Skip to main content
Suomeksi
Search

Information security guidelines for abroad travelling

Tampere University and TAMK

Export of TUNI equipment to Russia and Belarus is strictly forbidden !

It is also forbidden to export a work computer or mobile device to China. For exceptions, please contact the information security of Tampere Universities. 

 

The main thing is to protect:
  • Your privacy
  • Data for which the university is responsible
  • your own research data, if you have it with you or access to it.
Before the trip must:
  • Consider carefully what data you take with you
  • consider which data can be accessed from the device
  • check if there is something in the TUNI mailbox that should not be taken with you
 
When travelling outside the EU, please use caution with your devices and contact the IT Helpdesk for more information. 

 

When traveling to China or other high-risk countries, ask for an empty, basic installed device for the duration of your trip. After the trip, the device is returned and erased. Exporting Tuni device is prohibited because it is risky. There have been reports of software installed on devices, copies of their contents or confiscation of devices. Do not connect a temporarily used device to the TUNI network after the trip. When you're in China, your login and traffic can be at risk, so change your passwords when you get home.

The instructions have been prepared with business trips in mind, but are also suitable for study trips and student exchange periods. 

 

Leave secrets at the workplace 

When commuting, the risk of becoming a victim of theft or data breach increases. That's why it's important to remove confidential and valuable files and messages from portable devices. Files needed during your trip can be saved to a network drive or cloud service and downloaded only when needed. Consider taking a separate "empty" device or phone on a trip. If you are using a university email account, check the messages you want to protect and consider whether the email account needs to be on the device at all times.

 

Beware of Free wifi network connections 

During your trip, use a VPN connection for everything, install the university's VPN software (EduVPN) and check Eduroam beforehand. In Scandinavia, the Baltics and EU countries, it is recommended to use a mobile data connection because it is reasonably priced and the most secure. In countries where mobile data is expensive, beware of free WiFi networks and check with hotel and business premises staff to verify the authenticity of the network. For a longer trips, consider getting a local data connection. 

Take confirmation alerts, certificate warnings and error messages seriously and don´t use public computers. 

Turn off: Bluetooth, voice control, Wi-Fi, location services, sharing a connection or hotspot when you're not using them.

Pay attention to the certificates on web pages:  If you receive a warning about a new or invalid certificate in a university connection, do not press OK or enter passwords. This may mean a connection to an old or incorrect proxy server and login page. Use your browser to check if you can get a direct connection to the servers of the higher education community.

 

Update your device and make sure it can be locked. Check that  your software, antivirus, hard drive encryption and are up to date 

 In case of theft or attempted burglary, make sure that no data can be extracted from the device without unlocking. Protect your passwords and security codes from prying eyes and don't leave your device alone or in someone else's hands. A locked device can be quickly cracked by a professional. Use the hotel's valuables storage service or keep the computer with you all the time. Consider purchasing a privacy screen, if you use it in the presence of others. Back up your devices before you travel and be prepared to erase your machine after the trip and perform a clean installation from the backup. Also, make sure you can buy a new device from your local store if necessary.

 

Rights of the Authority and precautions against state actors in some countries

In many countries, border authorities have the right to demand that locks and passwords be unlocked without suspicion of a crime. A foreign state can use the materials as it wishes. You can't usually refuse to share your password, so it's a good idea to hide the existence of accounts. Remove unnecessary social media accounts and email services from your phone before you travel. The rights of the authorities are particularly extensive in the USA, Russia and China.

In some countries, authorities have extensive powers and resources to monitor tourists and citizens, and university students may be of particular interest. Supo warns that passengers may be subject to intelligence gathering because of their documents, equipment and conversations, especially if they work in politics, civil servants or business. 

In China, surveillance relies on comprehensive camera systems and databases that identify people based on faces, voices and the way they walk. The surveillance also extends to travelers’ devices and social media accounts. In general, tourists cannot protect themselves from measures or demands made by the authorities. Intrusion into devices is unlikely, but due to the possible consequences, you should be careful with your private data.

If you use the country's own apps in an authoritarian country, the authorities will actively monitor their use. Apps can track location, copy address book, and activate microphone and camera. Do not allow the use of these features, and delete apps from the device after returning, if necessary, erase the entire device.

Avoid bringing a phone or computer used for private communication. Especially when traveling to China and Russia, consider using a separate low-cost smartphone with local apps, and avoid using Chinese apps on your own phone or workstation.

 

Social media

Consider whether it is necessary to share information or pictures from a business trip on social media. If you do, tell what you've done rather than what you're going to do, and consider the need to share location data. Ask permission from others before sharing their information or images.

General information security instructions must be followed when travelling. Pay special attention to password and username management: do not use the same password for different services and critically consider using the same username. Avoid logging in to different services with the same credentials, such as Facebook. Use multi-factor authentication for the most critical services.

 

If your device is stolen during the trip

  • Report the crime to the local police and bring a copy of the report.
  • Change your password in the id.tuni.fi service. If you are unable to, contact IT Helpdesk and ask them to reset the password.
  • Report the theft to the IT Helpdesk.
  • When you return to Finland, contact tietoturva [at] tuni.fi and provide a written account of the incident.
  • We report all thefts separately in Finland.
 
Precautions:
  • Connect home only on your own devices, do not enter your TUNI password on any other device.
  • Consider investing in a separate travel device.
  • Be prepared to erase your device after your trip and restore it from a backup made before the trip.
  • If the device has been in someone else's possession for even a moment, assume that it may have been hacked or copied.
  • Use a VPN if possible.
  • If the VPN doesn't work, just use the www.office.com portal and/or email.
  • Do not use the connection if certificate warnings appear at the beginning.
  • Beware links sent to you in a message/email and use unsecured web pages with caution, as links can break your smartphone.

 

Report strange events no later than when you return: it-helpdesk [at] tuni.fi, +358 294 520 500

Published: 16.11.2020
Updated: 31.10.2024
Print this page