Information security when travelling abroad

As researchers, employees or students at the University of Münster, you know that international cooperation and travel are an important part of life at our university. In order to be able to work outside the regular university environment, it is almost always necessary to carry information technology with you, such as notebooks, smartphones, tablets, external hard drives or USB sticks, but also paper documents. When travelling, you often find yourself in unfamiliar working environments (conference rooms, hotel rooms or hotel lobbies, unfamiliar office environments, waiting areas at airports/train stations, etc.) and have a wide range of social contacts.

Unfortunately, the threat level increases when travelling (especially when travelling abroad). The combination of the purpose of the trip (e.g. business meeting, conference, congress, etc.), the duration of the trip and the destination results in individual risks and, in some cases, new threats to sensitive information.

On this page, we have summarised tips and advice on what you should bear in mind before, during and after your business trip. The focus of this page is on information security; general safety advice has been summarised on the Travel Expenses Office's intranet page on safety during business trips abroad.

  • Before travelling

    You must prepare for a safe trip abroad in a manner appropriate to the circumstances. This includes the following considerations and steps:

    • Research the information security risks in your destination country: Familiarise yourself with common information security risks in your destination country, such as public Wi-Fi, cybercrime and government surveillance. The first source for information about your destination is the travel and safety advice provided by the Federal Foreign Office (only available in German). The Federal Office for the Protection of the Constitution has published information sheets on Business Travel Securityand Business Travel Security: China.
    • Update your devices: Ensure that all your devices, such as laptops, smartphones, tablets, etc., are equipped with the latest security updates and antivirus programmes.
    • Back up your data: Before departure, make a backup copy of all important data and store it in a safe place.
    • Minimise the number of devices you carry with you: Only take the devices you really need during your trip. Avoid taking sensitive or unnecessary devices such as backup drives with you. If there are increased security requirements or specific threats in your destination country, use a freshly installed second device that you can reset after your trip. Talk to your IT Service Provider (IVV) about this.
    • Only take absolutely necessary data with you: If possible, do not take any documents containing confidential or secret information with you. Ensure that only the data necessary for your trip is stored on your devices. If necessary, move any data you do not need to other devices that you are not taking with you.

  • During your trip

    • Use secure networks: Avoid public Wi-Fi networks, especially those without password protection. Instead, use mobile hotspots that you create yourself with your mobile device (please be aware of the costs!) or secure VPN connections to establish a secure Internet connection. However, please note the legal restrictions on VPN use in your destination country.
    • Physical security of your devices: Ensure that your devices and sensitive documents are always close to you and secure them against theft. Do not leave your own technical devices and data carriers unattended. If necessary, use security locks or bags with anti-theft protection. Report any loss or theft of your device to your IT service provider (IVV) immediately.
    • Charging your devices: Only use your own power adapter to charge your devices and, if possible, do not use USB charging facilities in hotels, airports or other public places. Public USB charging facilities can be used to access your device. Alternatively, you can use a USB data blocker to protect against unauthorised access while charging. You should purchase this before you start your trip.
    • Behave safely in public: Be careful when using your devices in public. Avoid revealing sensitive information on screens and protect your entries from prying eyes. Do not make confidential calls or have confidential conversations in public.
    • Entering and leaving the country: When entering and leaving certain countries (e.g. China), you must expect to hand over your technical devices. In such cases, you should assume that the devices have been tampered with or read.

  • After your trip

    • Check your devices: Upon your return, check all your devices for signs of malware or unauthorised access. Scan your Windows laptop with antivirus software or restore a secure backup. Contact your  IT service provider (IVV) if you are unsure.
    • Passwords: Change all passwords used if necessary. This is recommended if there is an increased risk to information security in the country you are travelling to or if suspicious activity was noticed during your business trip.
    • Report suspicious activity: If you have noticed any suspicious activity during your trip, you should report it. You can find the right contact persons in this overview from the Information Security Office. The contacts listed there can also advise you on whether other departments need to be involved.