Travel Safely with Technology

When visiting NYU's locations abroad, it is important to be aware of the various laws and regulations governing technology that you must follow. A number of countries have restrictions on what items you can export or take with you when departing that country, including electronic equipment not declared on arrival. In addition to local laws at NYU’s locations, and countries where NYU conducts research and other programs, awareness of, and compliance with NYU's policies, guidelines, and regulations are critical wherever an NYU community member uses, stores, and/or transports data or hardware. To do this you are advised to become familiar with these policies in particular:

• Electronic Data and System Risk Classification Policy
  
• Data and System Security Policy
  
• Policy on Responsible Use of NYU Computers and Data

Best Practices for Traveling Abroad

• Restrictions: When traveling abroad, you’ll need to determine whether export/import controls apply to your trip. For more information, including what items, equipment, or software may be restricted, read the Office of Compliance and Risk Management’s page International Travel: Export & Import Controls.   
  
• Personal Info: Be aware of Global Regulatory Issues when handling Personally Identifiable Information (PII) in other countries.
• Encryption: Most mass market devices (e.g. Apple & Android) do not require an export license. Contact the OCRM before traveling internationally with other encryption software and encrypted data.
• VPN: Using a Virtual Private Network (VPN) is recommended whenever you connect to the internet, but you will want to confirm that the location you’re traveling to allows use of encryption software. See the list of countries that support the personal use exemption for encryption software.
• Device Security: If a device is taken away from you in another country and given back, such as in customs, it very well may have been compromised. In this case, it is probably best to refrain from using the device. Email security@nyu.edu to notify them of the issue. You may need to reset or wipe your device.
  

Before You Leave

• Create strong, unique passwords or passphrases for each device that consist of at least 12 characters. Do not reuse passwords. Avoid passwords that are easy to guess or directly related to information in your social media accounts or other public-facing web pages.
  
• Identify the risk classification level of NYU data you will access, and ensure that your needed work files can be accessed using one of NYU’s file storage systems consistent with the files' data/risk classification level. If a file has a mix of data types, classify it using the highest level of classification applicable.
  
  • For more information, see the Electronic Data and System Risk Classification Policy and the File Storage Services Comparison page for information on how to store your data according to its classification level. Please remember that high risk data should never be stored on mobile devices.
• Make sure that your mobile phone has a device finder/manager, remote wipe capabilities, and that you know how to perform a remote wipe. See instructions for Apple, Android, and Windows.
  
• Make sure Endpoint Security software is installed on the laptop and devices you will take when you travel. This software can help to protect you from malware and spyware. Read Secure Your Computer.
  
• Make copies of travel documents and credit cards you plan to use. Leave copies with a family member or friend at home in case the items are lost or stolen.
  
• Wait until you’re home to post details about your trip on social media. Announcements made beforehand or while traveling can make you a target for cybercrime.
  
• Email GOIS at security@nyu.edu if you have pre-travel questions relating to the security of your electronic devices. You can consult with the Office of Compliance and Risk Management (OCRM) if you need further guidance, email nyucompliance@nyu.edu.

While You Are Traveling

• Remain vigilant about the physical security of your devices as you travel, including at your hotel. Devices may be at risk of physical tampering or theft, particularly if they are left unattended (including devices left locked in a hotel room or even left locked in a hotel safe while dining, shopping, or touring). Be aware and immediately report signs of device tampering to GOIS at security@nyu.edu.
  
• Securely access the internet and your files by using a Virtual Private Network (VPN) while traveling. VPN protects both your security and privacy by encrypting sensitive information and masking your IP address, search history, and location. NYU VPN provides secure access to NYU’s network.
  
• Avoid using public computers and public charging stations as both may come with malware, such as spyware.
  
• Disable Wi-Fi and Bluetooth when not in use. This will prevent auto-connection to open networks or other devices.
  
• Wait until you’re home to post details about your trip on social media. Announcements made beforehand or while traveling can make you a target of cybercriminals.
  
• If any of your MFA-registered devices are lost or stolen, contact the NYU IT Service Desk for 24x7 assistance with deactivating lost or stolen devices from MFA, and for accessing NYU-NET on an alternate device via an MFA pass code.
  
• All lost NYU-owned devices must be reported to the NYU IT Service Desk as soon as possible. Also inform your local IT Support team.
  

When You Return

• If a device was taken away from you in another country and given back, it very well may have been compromised. You may need to reset or wipe your device. In this case, it is probably best to refrain from using the device. Email security@nyu.edu to notify them of the issue.
• If you notice any unusual activity with your accounts when you return, use a trusted computer to change any passwords you used while traveling and report the activity to GOIS at security@nyu.edu.

Staff Traveling Abroad

Before You Leave

• A loaner laptop may be available from your school or department, or from Desktop Support (for enrolled departments). Check with your school or department for availability. Equipment loans are usually for a short term depending on what equipment is currently available. A loaner laptop should only have essential applications, including malware protection software.
  
  • If an NYU loaner laptop or mobile device is not available, remove any low or moderate risk data that you might have stored on your laptop. Remember, high risk data should never be stored on mobile devices.
    
• Updates and software installations should be completed on a trusted network prior to your departure. Installing software or performing updates on untrusted networks is risky because they may be delivered with malware.
  
• Traveling with “clean” devices on which there is no personal or work-related data stored is ideal because locally-stored data is vulnerable to theft, exposure, or corruption in the event that your device is lost, stolen, or confiscated.

When You Return

• Return any loaner devices for secure wiping and re-deployment.
  
• If there has been suspicious activity on any of the devices you have used, please report this information by sending a detailed email to security@nyu.edu before you return the devices.