This website uses cookies so that we can provide you with the best user experience. By using this website, you consent to the use of cookies. Learn more about our use of your data by reading our Privacy Policy.

Accept Privacy Policy
Apply Visit Campus Request Info Give
Students, Faculty, and Staff Search Menu

ITS Policies & Procedures

ITS / Policies / Technology Guidance for International Travel

Technology Guidance for International Travel

Policy #: LFC.ITS.21
Date: 11/05/2025
Author: Information Technology Services
Version: 1.0
Status: DRAFT

OVERVIEW

Lake Forest College supports international academic collaboration, research, and travel. When traveling abroad, however, electronic devices and data are at increased risk due to differing privacy laws, network security practices, surveillance standards, and border inspection authorities. This guidance outlines recommended and required steps to protect College data, systems, and personnel when traveling internationally with technology.

1. PURPOSE

The purpose of this guidance is to help travelers understand and reduce the cybersecurity and privacy risks associated with international travel. Following these guidelines helps protect College resources, research data, personal information, and individual travelers from theft, compromise, surveillance, and data loss. The guidance also supports the College’s compliance with regulatory and contractual data protection requirements.

2. SCOPE

This guidance applies to all faculty, staff, students, contractors, researchers, and others traveling internationally on behalf of the College and using College-owned devices or accessing College systems and data. It also applies to personal devices used to access College resources from outside the United States.

3. INTERNATIONAL TRAVEL AND COLLEGE-OWNED DEVICES

College-owned devices should only be taken abroad when the employee is traveling on behalf of the college or performing work approved by their supervisor while traveling, and not accompany employees during their personal, recreational travel.

4. KEY RISKS DURING INTERNATIONAL TRAVEL

Traveling internationally introduces cybersecurity and privacy risks that may not be present while working from campus or within the United States. Network environments, legal expectations of privacy, and monitoring practices differ greatly across countries, which can expose both personal and College data to interception, copying, or compromise. Understanding these risks before traveling is essential to taking appropriate precautions.

4.1 Device Compromise: Public Wi-Fi networks, cellular networks, or state monitoring systems may intercept communications or install malware such as info stealers, remote access trojans, or command-and-control software.

4.2 Data Inspection and Disclosure: Many countries permit border agencies to confiscate, inspect, and duplicate data stored on travelers’ devices for later review. Some nation-states may attempt to defeat device security mechanisms and install keyloggers, surveillance spyware, or rootkits (which modify the firmware of the device to permanently compromise it.)

4.3 Account Credential or “Token” Theft: Logins from state-controlled or compromised Wi-Fi networks in “high cyber risk” locations may be intercepted and decrypted – despite conscientious VPN use – providing attackers with unauthorized access to College data on systems the employee may access through Single Sign-On (SSO.)

4.4 Loss or Physical Theft: Travel increases the likelihood of device loss, theft, or tampering while unattended.

5. PREPARING FOR TRAVEL

Before traveling internationally, it is important to ensure that all devices and accounts are configured to minimize risk and protect College data. Preparing ahead of time reduces the likelihood of disruption, data loss, or account compromise while abroad. Travelers should review the guidance below and take appropriate steps based on their destination, the nature of the information they will access, and the level of personal and institutional risk anticipated during the trip. ITS is available to assist with device preparation, travel loaner devices, and secure access configurations, given sufficient lead time.

5.1 For Travel to Higher Cyber-Risk Regions: ITS strongly recommends the following:

  • Travel without technology if possible.
  • If devices are necessary:
    • Request a loaner laptop from ITS. A properly-configured College-owned travel device will contain minimal data and can be securely wiped upon return.
    • Copy only the data you will need access to during your travel to the loaner device.
    • Consider purchasing a temporary “travel” phone if your destination poses elevated surveillance or privacy concerns and add it as a registered MFA device before you leave.
    • If its use will be allowed in your destination, work with ITS to ensure your VPN access is configured properly prior to your departure. Access to some College resources may depend upon it.

5.2 For All International Travel: ITS recommends taking the following steps:

  • Ensure all storage devices which will accompany you during your travels are encrypted (unless the destination country bans such encryption, such as China.)
  • Ensure all available OS and application software updates are installed and local file-sharing services are disabled.
  • Remove unnecessary data from the local device. Store this data in your College-provided Microsoft OneDrive instead and ensure local file synchronization is disabled.
  • Sign out of applications and cloud services you will not need during your travels.

6. GUIDANCE FOR MOBILE DEVICES

Mobile devices often store significant personal data, may contain some institutional data, and serve as authentication tools for accessing College systems. When traveling internationally, the risk of device inspection, duplication of stored data, or surveillance of communications increases. Selecting the right device to travel with and minimizing locally stored data helps reduce exposure and protect privacy. ITS recommends you:

  • Understand that some countries allow border authorities to inspect or copy device data. Know your destination and what to expect when going through customs.
  • Reduce data stored on your device prior to travel. This minimizes exposure of personal and College information. Consider precautions such as wiping personal call logs, SMS conversations, and logging out of social media accounts prior to border crossings where appropriate.
  • Consider whether you will need to swap SIM cards (or e-SIMs) to obtain mobile service in your destination country; relying on SMS messages to reach your U.S. phone number to complete MFA challenges may become problematic.

7. WHILE TRAVELING

Security practices during travel play a critical role in protecting both personal and institutional information. Physical control of devices, network choices, and situational awareness all help reduce the likelihood of credential theft, malware infections, and unauthorized data access. Following the guidance below while abroad can significantly reduce risk.

7.1 Network Use: Avoid using public or hotel Wi-Fi unless necessary; tether through your phone when possible. Avoid open (unencrypted) Wi-Fi networks; if you must use one, connect to the College VPN (where allowed.) In “high cyber risk” regions, it’s best to assume VPN traffic – when it works at all – will be intercepted and decrypted and to refrain from sending sensitive data or messages. In certain countries, the use of VPN – especially anonymizing VPN services like TOR (The Onion Router)— may result in unwanted scrutiny from authorities.

7.2 Device Handling: In high-risk destinations:

  • Always keep devices in your possession; do not leave them behind in hotel safes or put them down out of sight (for instance, under tables at restaurants during meals.)
  • If a College device is out of your control for any period of time – including during customs inspections – consider it compromised and report it to ITS as soon as possible.
  • Treat all removeable media, links, and QR codes as potentially malicious.
  • Do not attach your storage devices to other computers, or allow other storage devices to be attached to your College laptop.
  • Disable all wireless radios (Wi-Fi, Bluetooth, GPS) when not in use.
  • Do not purchase or repair electronics locally.

For general travel:

  • Be aware of your surroundings; device loss becomes likelier in densely populated areas frequented by tourists.
  • Secure your devices in hotel safes or equivalents when you must leave them behind.
  • Do not be embarrassed to turn your body to block your screen when necessary to prevent others from viewing sensitive data or watching you type your password.

7.3 Email and Cloud Access: In high-risk destinations:

  • Refrain from connecting to Lake Forest College cloud-hosted resources such as Outlook, Teams, or OneDrive unless necessary.
  • Do not download or store Protected Information (PII, confidential data) on local devices while abroad.
  • Avoid hotel “business center” or cybercafé computers; assume they monitor activity and log keystrokes to capture usernames and passwords.
  • When web browsing is unavoidable, use strict security settings, log out of everything afterward, never save credentials, and clear your browser history and temporary/cache data/cookies frequently.

For more general travel:

  • Avoid opening emails and/or attachments from unknown senders
  • Use the Lake Forest College VPN when accessing College resources and data.

8. UPON RETURN

Upon returning to campus or the United States, devices used during travel may require additional review to ensure they have not been compromised. Even brief loss of physical possession or connection to unknown networks may introduce risks that are not immediately visible. The steps below outline how to safely reintroduce devices to campus networks and verify account integrity.

8.1 Loaner Devices: Disable Wi-Fi and other radios and power down the loaner device before returning to campus. Return the loaner device to ITS as soon as possible for secure wiping and re-provisioning. ITS can assist with the secure recovery of locally stored files on the device prior to this process if needed.

8.2 Assigned Devices: If you traveled to a lower-risk destination with your College-assigned laptop, please make arrangements with ITS to have the device scanned for malware immediately upon your return to campus. This ensures the device is ready to be used on campus and is suitable for handling College data again.

8.3 Account Security: Upon return from travel, be prepared to change your account password and log into your devices again. This prevents unauthorized access to (or the loss or exposure of) College data due to stolen session credentials.

8.4 Travel Phones: Immediately disable and discard any pre-paid travel phones you purchased for travel to high-cyber-risk countries upon your return. Do not save or reuse these devices.

9. SUPPORT

ITS is available to assist travelers before, during, and after international travel on behalf of the College. Travelers are encouraged to contact ITS early in the planning process to allow sufficient time to prepare devices, pick up loaner equipment, and receive tailored advice based on travel destination and purpose. Contact the ITS Service desk through the usual support channels. For specific advice regarding securing devices, encryption controls, or the cyber risk levels associated with your travel destination, contact the Information Security Manager at infosec@lakeforest.edu.

RELATED POLICIES:

Document Control:

Entry#: Date Version Notes
1 11/05/2025 1.0 Original draft

Information Technology Services