University Times

You’ve made sure your passport is current, checked on any vaccinations you need, started a packing list, notified the University Travel Registry and shared your itinerary with relevant family and colleagues.

There’s one more critical step before you travel abroad: Secure your tech devices.

Thinking of taking your smartphone? Think carefully.

The safest phone when traveling abroad is a non-smartphone used only for calls. Smartphones are mini-computers, containing email, private communications and contact lists —  a high-value target for international cybercriminals.

But if you do decide to take a smartphone, you should back up the phone and then reset it to its factory default setting. This clears all personal information and allows you to selectively copy nonsensitive information back on to the device. Limit the contacts and number of email messages synced to your phone.

When you return from your trip, the phone can be restored to its previous state.

Before you depart, establish a strong passcode for your device. Set up your phone (or tablet) to lock immediately, not after an extended period of non-use. This prevents someone from picking up your device, gaining access to it and resetting the password so that you no longer have access to it.

Unless you are using Wi-Fi or Bluetooth, turn them off. Allowing these services to run provides potential attackers with access to your device.

Laptops: Before you go

Anyone traveling with a laptop needs to take a number of steps to reduce vulnerability — and to make recovery from theft easier.

• Back up your device.

• Remove any sensitive or confidential data from your laptop. This includes student information, proprietary information (including unpublished research), University business documents, personal information (including financial information), and any other materials that should not be made public. Materials related to travel arrangements, presentations, supporting materials, educational information and public domain documents can stay.

• Update your operating system so all of the latest security patches are applied.

• Make sure you have the latest Symantec Endpoint Protection (SEP) application installed, and use the LiveUpdate feature to confirm that virus definitions are up to date. Traveling with a Windows machine? Install MalwareBytes, available at no cost through Pitt’s software download service.

• Keep it simple. Your laptop should have only applications that are absolutely necessary for your travel. (Symantec is one that is absolutely necessary.) Uninstall any applications you don’t need or don’t use. Note that U.S. export control laws preclude bringing some software applications across the borders of many countries.

• All applications on the laptop should have the latest security patches, but particularly applications that interact with the Web: browsers, Adobe Acrobat and Flash, Silverlight and Java.

• Update the settings on your web browsers. Browsers should be set to automatically clear your browsing history and cache after each session.

Laptops abroad: Paranoia is your friend

• Assume everything you do on your devices is being intercepted. The information you send over a network may be monitored, even when using a hotel or business connection. If you don’t need to go online, don’t.

• Do not use public Wi-Fi, computers or devices. Shared computers and devices that belong to other travelers should never be used to access University systems or any system protected by a username and password. Public, free Wi-Fi connections cannot be trusted and may compromise your device.

• Do not let your laptop, tablet or phone out your sight. If customs or other airport officials take your device out of your view, consider the device compromised and do not use it. Do not leave your device in a hotel room, conference center or foreign office unattended.

• Do not use unknown storage devices or public charging stations. USB keys can be used to install malicious software on your devices that allow unauthorized individuals to compromise your data and accounts. Public charging stations at airports or hotels also should be avoided, as they can transmit harmful software to your devices.

• When entering your username and password into your devices, be aware of those around you. Someone may be closely watching your screen and keyboard in an attempt to steal your credentials.

When you return to Pitt

Once you’re back home, assume that the devices you traveled with are compromised. Despite your best efforts, they could contain malicious software that you do not want to introduce to the University’s network or your home network. The safest course of action is to have the device securely erased and rebuilt, either from an existing backup or through a new installation of the operating system.

Change your password for all services you accessed while abroad — your University computing account as well as any personal email, social or financial sites that you accessed while traveling.

Include us in your trip-planning process

Four weeks before departure, have CSSD inventory your equipment. During the inventory, we can verify the state of your operating system and applications and determine whether any sensitive data is present on the devices. The inventory also will help if any devices are lost or stolen on your trip.

If you provide CSSD with your travel dates, we can monitor logins from your University computing account to look for any anomalous behavior. If any suspicious behavior is associated with your account, we will contact you immediately to change your password.

You can contact the Technology Help Desk at 412/624-HELP (4357) or helpdesk@pitt.edu before or during your travels if you have any questions or concerns about the technology you are taking with you when traveling abroad.

We are happy to help you have a secure travel experience.

Brian Pasquini is a senior security analyst for Computing Services and Systems Development.