Tips for cybersafe holidays and travel.
When you are travelling outside of Canada, there are different laws and requirements related to the use of technological devices and information. The expectation of privacy also varies dependent upon the country you are visiting.
Every country has its own expectations with respect to importing and exporting technology, information protection and privacy, legal and illegal content and freedom of speech. It is highly recommended that you make yourself aware of the local laws with respect to devices and data for the countries to which you are travelling.
Travelers should expect their devices (phones, laptops, IPads, etc.) to be openly examined by immigration officials or local law enforcement. You may be expected to give officials your password to unlock your devices or decrypt your data and failure to do so could result in your device being confiscated and possible detention or expulsion from the country.
Before you go
- Update the software on all your travel devices. Updated anti-malware, anti-virus and application software will help to prevent or fix known security issues for your computer or mobile devices.
- Purge data from the devices you will take with you. Remove confidential and sensitive data from your mobile device and computer. Data that is legal in Canada may be illegal in other countries. Create temporary on-line data stores (eg. OneDrive) with the data you will need for the trip.
- Remove all apps that you do not need as you cross into another country. You can add back email, banking and other apps to your device once you have cleared border controls or customs.
- Consider using a temporary email account. Using a temporary email account helps prevent exposure of your ucalgary.ca or personal email history.
- Delete stored passwords from travel computers and devices. Change existing passwords to a temporary travel password. Because no device can be protected at all times, assume your credentials may be accessed and copied by unauthorized individuals at some point in your travels.
- Protect all devices with strong passwords. Set up multi-factor authentication to ensure the only person with access to your accounts is you.
- If you bring a portable hard drive, laptop or USB with you, make sure it is password protected and encrypted. Never use untrusted or unencrypted devices to store data.
- Consider using a ‘burner’ device. These are inexpensive and intended for temporary use. If you travel with your personal devices, use a back-up cloud service or a secure device you leave at home.
- Ensure you have authorization to take data off-site. Check with your manager or department administrator.
- Keep your devices with you. Do not leave devices unattended in vehicles or at conferences. If you must hand over your devices for airport screening or security checkpoints, never lose sight of them.
- Do not allow anyone else to use your device. Make sure to lock your device when it is not in use.
- Turn off Bluetooth and WiFi. Be aware that public wireless networks are untrusted and avoid using them if possible.
- Avoid using unfamiliar devices. Public computer workstations, charging stations and unknown USB drives may contain malicious software.
- Avoid using untrusted networks. Hotel, coffee shop, airport etc. networks are not secure.
- Do not install software from an unknown source. Software delivered through an unknown channel may contain malicious code.
- Access your files using the Office 365 web interface. O365 is designed to maintain security of the University’s data.
- Be alert for phishing and social engineering traps. Do not click links from untrusted sources and always delete suspicious emails.
- In case of loss, remotely wipe your personal devices. Know your service provider’s toll-free number so you can request that service be blocked or suspended. If University property is lost or stolen, report it to the University’s IT Security department and Campus Security.
When you return
- Reset your passwords. Use a trusted device to change all the passwords that you used while out of the country.
- You may not know if your device has been compromised during travel. Compromised devices are a risk to all systems to which they connect. If it is University owned equipment, do not use the technology upon return without it being wiped and refreshed by the IT Support Centre.
If you have questions about cyber security or need help setting up additional security prior to travelling, please contact UService at email@example.com or phone 403.210.9300.
Further information on cyber security while travelling is available on the Government of Canada’s websites at:
Cyber security while travelling:
Remaining cyber safe while travelling: security recommendations