When traveling internationally, in addition to taking your passport, take responsibility for your cybersecurity. Your information and communications - and the devices that contain and transmit them - are as much a part of you as the valuables in your suitcase. The more you do to protect yourself, the more secure your information and devices likely will be. While in a foreign country, you are subject to its laws. Laws and policies regarding online security and privacy may be different in other countries than in the United States.
Travel to some countries in particular presents some significant cyber security concerns and the risk cannot be understated. If possible, travel without any devices. If that is not possible, take an inexpensive basic laptop, a "burner device", and a pre-paid cell phone. Leave all other devices at home. Destroy all devices before returning home. There are many types of exploits that would not be detected upon your return home. These exploits could persist even if the device is wiped. It may cost a few dollars more to throw the device away after each trip, but the cost of a compromised machine connected to the State network or a home network could be much higher.
The State Department’s Office of American Citizens Services and Crisis Management (ACS) administers the Consular Information Program, which informs the public of conditions abroad that may affect their safety and security. Country Specific Information, Travel Alerts, and Travel Warnings are vital parts of this program.
Protect yourself by leaving at home any electronic equipment you don't need during your travel. If you will require a device while traveling abroad, protect it in advance.
- Back up your electronic files
- Remove sensitive data
- Install strong passwords
- Ensure antivirus software is up-to-date
While traveling, follow these tips:
- Turn off your Bluetooth
- Only use VPN for internet access, not WiFi
- Turn off location services
- Never let your devices out of your sight. Keep electronic devices with you at all times; hotel safes are not secure.
- Do not plug USB-powered devices into public charging stations. Only connect USB-powered devices to the power adapter with which they were intended to be used.
- Know the local laws regarding online behavior and law enforcement authorities, as some online behaviors are illegal in certain countries.
- Assume that all online activity is subject to government and/or other monitoring techniques.
- When using a laptop, copy and paste passwords from a USB thumb drive
- Never type in a password directly due to elevated risks of keystroke logging software on your laptop
- Don’t Get Juice Jacked at the Airport, this video provides best practices to protect your personal information at the airport.
Upon return to the US:
- Change all passwords and device passcodes
- If you bring any devices back, restore back to factory settings and run a comprehensive scan on devices before connecting to any networks, home or work.