Body
International Travel S&T IT Security Information
While traveling internationally, S&T IT Security would like to provide you with information to protect your data and computer while you are away from campus.
Data Protection
Protecting your data (e.g., research, intellectual property (IP), university data) while traveling is the most important preparation you can do. Your data is too important to have it compromised. You have worked hard to produce sensitive data that is important to the university and to achieve your goals. A compromise can impact future research opportunities for you and the University.
The need for the cybersecurity process for international travel is to:
- Protect university data and research during travel.
- Protect Intellectual Property (IP), proposals, instructor materials, etc.
- Protect the campus community network and computers upon a traveler's return to campus.
Please review the UM System Information Security Travel Standard.
Note: The IT Desktop Support will contact you approximately two weeks before your trip to discuss your computer and data needs for your upcoming international trip.
Selecting the Technology Category Needs for Travel
The following three technology categories (A, B, and C) for your trip are used to make computer and data preparations before you depart. The technology categories are determined by the travel locations and the data the data access levels and data types.
Category A: Traveler is on an export controlled or Controlled Unclassified Information project and going to any country.
Category B: Traveler is going to a country on one of the following US Government lists.
- OFAC Comprehensively Sanctioned or Embargoed Countries:
Iran, Cuba, North Korea, Russian-occupied regions of Ukraine (Crimea, Donetsk, Luhansk, Kherson, and Zaporizhzhia).
- OFAC Targeted Sanctioned Countries:
Russia, Belarus, Burma (Myanmar), Syria, and Venezuela.
- Foreign Countries of Concern:
China (including Hong Kong and Macau), Iran, North Korea, Russia.
Category C: Traveler is not on an export controlled or Controlled Unclassified Information (CUI) project and is not going to a country on one of above US Government lists.
Technology Needs Categories A and B (High Risk)
It is required to temporarily exchange your S&T managed computer for a loaner laptop provided by S&T IT that does not contain sensitive information for your use during the trip. If you do not need to take an S&T computer or equipment with you, then you do not need to get a loaner laptop. This process does not apply to personal laptops with personal data. However, you are required to not store campus data on personal devices beyond data stored in communication tools, Please review the UM System Mobile Devices information security policy.
The IT Desktop Support will do the following required items on the loaner laptop to be ready for travel:
- Configure Microsoft BitLocker on the loaner laptop.
- Onboard your loaner laptop into our Windows Defender security protection and monitoring system.
- Update software to be brought to the most recent patch levels.
- Assist with transferring only data needed for the trip. Do not put any sensitive data on the laptop.
Use OpenVPN, Virtual Private Network (VPN) to connect to the campus network any time you are working on the computer until you return to campus.
A good data security practice is to have the traveler, and their department review the loaner laptop contents to make sure there is no sensitive data on the loaner laptop to be taken on the travel. Do not store any sensitive data on the laptop or other devices you take with you.
Upon returning to campus, it is required to return the loaner laptop to the help desk before connecting the loaner laptop to the campus network to properly sanitize the laptop.
Technology Needs Category C (Medium Risk)
If you have a need to take an S&T managed computer on your trip, you have the option to take a loaner laptop provided by S&T IT instead of taking your S&T managed computer on your trip. If you do not need to take an S&T computer or equipment with you, then you do not need to get a loaner laptop. This process does not apply to personal laptops with personal data. However, you are required to not store campus data on personal devices beyond data stored in communication tools (https://www.umsystem.edu/ums/is/infosec/sections-mobile).
A good data security practice is to have the traveler, and their department review the laptop contents to make sure there is no sensitive data on the laptop to be taken on the travel. Do not store any sensitive data on the laptop or other devices you take with you.
The IT Desktop Support will do the following required items to be ready to travel with your S&T managed laptop or a loaner laptop.
- Configure Microsoft BitLocker on the laptop.
- Onboard your loaner laptop or your campus laptop into our Windows Defender security protection and monitoring system.
- Update your software to be brought to the most recent patch levels to mitigate possible vulnerabilities.
- Transfer only data needed for the trip onto a loaner laptop if a loaner is used.
Use OpenVPN, https://it.mst.edu/services/vpn/ to connect to the campus network any time you are working on the computer until you return to campus.
Returning to Campus
Upon return to campus the following items are required if you used an S&T loaner or your S&T managed laptop:
- Do not connect the laptop or your computer to the campus network until you have had the IT Help Desk check your laptop for security vulnerabilities.
- Return the loaner laptop to the IT Help Desk or take your S&T managed laptop to the IT Help Desk.
- The IT Help Desk will run the virus checker, Windows Defender, on the loaner, or your S&T managed laptop.
- After the IT Help Desk confirms that the laptop is not infected with viruses, malware, or other security vulnerabilities, you may then request the IT Help Desk to transfer any data that you want to keep from a loaner laptop to your S&T managed laptop.