|WHAT TO DO
||Why Do It
||If you can leave computing devices at home, do so.
||Limits your exposure.
||Travel with the least amount of data possible stored on electronic devices. In particular, leave all removeable media (thumb/USB drives, DVDs, portable hard drives) at home.
||Also limits your exposure. Consider what data is sensitive for you. This might include physical papers or email.
||Ensure you have current backups of all data and software you are taking on your trip.
||If your devices are compromised while traveling, backups make correcting the problem much easier. The potential for theft or confiscation of devices while traveling is also a factor.
||If possible, take loaner devices on trips and leave your own devices at home.
||Loaner devices require a fresh, hardened and minimal installation of software, making compromise more difficult. Taking a loaner makes it easier to limit the amount of data, as data copied to the device would then be a conscious choice. Your backups could then be considered your usual device(s) left at home.
||Ensure all devices are fully encrypted. This includes removeable media.
||If stolen, encrypted devices have a much greater chance of protecting the information stored on the devices. Please see #12 below as some countries have made encryption illegal or problematic.
||Ensure all devices are fully patched, both operating system and all installed software.
||Unpatched applications and unpatched operating systems allow attackers easy avenues to compromise devices, bypassing other safeguards and accessing the data on the devices. Ruthless, automatic, full patching of all installed software and operating system should be considered a must whether traveling or not.
||Ensure all devices run up-to-date next-generation anti-virus software.
||Yale has invested in a next-generation anti-virus product known as Cylance, which has been demonstrated in our environment to be significantly more effective than traditional signature-based anti-virus products. In addition to looking for known bad malware, so-called “next generation” anti-virus looks for suspicious patterns of behavior and begins to incorporate machine learning in detection routines.
||Disable all unnecessary services on your devices, including USB ports, wifi and bluetooth if possible.
||Disabling unnecessary software and operating system features is a fundamental part of machine “hardening” to limit the possible angles of attack. This can be done by your support professional, and there are industry standard benchmarks available to guide in the detailed steps required. Disabling some features, such as USB ports, wifi and bluetooth, are extreme measures in so far as they are very inconvenient. Do what is possible here, even if it means leaving some of these features on all the time (e.g. wifi) or switching them on and off as needed (e.g. bluetooth).
||Identify all passphrases saved or cached on your devices, such as those saved by a web browser, as well as all passphrases you manually type into a device.
||The only scenario that might be worse than unauthorized access to the data on your devices would be the theft of your credentials, so that the attackers could repeatedly access your data without the need to physically be near your machine. Being aware of your passphrases, including cached passphrases, will be necessary so that you can determine which passphrases can be protected by a second factor (aka multi-factor authentication), or which passphrases you should change once returning from your travels.
||Ensure as many passphrases as possible require two-step / multi-factor authentication, and that the second factor will be available while traveling.
||The use of multi-factor authentication while traveling requires pre-planning, otherwise you might find your second factor does not work while away, keeping you from vital work. Your support professional can help ensure you have multi-factor options that will work while traveling. There are special one-time use codes and special multi-factor devices available that can work even without reliable internet connectivity or SMS.
||Ensure your critical passwords are unique; do not “reuse” these passwords on less sensitive systems or in systems unrelated to Yale.
||Every single week, Yale security operations receives reports of other non-Yale websites around the world that have been compromised. In a shocking number of cases, people have used their Yale email address as a username, and often they have used their Yale password on these other sites. These other sites often do not know or do not announce when they have been breached.
||Be aware of export restrictions in the event you may be traveling with export-controlled data.
||Be aware of encryption restrictions in some countries.