Wikier

Information security while travelling

Detaljer Skriv ut

This page provides specific requirements and measures during travel at NTNU. The Digital Security Section at NTNU is responsible for the content of this page.

The information on this page is based on the Guidelines for Securing Personal ICT Equipment, which is part of the Information Security Management System.

Innholdsfortegnelse [-]

  1. Risk reduction while travelling
    1. Travel preparations
    2. When travellingnull
  2. High-risk countries
  3. Specific advice for travels to high-risk countries
  4. Reporting an incident or suspected incident
  5. Further information

Travel guidelines | Pages tagged with travel

Norsk versjon - Informasjonssikkerhet på reise

Risk reduction while travelling

When travelling, attempts of information extraction must be anticipated.

Travel preparations

  1. When travelling to other countries, information assets covered by the Export Control Act shall not be brought
  2. Evaluate the need to carry information outside Norway and minimize the amount.
  3. Local authorities may demand access to encrypted information.

Install anti-virus and security software ahead of departure.

Anti-virus (Staff) Anti-virus (Students)

  1. Make sure the firewall is activated.
  2. Update both your operating system and security software ahead of departure.
  3. Activate encryption on cellphone, iPad and laptop ahead of departure. This will prevent others from reading content on the units.

When travelling

  1. Deactivate WiFi and Bluetooth when not in use.
  2. If offered a USB storage device, e.g. a memory stick, say no. Also avoid lending others your own memory sticks or other USB storage devices. In general, one should be very careful with any unfamiliar USB device. This also applies to pointing devices and mouse units.
  3. When accessing the Internet, always make sure there is a padlock icon in the browser’s top left-hand corner before entering your user name and password, and look out for possible security alerts and error messages.
  4. If accessing the Internet, we recommend that you connect through NTNU’s VPN. This will prevent scanning of traffic. Keep in mind that several high-risk countries have powerful surveillance resources with regards to digital communications and will attempt to access your flow of data. \\Please note: Use of external VPN providers may be illegal, but so far there have been no cases of someone being confronted with accessing their own organisation through a VPN. 
  5. Make sure that remote wiping is activated on all units.
  6. Do not disclose your NTNU username and password.
  7. Use your own cellphone charger.

High-risk countries

Both the PST and the National Security Authority have issued warnings against intelligence activity from several high-risk countries targeting Norway. In particular, Russia, China and Iran are flagged as high-risk territories.

Based mainly on industrial espionage and technological motives, we know that these countries in particular have intentions of gathering information and compromising data systems to achieve economic and research goals. The high-risk countries have several military units working systematically in acquiring confidential and state-of-the-art technology through industrial espionage. These units are capable of quite sophisticated operations.

NTNU provides state-of-the-art research and technology within several of the high-risk countries’ fields of interest, therefore we are an obvious target. We have already seen attempts to compromise NTNU personnel while travelling, so the risk is imminent.

Specific advice for travels to high-risk countries

In addition to the advice above, we recommend the following when travelling in high-risk countries:

  1. The Digital Security Section strongly recommends the use of special travel equipment when travelling to high-risk countries
  2. When travelling to countries defined as high-risk countries by PST, an extra assessment must be made before ICT equipment used in a work context is brought. The assessment is made in consultation with the department and faculty.
    a. At faculties where there are security managers or security advisers, these shall be consulted in the assessment.
    b. If you have any questions, please contact sikkerhet@ntnu.no
  3. The Digital Security Section strongly recommends that you bring a cellphone/tablet/laptop not ordinarily in use (iPhone and iPad are recommended, as these are especially hard to break into).
  4. Avoid installing updates while abroad
  5. Avoid leaving information units (cellphone, tablet and laptop) where you cannot see them. This includes hotel rooms and hotel safes. If going on a trip, bring all your information units with you.
  6. Avoid bringing managed clients to high-risk countries (i.e. computers linked to the NTNU domain).
    a. Several faculties/departments have loan equipment that can be used
    b. If loan equipment cannot be obtained, contact Digital Security on sikkerhet@ntnu.no
  7. Use 6-digit PIN or password on cellphone and tablet. Deactivate fingerprint and facial recognition on your cellphone. These security mechanisms are considered too weak against a digital intruder.
  8. Return loan equipment. The ICT units must be reinstalled.

Reporting an incident or suspected incident

If you suspect that information has been accessed, or any other digital security incident, contact soc@ntnu.no (+47 90 66 43 50) so that we can assist you in solving possible problems.

Further information

NTNU has a separate page with travel guidelines.

We recommend that you acquaint yourself with NTNU’s Data Storage Guide.

Sikresiden.no provides various advice for travel preparations.

Travel advice from the PST

Travel advice from the Ministry of Foreign Affairs

5045 Visninger
Målgruppe: Studenter Medarbeidere Tema: Informasjonssikkerhet
Tagger
hr travel it safety information security