulge credentials and encryption keys as necessary. Americans can expect similar treatment when visiting other countries. Refusal to comply can result in seizure of the device or denial of entry into the host country. Once in the country, risks to confidential, controlled and sensitive data continue. Some countries legally prohibit encryption, and others view all encryption suspiciously. Physical loss and digital espionage also put confidential information (or tools to access it) on your devices at risk.
When traveling abroad, there is no expectation of privacy. Always assume in your destination country, U.S. ports of entry and in transit, eavesdropping may take place on all electronic communications.
TRAVEL TO CHINA, CUBA, HONG KONG, IRAN, NORTH KOREA and RUSSIA: On November 19, 2024 Governor Abbott issued Executive Order GA-48 which requires Texas public education institutions and other state agencies to create processes for institutional and employee activities involving China, Cuba, Hong Kong, Iran, North Korea, and Russia.
To comply with the Governor’s order, the University of Houston System is requiring all employees to notify the UH Export Control Officer at exportcontrol@uh.edu of personal travel plans to any of the countries listed above so that we can provide the most current guidelines to protect university resources. The e-mail should include full name, destination country, and dates of travel.
To safeguard university data, university-issued laptops and mobile devices should not be taken to these countries on personal trips. In addition, personal laptops and mobile devices should not be used to access the university’s VPN from these countries.
Further guidance with regard to this order will be forthcoming. Contact the UH Export Control Officer at exportcontrol@uh.edu if you have any questions.
What to Do Before Traveling Internationally
- Leave Unnecessary Devices at Home - Do not take any device or data that is not necessary while you are away. Consider taking an alternate personal cell phone from your everyday phone.
- Use a Loaner Device - Request a loaner laptop from your College IT department. The laptop should be configured in the following manner:
- Password is required to access the laptop
- Only basic computing capabilities (web browser, VPN) and minimal applications
- Operating system and applications should be fully updated with all available security patches applied
- Applications should be configured to NOT store any passwords
- Encryption - consult with the UHS Export Control Officer who can advise which countries do not allow encryption software
- Store Data on University Resources - Any data you will need to access while travelling should be stored on university resources such as OneDrive or SharePoint. These M365 resources do not require a VPN for access. Other university resources may require the use of a VPN for access.
- Decide Which Duo Two-Factor Authentication Method To Use
- Duo Push - requires the Duo app on the phone and internet service.
- Duo Passcode - requires the Duo app on the phone, but no Internet service is required.
- VPN Considerations - Be aware that certain countries may restrict the use of VPN.
What to Do While Traveling Internationally
- Disable Device Services When Not In Use - Turn off services such as Bluetooth, cellular connection, GPS and Wi-Fi any time you are not using them.
- Be Wary of Public Wi-Fi
- Do not automatically join wireless networks. Turn off this device setting and manually select the specific network you want to join.
- Connect only to known wireless networks. Anyone can create a network with a legitimate sounding name. Ask staff of the location for the business provided Wi-Fi name.
- Use Eduroam Wi-Fi if available. Eduroam is available to faculty/staff/students at many institutions around the world. To connect, simply select the eduroam SSID and login with UH credentials (CougarNetID@cougarnet.uh.edu) and current CougarNet password.
- Do Not Enter Credentials Into Public Computers - Only use devices brought with you to access both university and personal accounts that require credentials.
- Keep Track of Credentials You Use - For both university and personal account, keep track of which ones you used while traveling. The passwords should be changed upon your return home.
- Keep Devices with You - Do not leave any electronic devices (cell phones, laptops, tablets, etc.) unattended, even in your hotel room or safe. Do not pack electronic devices in your checked bags or ask someone to watch them for you.
- Use the private web browsing feature. This will prevent data and credentials from being cached locally by the web browser. Chrome, Safari, and Firefox all support private browsing.
- Be aware of your surroundings. Take note when using your device in public, especially when entering credentials.
- Protect your device.
- Keep devices with you. Do not leave in hotel safes.
- Be discreet with devices. If possible, do not use an obvious laptop storage bag.
- Do not charge on public USB ports or public charging cables.
- Do not plug in untrusted accessories (i.e., USB drive).
- Cover laptop cameras when not in use.
- Immediately report loss or theft of UH devices to security@uh.edu or your departmental IT staff. Do not wait until you return.
What Should I Do When Returning from International Travel?
- Do not connect loaner devices to the university network - Return them promptly to your IT department for sanitization.
- Change Your Passwords - Using a trusted university or personal computer, change your password for any university or personal credentials for any service, device or application you used during your trip.