Traveling internationally presents unique challenges in the area of data security. When traveling, your devices (e.g., laptops, tablets, smartphones, etc.) will be exposed to an unknown environment where security is not guaranteed, and a data breach or compromise may be imminent. As a member of the Weill Cornell Medicine community, healthcare data is especially valuable to malicious outsiders. If it is evident that you are a member of WCM, the risk of a compromise is further increased.
In addition to physically losing your devices, a breach may happen while using your devices on the internet or over a wireless network. As a precaution, please adhere to the following security safeguards in order to protect your devices and your data.
Planning to Travel
- Notify your supervisor and ITS of your upcoming travel so your access to WCM services will not be blocked while abroad.
Before International Travel
- Register your international travel in the International Travel Registry (required if conducting WCM activities).
Check the U.S. Department of State Travel Advisories website for alerts, warnings, and travel advisory levels pertaining to your destination to ensure your own personal safety.
If you are traveling to countries with elevated levels of caution, review the State Department’s tips to stay safe.
If you plan to take your WCM devices with you, backup your documents with CrashPlan.
Enroll in Duo to ensure you can access WCM applications while abroad.
- If you need to check your WCM email when you're abroad, make sure you're using a secured method to view your account. iPhone users should contact ITS in advance to set up their phones for access.
- Zoom, Duo, and potentially other WCM services may not be accessible if you are attempting to access from an OFAC-regulated country or region.
Special Precautions for Travel to High Risk Countries, including China
High risk countries—namely China, Russia, Iran, North Korea, Venezuela etc.—represent foreign entities that pose a high risk of compromise or other security attack against the USA.
- Take only the minimum number of electronic devices needed for your trip. You are strongly encouraged to leave your WCM devices at home.
- Submit a request to borrow a laptop or smartphone from the Library. Some high risk countries, including China, prohibit the import of encrypted devices, and taking a standard WCM laptop or smartphone into the country poses a real risk of your device being compromised.
- If possible, you should not access websites containing sensitive information (e.g., financial, health, etc.) while connected to public Wi-Fi networks.
- Chinese officials often block the use of VPN software to protect your privacy on the internet, but you can attempt to use VPN software from ITS to access WCM resources while abroad.
- Keep electronic devices in your possession; hotel staff often have access to in-room safes.
- If you are traveling to China, Russia, or Venezuela, you must complete the Electronic Export Information (EEI) filing. Instructions for completing the EEI can be found here: Job Aid: Export Control Travel Filing
- To make the EEI filing, each individual traveler needs to know the export control classification number (ECCN) for all items being reported. The ECCNs for devices can be found in the documents below, according to device type:
After International Travel to High Risk Countries
- Stop by the ITS SMARTDesk to have your laptop scanned for viruses and malicious software before you reconnect it to the WCM network. This crucial step can help prevent data breaches or spread of infection to other devices on our network.
- As a precaution, change your WCM CWID password. If you accessed any sensitive websites, consider changing the passwords used for those websites.