International Travel Guidance
Last Updated: October 4th, 2023
This guide is intended for Carnegie Mellon University (CMU) faculty, staff and students traveling outside of the United States on behalf of CMU. Much of this information also applies to traveling outside of the United States for personal reasons as well. If you have a US security clearance, please contact your security officer for further requirements that will apply to you.
Preparing for Your Trip
Before you leave, there are several things you should do in preparation for your trip.
- Review Department of State country information for the countries you are traveling.
The Department of State maintains country specific information on every country in the world on the U.S. Department of State International Travel webpage. The webpage provides information about whether you might need a visa (if you are an American citizen), crime and medical considerations, and laws that might be significantly different than in the U.S. It's a great source of information, especially if you have never previously traveled to that country.
- Obtain visas and vaccinations as required
Allow enough time for processing if the country you are traveling to requires a visa, or requires specific vaccinations.
- Review Office of Research Integrity and Compliance (ORIC)'s notices
ORIC maintains export compliance for the University. They can help you navigate specific situations involving export of information such as research. They can also determine if you will be unable to encrypt your data while traveling. Visit the ORIC Foreign Travel: Know Before You Go webpage for more information.
If you are traveling to an "at risk" country as defined by the Office of Foreign Assets Control (OFAC) always contact ORIC before you travel. More information can be found on the U.S. Department of the Treasury: Sanctions Programs and Country Information webpage.
- Consider taking alternate computing devices
Consider not taking your usual work or personal laptop, tablet or phone. Do you really need it? Your devices and data will be safest if they remain at home or in a locked office on campus. Check with your department IT staff if there are loaner laptops available for you to use. These laptops should have basic tools installed, but none of your sensitive data and no software that is subject to export control. Remember, even as a US citizen, US customs can seize your devices at US borders, not to mention any other country's customs.
- Purchase the correct power adapters, plugs, and transformers for your devices
Most countries do not use the US style plug or voltage, and you will still need to charge your devices. Research the plug or plugs and any transformers you will need prior to traveling. Most laptops do not require a transformer, but check your manufacturer's manual. Don't forget to bring a way to charge your cell phone, iPod, camera, etc. as well! Visit the World Standards Plug & Socket Types for more information.
- Enable Full Disk Encryption for all of your devices
If you do choose to take your laptop, enable full disk encryption if you are able – visit the Global Partners Digital World map of encryption laws and policies for a list of countries where encryption is not permitted. An encrypted disk prevents anyone from having easy access to your data if they physically steal your laptop.
Native encryption is available in OSX as “Filevault” and in Windows as “Bitlocker” (Windows 8 or above). Linux, especially Ubuntu, has LUKS – Linux Unified Key Setup.
- Run Identity Finder
Especially if you are unable to encrypt your laptop, run identity finder on it to make sure that you do not have any personally identifiable information on it. Install identity Finder
- Secure Your Computer
Follow the instructions available at Computing Services: Secure Computing webpage to secure your computer protect your computer by setting up CMU’s recommended security practices, including updating your system, installing anti-virus, setting a password, and turning on the firewall. These general security tips will help you both while traveling and at home.
- Download the CMU Virtual Private Network (VPN) software
Make sure you have the CMU VPN software on your laptop. This allows you to create a secure connection to campus for use of campus resources. The Campus VPN will not encrypt all of your traffic, only traffic to campus IP addresses. If you would like to encrypt all traffic, use the Full VPN. You may experience degraded performance, but all traffic from your laptop will be encrypted to campus prior to being routed to its final destination. Learn more about CMU VPN Software.
- Backup your devices
Backup your devices regularly and especially before you travel, including laptops and mobile phones. If either one is stolen, you will have a backup for restoration of your data.
- Enable a password and automatic wipe of mobile devices
Configure your mobile device to require a password and enable a data wipe after 10 failed attempts. Verify that you have a good backup of your device to recover from in the event that you need it.
- DO NOT leave your device unattended
Keep your device with you at all times. If your hotel room does not have a safe or you are staying in alternate accommodations, bring a lock with you to secure your computer in your room while you are away (such as at a meal).
- DO NOT plug in untrusted accessories
Do not plug in untrusted accessories such as a USB flash drive, or charging cable (for mobile phones or tablets). If you need to purchase an accessory while traveling, purchase from a reputable source.
- DO NOT use public kiosks
Public kiosks, like those at hotels, can be loaded with malware and keyloggers that will capture your username and password. If you do use one (such as for printing out a boarding pass), change the password for the account you used as soon as you can access a secured computer.
- Connect only to known wireless networks
Cyber attackers commonly set up “Free Wi-Fi” access points to encourage unsuspecting individuals to connect. Once connected, the attacker will harvest credentials. Make sure that you are using the provided Wi-Fi in the area. Check with the staff at your hotel or other business for the correct network to join, and make sure it's the only network you use. only use that one.
CMU is a member of eduroam, the network of university wifi networks, and if you are near a university, you can connect to their Wi-Fi for free using your Andrew ID (@andrew.cmu.edu) credentials. This network would appear as “eduroam” on your available Wi-Fi networks.
- Use the Campus or Full VPN
Using CMU's VPN software, you can connect securely to campus resources and other resources off campus (via the Full VPN). Learn more about the CMU VPN Software.
- Follow safe computing practices
Be cautious about links you click on, software you download, etc. More information about general safe computing practices can be found on the Information Security Office Training and Awareness webpage.
- Notify the Information Security Office if concerns arise while traveling
If you suspect unauthorized access of your device(s) or accounts, notify the Information Security Office as soon as possible. The Information Security Office can be reached at firstname.lastname@example.org.
When you Return
- Reset/Change the password for accounts you used
This is especially important if you used the password at a public kiosk or on untrusted computers. Changing your passwords ensures that even if someone did gain access to your credentials while you were traveling, they will be unable to use them. Make sure you use a secure and trusted computer to change your passwords. Do not choose previously used passwords. Do not choose passwords used for other accounts.
- Notify the Information Security Office if concerns arise following travel
If you suspect unauthorized access of your device(s) or accounts; or observe anything suspicious related to device behavior or email after your return, notify the Information Security Office as soon as possible at email@example.com.
Laura Raderman <lbowser>
Joseph Magliocca <jmaglioc>
Updated links, edited formatting
Updated VPN information
Updated link information
Matthew Nicolai <mnicolai>
Updated information and links