Traveling internationally presents unique challenges in the area of data security. When traveling, your devices (e.g., laptops, tablets, smartphones, etc.) will be exposed to an unknown environment where security is not guaranteed and a data breach or compromise may be imminent. As a member of the Weill Cornell Medical College community, healthcare data is especially valuable to malicious outsiders. If it is evident that you are a member of WCMC, the risk of a compromise is further increased.
In addition to physically losing your devices, a breach may happen while using your devices on the internet or over a wireless network. As a precaution, the following sections recommend additional security safeguards that should be followed in order to protect your devices and your data.
II. Before Traveling
Traveling to High Risk Countries
Much like domestic bank accounts, the ITS Security team is actively monitoring connections to our network from high risk countries in order to protect the WCMC community against malicious attacks. High risk countries—namely China, Russia, Iran, North Korea, etc.—represent foreign entities that pose a high risk of compromise or other security attack against the USA. Various alerts have been configured to notify ITS Security of potentially suspicious activity in the event an individual’s account or password have been compromised from one of these countries. If you are traveling to a high risk country and plan on working remotely, it is recommended to inform ITS Security to ensure your account is not inadvertently blocked while traveling abroad.
Check for Travel Alerts and Warnings
Prior to traveling, it is best to check for known travel alerts and warnings. The U.S. Department of State website contains important information by country.
Leave Extra Electronic Devices Home
Before traveling, it is important to take only the minimum number of electronic devices needed for your trip. By traveling with extra devices that may not be necessary during your trip, you are increasing your risk of exposure and compromise by malicious individuals in a foreign country. The most effective way to safeguard your data is to leave your device at home, when possible.
Backup Your Data
Due to the likelihood of a compromise or physical loss when traveling abroad, it is strongly recommended to backup all important documents and data on your devices. Making a recent backup prior to traveling will minimize the potential of lost or corrupted data in the event your device is infected with malware.
Use of Encryption in Foreign Countries
Weill Cornell Medical College requires that all devices containing confidential WCMC data are encrypted. While encryption adds security in the event a device is stolen, certain countries may impose restrictions upon entering with an encrypted device. The following links provide additional information:
If you are attempting to travel to a country that prevents the import of an encrypted device, it is strongly encouraged that you do not bring the device with you. Removing encryption from an electronic device poses a serious security risk as all of your data will be readable in the event the device is lost, stolen, or confiscated. The Information Technologies & Services Department is able to provide a loaner laptop. While you are likely to get to keep your machine, this is a real risk.
Install, Configure, and Test VPN Software
When traveling with your devices, any electronic communication that occurs over the internet is susceptible to eavesdropping from a malicious outsider. Connecting to the internet over a wireless network (such as in a hotel, café, mall, or other public venue) immediately exposes your device to a potential attack.
Weill Cornell Medical College provides software for securing electronic communications over insecure networks in the form of a virtual private network (VPN). By utilizing VPN software, you will be able to browse the internet through an encrypted channel via Weill Cornell Medical College’s network that is protected from attacks and eavesdroppers.
Contact ITS Support to request the installation of VPN software on your tagged WCMC device.
Ensure Device Software is Current
Prior to travel, ensure your software on all of your electronic devices is up-to-date. Install the latest security patches and software updates from Windows Update or Apple Software Update. Advanced threat protection, antivirus, and antimalware software should be installed, active, and updated to ensure adequate protection from the latest threats. The Information Technologies & Services Department provides this software for both tagged Windows and Mac computers. This software can be accessed on the ITS Downloads website or by contacting ITS Support.
III. While Traveling
Do Not Leave Devices Unattended
A device that is lost or stolen provides a malicious intruder with easy access to your data. Keep your laptop and any other electronic devices with you. Do not assume they are secure by leaving them in your hotel room.
All devices should be locked in a secure safe if not being carried with you. Do not share the PIN or key with anyone. Be sure to also lock small peripherals, such as flash drives or portable hard drives.
Do Not Use Public Computers
Public computers that may be available in a hotel lobby, airport, or other public venue are not considered secure and you should expect that anything you do these computers may be susceptible to eavesdropping. Do not enter user names and passwords on a public computer as these credentials may be visible to a malicious intruder. Accessing sensitive data (e.g., finances, email, WCMC applications, etc.) on a public computer is extremely dangerous and is strongly discouraged.
Use VPN Software for Internet Access
With VPN software installed, configured, and tested on your devices before traveling, it is strongly encouraged to connect to the WCMC VPN for regular internet browsing. The VPN connection is secured and protected against malicious attacks and is the recommended channel for accessing the internet from your devices when traveling abroad. The use of VPN software is especially important when connecting to a wireless network. Please note that VPN may be blocked when traveling in certain countries.
Access Secure Websites, including WCMC Email
When traveling in high risk countries, it is safest to access email from your encrypted mobile device or through the web on a loaner device at http://o365.med.cornell.edu.
Websites that allow or request access to sensitive information are often equipped with a certificate that validates the security of the website. The certificate indicates that a secure connection is in place when transmitting sensitive information across the Internet. This is common for financial institutions, online retail, and other transactional-based services. It provides a level of assurance that you can securely provide your credit card online and know that it is travelling to the company’s internal systems with a level of protection.
In order to detect if a website is secured, look for the following indicators:
- https:// in the address bar instead of http://
- a padlock icon
Ignore Unknown Text Messages or Phone Calls
If using a mobile device while traveling abroad, you may receive suspicious or unknown text messages or phone calls. Do not respond to these messages or provide any identifying information as this may be an attempt to collect information by a malicious insider.
Note Information Collected on your Devices
During your travels, you may collect additional information on your devices, such as emails, files, links, passwords, etc. In order to ensure your devices are secure upon your return, it is helpful to maintain a list or repository of information that was collected during your trip. This will make it easier to diagnose any suspicious behavior or anomalies on your devices should you experience any problems upon your return.
IV. After Traveling
Upon return to the USA from traveling, it’s important to ensure your devices are still in a secure state and have not been compromised prior to connecting them to the Weill Cornell Medical College or personal network. A compromised device with connectivity to a large network can easily infect other devices that may not be updated with the latest security protections. Do not connect your devices to the Internet or any network (even at home) until the devices have been securely scanned for viruses or other malware.
Run a Security Scan
To ensure your devices have not been infected with any malware, it is strongly recommended to run a full system security scan with your antivirus or antimalware software. This software is designed to detect, alert, and remove threats. If you have connected your device to a home network prior to running a security scan, it is recommended to also run a security scan on other devices on your network to ensure an infection has not spread.
Change Your Passwords
As an extra precaution, it is recommended to change passwords to any system accounts or website accounts that you may have accessed while traveling. Changing your password will reduce the risk of compromise and should be done immediately upon return.
Your Weill Cornell Medical College CWID password can be changed by logging in to the myPassword website.
V. Additional Resources
The following links provide additional information and guidance about traveling and working securely when abroad: