It is well understood that members of the CU research community will need access to data when presenting and conducting research in foreign locations. The following are some considerations to protect sensitive and controlled data while facilitating the traveler's and the University's interests. Always be aware of your surroundings and keep track of all your personal electronic devices. Do not leave devices unattended and ensure that your devices are password-protected and encrypted. Travel to certain High Risk countries requires special consideration and preparation.

Computers  

  • Best: Travel Light  

For personnel travelling internationally on official CU business, we strongly recommend that you leave your current devices at home altogether (if possible) or travel with university-provided loaner equipment. You can arrange a loaner by submitting a request to OIT Desktop Support. Use the loaner device instead of your laptop; it will allow you to manage email, view your calendar, run presentations, edit documents, and connect to university web sites. The device is set up specifically for your use and wiped back to factory settings when you return. The device uses the campus encryption service to encrypt the device and provides you with a secure platform for the duration of your travel.  

  • Good: Travel With Less Data 

If you feel your needs will not be met by a loaner laptop, another option is to delete any applications or file access that would expose sensitive data, and take only the data you’ll need for the trip. You’ll need to make sure that the machine is encrypted using the university's encryption service before you go. Consult with our help desk for assistance. Whenever possible, leave USB drives at home. These are easily lost and easily corrupted. If you must travel with a USB device, be sure that it’s encrypted.  

  • Minimum: Travel Encrypted 

If you are not able to use a loaner device and have specific business requirements that make use of your current workstation necessary while traveling, please contact OIT or the Export Controls Administrators office. They will assist in making accommodations, if possible, to facilitate your needs.

At a minimum, you may need to accomplish the following steps prior to travel: 

  • Verify that your computer software is current by requesting a vulnerability scan (security@colorado.edu)  
  • Make sure your computer is fully backed up and encrypted.  
  • Request an Identity Finder scan be run to help track down documents with non-public data (e.g. Social Security Numbers and Credit Card Numbers) and remove those documents from your computer.  
  • Remove from your computer any documents containing highly confidential, confidential, and data subject to compliance regulations. 

Be aware that this process may require up to two weeks to accomplish. So please allow sufficient time to complete the necessary functions.

Mobile Devices 

  • Best: Go Without  

The first thing to consider is whether or not you really need a mobile device, and if so, do you need your personal mobile device. Are you going to make calls? Can you get by with Wi-Fi calling on your loaner laptop? Can you use email and computer-based messenger applications?  

  • Good: Limited Function Loaner, or Get It There  

A low risk alternative is to use a device that has limited access and data on it, and/or a device that you don’t need to use again. This can be a sanitized and unlocked phone with a SIM card purchased upon arrival, a loaner phone borrowed in-country, or a phone you buy or rent at the airport or hotel when you arrive.  

  • Minimum: Prepare Your Personal Device in Advance 

If you must use your own phone: 

  • Delete any applications that would provide access to sensitive data automatically.
  • Use a six-digit pin to lock your phone when not in use (and where allowed, to open certain apps). 
  • Save your data, reset to factory defaults, and restore from backups when you return. 

Planning ahead will protect your privacy and any sensitive or confidential data.