Travel Tips
Information Security Safeguards While Working from Home
As a member of the University community, you are entrusted to manage University information responsibility and in accordance with the University's Information Management and Information Technology Policies.
Here are some guidelines to follow for working from home securely:
1. Secure your home router and WiFi
Insecurely configured home routers can lead to eavesdropping and/or attackers gaining remote control of your home computing devices. Follow key and fundamental security safeguards such as changing the default router password and using Wi-Fi Protected Access 2 (WPA2).
See the following guide for router/wifi security:
Router Security: How to Setup Wi-Fi Router Securely
2. Secure your home computers
Keep up-to-date with patches/fixes/updates (including security, operating system, and antivirus updates). Enable the computer's personal firewall and hard drive encryption. Use a strong/secure password that is unique and not shared.
3. Minimize information management risks
Do not save, store, or print University information locally (especially that which is personally identifying). That is, securely connecting to and using University resources remotely keeps University information on the University system. Examples of such University resources include UAlberta Google, faculty/department based file-shares, and enterprise systems such as PeopleSoft, EDRMS, SupplyNet and eClass. Use the University VPN where appropriate and necessary to securely connect to the University network.
If you absolutely need to save, store, or print University information at home in order to do your job, obtain approval from your Director/Chair beforehand, and agree on security safeguards around version control, information sharing/exchange, encryption, and retention/archive/disposal, among others.
Whether for work or vacation, most members of the UAlberta community will travel with their electronic devices at some point. You cannot predict what will happen while travelling, so to protect yourself and the University, be as proactive as possible and follow these best practices.
1. Know the rules of your host country
Privacy and legal rights vary from place to place, so research your destination before you get there. Some foreign governments have been known to monitor phone calls, prohibit the use of VPNs, and filter or block access to certain websites, including Gmail and Google Apps. Do not attempt to bypass these internet suppression measures, as that could lead to serious consequences such as confiscation of your devices or criminal charges.
Some travellers have been ordered by customs and border officials to unlock their phones and laptops, provide encryption keys, sign into social media accounts, and allow their digital content to be copied. Refusing to comply with these demands can incur strict penalties against you.
It may be more of a risk to refuse and suffer that country's respective sanction than to reveal or relinquish your information and devices.
2. Your device may be searched or confiscated
Expect that your device(s) may be searched or confiscated by customs/border agents and law enforcement, so prepare and travel with them accordingly.
Do not store any information or contents that will cause issues or harm if disclosed to, or accessed by, customs agents or law enforcement.
3. Use caution accessing sensitive or confidential information while travelling
If you need this information while traveling, access it instead through secure, remote means, such as a department/faculty based file-share or your UAlberta Google Drive. Connect to either through the University VPN.
If you need to save or work on such a file locally and temporarily while traveling, ensure the file is purged from the local device after it is uploaded or saved to a secure, remote repository, such as a department/faculty based file-share or your UAlberta Google Drive. Always back up your information.
4. Disable automatic login
Configure the accounts on your mobile device (such as email and social media sites) to not automatically login. That way, if an external authority/party gains access to your device, they are not automatically logged into your accounts.
5. Encrypt and password-protect everything
Every mobile device should be encrypted and password-protected. A secure password is at least eight to ten characters long and consists of a mix of numbers, special characters, and upper and lowercase letters.
6. Follow mobile computing best practices
Ensure you're following the University's guidelines for mobile device security.
Learn more about mobile computing best practices.
7. Consider wiping your devices when you return home
Consider wiping your device upon your return in order to mitigate the risk that some unauthorized programs or malware were installed during your travels.
8. Expect that your device may become damaged
Despite all your efforts, your device can still become damaged. For instance, some airlines and jurisdictions prohibit carrying onboard electronic devices larger than a smartphone. As a result, laptops and tablets will need to be stored in checked luggage, where baggage may be subject to physical damage and extreme environments. If you need to store electronic devices in checked luggage, then consider using a temporary/on-loan computer or some other throw-away device.