Body
Travelers should not take their university laptop on their trip to China. NU ITS recommends university employees take a clean/wiped loner laptop on trips to China. First see if your college has a laptop that can be wiped and you can let the faculty/staff use for their travel to China. NU ITS can help get the machine wiped if needed. If your college does not have any available equipment reach out to NU ITS clinet services to see if there is any out-of-rotation equipment headed to inventory you can use on your trip. Since there is a fair chance any laptop taken to China will be removed from the travelers possession, for inspection, the laptop would need to be appropriately destroyed when you return to the US. Because of this only equipment whose complete loss/destruction is acceptable and should be taken on a trip to China.
A couple of important items regarding a laptop traveling to China:
- The device cannot be encrypted.
- The NU VPN or any other VPN/encryption software should not be installed on the laptop.
- Remote access to public NU services (including Office 365) should be reduced to only required and necessary activity.
- Do not use the local Outlook or OneDrive applications/clients on the loaner device, web only.
- Assume everything you do online is monitored, collected, and inspected. Refrain from private or confidential online activities like banking or accessing online accounts.
- If the laptop is removed from your custody at any time (including Customs), it should be appropriately destroyed upon return to the University and never connected to any university network (WiFi or Wired).
- Below is the NU ITS general guidance and best practices for IT Security for international travel, everything may not be applicable for your situation, but ITS feels this is good general advise and things to consider to secure IT resources and data while you travel internationally.
New Hardware:
- If you need to purchase new travel hardware, I recommend any of the standard models we have listed in CDW-G. The identified laptops (PC & Mac) all have the necessary security hardware to protect university data. Your IT Support Team will configure the laptop using the standard Endpoint Baseline procedure and apply either Medium or High Risk Security Controls as appropriate for the user.
Before You Leave:
- Request a loaner travel device from your IT Support Team.
- Only take data that is essential for the trip.
- Plan to access email and other university resources online, do not use the local Outlook or OneDrive applications on a loaner device.
- Some foreign countries restrict the use of encryption and may access your devices at the port of entry. Review the local laws of your destination country or contact the local embassy to alert them of your travel plans and review any travel advisories. https://step.state.gov
- Confirm that the travel device is configured with the Endpoint Baseline, encrypted (if permitted by local laws), and all software is up to date.
- Contact your IT Support Team for assistance.
While You’re There:
- Assume all public computers are insecure and do not use them.
- Always keep your travel device in your possession or in a secure location.
- Notify your IT Support Team and ITS Security Services immediately if your device is lost or stolen.
- Use the NU VPN on your travel device when connected to a network if permitted by local laws.
- If local laws do not permit encryption technologies, uninstall the NU VPN client before traveling.
- Disable WiFi and Bluetooth when not in use.
- Power off the travel device when not in use.
- Do not use untrusted devices such as public USB charging stations, only use your own chargers.
When You Return:
- Return the travel device to your IT Support Team so that it can be appropriately sanitized and re-configured for the next user.
- Notify your IT Support Team and ITS Security Services if local authorities detained the travel device during your trip.