The University compiles a list of High Risk Countries from a number of sources, including the University of Colorado Systems Risk Management, the Department of State, the Department of Treasury, and the Federal Bureau of Investigation. The FBI has stated that US travelers are priority targets for cyber-attack and monitoring/surveillance, particularly if they are known to be engaged in classified or proprietary research in a STEM field (science, technology, engineering or mathematics).
Electronic devices and the information on these devices may be at risk of both physical tampering and cyber-attacks. In rare circumstances, personal devices and luggage may be subject to involuntary official government review (such as Customs officers temporarily seizing devices). In other countries, you may need to prepare for limited access to specific websites or applications (apps) such as YouTube, Google, Facebook or Twitter due to international sanctions or unreliable connectivity.
The University currently considers the following countries as "high-risk":
- North Korea*
- Sierra Leone
- South Sudan
- Ukraine/Crimea Region
Additional recommendations include:
- Do not take sensitive or private information with you overseas. If at all possible, use a loaner laptop when traveling. Sanitized laptops allow for access to required applications while minimizing any personal or controlled information that is taken abroad. Please see your department IT program to see if there are loaner laptops or other loaner mobile devices available for your trip.
- Avoid the use of Internet Cafes or other types of untrusted internet networks. Do not use public Wi-Fi connections such as Wi-Fi at airports or hotels. If possible, use a University provided VPN for all wireless connections or remote networks.
- Do not accept thumb drives, CDs, or any other type of new/unknown removable device while traveling overseas. These removable devices can contain malware or other types of viruses that can expose your computer to unauthorized access and intrusion.
- Be aware of export control regulations, including the ITAR, EAR, and OFAC federal regulations. Some exports may require licenses or additional authorization and documentation. Do not take export controlled hardware, software, or information out of the United States without consulting the University of Colorado Boulder Export Controls Office.