Export Controls are laws and regulations designed to restrict foreign access to information, technology, or software. Approval or authorization may be required to carry any electronic device that can store or communicate data. Please consult with the University Export Control Officer by going to ExportControl.IllinoisState.edu, or your local Technology Support Team if you intend on traveling abroad. Loaner laptops are provided by the University for international business travel and are strongly recommended. 

It is best to limit the total number of devices you will take and if possible, take temporary devices without university data, such as a checkout laptop and/or a prepaid phone intended to be used for international travel. Loaner laptops are provided by the University for international business travel and are strongly recommended. 

Create a backup on every device you are taking. Hardware is replaceable but not all data is. If you utilize the loaner laptop service offered for international business travel, this will be handled for you. 

Remove all highly sensitive and confidential information. This includes information related to students, coursework, unpublished research, University business, personal data, and any other material not intended to be public. Clear your web browsing history and only keep data related to your travel arrangements and materials supporting your reason for travel. Also, limit or completely remove email and contact lists on your devices as they often contain information highly sought after by criminals. If you utilize the loaner laptop service offered for international business travel, this will be handled for you. 

Encryption is a great way to protect your data however, be aware that not all countries allow it. Please contact the University Export Control Officer or your local technology support team if you plan to encrypt your devices. If you utilize the loaner laptop service offered for international business travel, this will be handled for you. 

It is important to have all the latest security patches installed on your operating system and the latest version of your anti-virus or malware detection software. If you utilize the loaner laptop service offered for international business travel, this will be handled for you. 

We strongly recommend setting up multiple methods of Multi-Factor Authentication MFA in preparation for your trip. If you do not prepare your cell phone to be used abroad by having multiple MFA methods, you could lose access to ISU services temporarily when a single MFA method fails. You can find information on setting up multiple MFA methods in the article Adding Additional Verification Methods for Multi-Factor Authentication. If your MFA does fail, you can review the article Multi-Factor Authentication (MFA) Isn't Working For Me and contact the Technology Support Center for help. 

 Use strong passcodes, especially on mobile devices, to prevent others from picking up your devices and gaining access to it. Do not use the same passcode that you use for other accounts such as work, banking, or social media.

Record the make, model, and serial numbers of your devices along with what type of data it is carrying. This information is useful when having to report lost or stolen devices

Print out or write down a list of emergency contacts that you can store in a pocket or your wallet. Ensure to include phone numbers of contacts, U.S. Embassy information, travel & risk insurance information, and any useful information unique to your destination.

If an agent asks you to login to your device while passing through customs, you should do so. Be prepared to allow them access to your device and even potentially confiscating it. This is why it is important to leave sensitive data off your devices. Do not risk being detained or arrested for the sake of keeping your device.

Never let your devices leave your sight. Should customs or any other official take your devices out of your view, assume they have become compromised and do not use them any further. Never leave your device unattended.

The easiest way to keep your device secure is to completely turn it off however, that is not always viable. When you are not actively using your devices, disable features such as Bluetooth and WiFi.

Free, unknown, and public WiFi networks have potential of exploiting any existing vulnerabilities on your devices. If possible, start-up ISU’s VPN software immediately after accessing any network abroad -  however, keep in mind that some countries have bans on the use of VPNs and attempting to bypass VPN restrictions is considered cyber espionage. If you are using a VPN, ensure it is configured in full tunnel mode.

NOTE: This is not the default configuration for ISU’s VPN.

Do not install software or any updates when traveling and do not accept any type of external media such as USB flash drives, CDs/DVDs, or external hard drives. Especially do not bring back external media to use on University equipment

Always assume your communications aboard are being monitored and will be compromised. Avoid accessing or sending sensitive messages, emails, or data. Never send sensitive messages, emails, or data from a public-use device.

If you plug into a public or free charging station and unlock your phone, the data from your device may be accessed and downloaded from the device if it’s not configured to disallow data transfer.

Discontinue using any devices brought with you abroad and do not access University resources until the devices and your accounts are secured. It is also recommended that you avoid accessing your home network until confirmation that your devices and accounts are clean.

If using the loaner laptop service for international business travel, return the laptop to the Tech Solutions Endpoint Support team as arranged and they will securely erase it. For personal devices, it is recommended that you securely erase them and then restore from backup.

Assume all accounts and passwords entered abroad have been compromised. Upon return home, change all passwords from a device that you did not travel with.