It is critical to protect tablets, laptops, phones and other computing devices before you travel. If you lose your device, if someone steals it, if it is confiscated at passport control, or if someone hacks into your device, you may lose data that is saved on your device, as well as other personal identity information stored on the computer or smartphone. It can also lead to breaches of Stanford’s information technology infrastructure; network outages; loss of confidential data; and damage to Stanford's reputation.
What is the best way to secure mobile devices and computers?
Consider the following three options:
1. Leave your devices at home.
You may want to consider leaving your devices at home when you travel to high-risk countries, and instead borrow a Travel Loaner Kit (available to faculty and staff) provided through a joint program sponsored by the Information Security Office and IT Services. There is no charge and it is the safest way to keep your data secure. Submit your request at least one week prior to your departure. If you need a phone, use a device you don’t need to use again: a loaner phone borrowed in country, an unlocked phone with a local SIM card, or a phone you buy or rent at the airport or hotel when you arrive are all good options.
2. Limit the data you take with you.
Prepare your device for travel by taking only the minimum and necessary data by following these steps:
- Back up your data to an external hard drive.
- Wipe all your data and software from the device you are traveling with.
- Reinstall only the essential software and data you’ll need for your trip.
- Remove any remaining documents that contain Prohibited, Restricted, or Confidential Stanford data from your device.
If you need assistance, submit a HelpSU.
3. Protect the data you need for your trip with encryption and other security measures.
No matter where you’re going, you should put these minimum safeguards in place to protect the data on your device:
- Verify that your computer software is current via Qualys's BrowserCheck service
- Confirm that your computer is fully backed up and encrypted via Stanford Whole Disk Encryption (SWDE) service
- IT Services offers several vendors for desktop backup and recovery services: Crashplan PROe and Disk-Based Replication. All are suitable for backup of non-public information. Sensitive information needs to be encrypted when it is backed up.
- If you're bringing a mobile phone, enroll in an international calling and data plan. For Android and iOS devices (iPhone, iPad), enroll in Stanford's Mobile Device Management program to protect and encrypt your device.
- Use Identity Finder to help track down documents with non-public data like Social Security Numbers and credit card numbers and remove those documents from often cut-off for hours at a time.
International Service Plans for Mobile Devices
Do you practice basic security?
Before You Go
- Forward your voicemail to email so you do not have to dial into your voicemail account, potentially revealing your voicemail passcode.
While You are Traveling
- Do not plug your phone into public kiosks.
- Be aware of your surroundings.
- Do not leave your devices unattended. Hotel safes are not secure.
When You Return
- Save any documents you created while traveling to an external drive. Wipe your device or return the Travel Loan kit. Restore the content on your device from the backup made before your travel. To remove the international roaming plans, submit a HelpSU or visit IT Service's International Travel Mobile Tips page for more information. Change your SUNet password. If you checked your voicemail while traveling, change your voicemail passcode.
Do you need an export license?
International travel with a smartphone, tablet, laptop and digital storage devices is considered an "export” that is subject to U.S. export control regulations. Depending on the destination and the technology contained in your device, you may need an export license. For example, export licenses are generally required when encryption technology and hardware are taken to countries under comprehensive U.S. trade sanctions (Iran, Cuba, Sudan). If you travel without a required export license, it is a violation of federal law and you may be arrested (yes, it has happened!).
Export compliance is your personal responsibility when you are traveling with Stanford laptops and other Stanford property including digital storage devices. The Dean of Research has created several tools to assist you in flagging potential circumstances when an export license is required:
- The Temporary Export Property Checklist summarizes the requirements for an export license exception for temporary international shipments or hand carries of equipment, components, prototypes and materials as well as laptops, tablets, cell phones and other digital storage devices.
- Stanford’s Export Controls Decision Tree walks a traveller through a step-by-step process to spot potential export compliance issues. The Decision Tree also serves to certify Stanford’s compliance with export regulations when a license is not required.