View Current

Travelling Overseas with Devices Procedure

This is the current version of this document. You can provide feedback on this document to the document author - refer to the Status and Details on the document's navigation bar.

Section 1 - Purpose

(1) This Procedure sets out the University's requirements for travelling overseas with University devices.

(2) Users may be targeted whilst using any device overseas this is an ongoing threat and the compromise of devices could impact the ongoing operation and security of the University’s business.

(3) The risks associated with device usage during overseas travel include:

  1. if devices are compromised this could allow unwanted access to personal or University data. This could immediately impact the integrity, confidentiality or operational security of the University’s business activities;
  2. if devices are compromised this could allow external access into any connected networks putting additional University data at risk; and
  3. if devices are compromised there could be immediate or ongoing operational security or safety concerns for targeted users.

(4) The University is committed to the appropriate use of information technology and services to support its learning, teaching, research, administrative, and service functions. The IT Acceptable Use Policy defines acceptable behaviour expected of users of University IT facilities and services. The University requires users to comply with the IT policies and associated requirements governing the use of IT facilities and services as a condition of their use. These are accessible on the University Policy Directory.

Top of Page

Section 2 - Requirements

Prior to travel

(5) Users are required to contact the IMTS Service Desk a minimum of ten (10) business days in advance of scheduled overseas travel, advising:

  1. travel dates;
  2. countries being visited;
  3. reason for travel;
  4. if any University data will be taken during the overseas travel (must only be stored on IMTS managed devices);
  5. if there will be any need to access any University data (including email) remotely; and
  6. if a UOW mobile device will be taken.

(6) Users must ensure they consult IMTS regarding appropriate voice/data plans for University mobile devices to ensure coverage if our international plan does not extend to the country of travel, keeping in line with the Acceptable Expense Guidelines. Failure to do so may result in the user being liable for excessive charges to the University device.

(7) Users must ensure any personal electronic devices are up to date in terms of operating system updates and patches are protected via a PIN, pattern, or biometric factor such as a fingerprint.

(8) Based on the information provided in clause 5, IMTS may need to issue the user with a clean travel device for travel.

During Travel

(9) Users must report any loss, suspected compromised or unusual behaviour (including the type, date, and time) on devices to IMTS as soon as possible.

(10) Users must assume any devices that have been taken out of sight for inspection by foreign government officials or have been lost or stolen and later found or returned, to be potentially compromised.

(11) Users must never lend devices to untrusted people, even if only briefly (an example would be if an untrusted person asked to check the weather on your device).

(12) Users must never allow untrusted people to charge other devices using their devices (an example would be if an untrusted person asked to charge their phone using your laptop).

(13) Users must never use chargers supplied by third parties or charge devices at designated charging stations or USB charging outlets. Users are required to only use genuine chargers supplied with devices.

(14) Users must never place devices, including multi-factor authentication tokens, in check-in luggage. Users must never leave devices, including multi-factor authentication tokens, or luggage containing such items, unattended, even in hotel safes.

(15) Users are required to avoid connecting devices to any open or public Wi-Fi networks and must always use the University VPN to ensure all internet traffic is encrypted.

(16) Users must ensure that any devices and any other devices are configured with up-to-date multi factor authentication requirements prior to travel and that the authentication method is assessable in the location of travel.

(17) Users must disable any communication capability for devices when not in use. This includes cellular data, Wi-Fi, bluetooth and near field communication (NFC).

(18) In locations where sensitive conversations take place, users must power-down devices and remove them from close proximity to the sensitive conversations.

(19) Users must avoid re-using removable media after connecting it to other organisation’s electronic devices, as they may not provide the same level of security as UOW, or their electronic devices could be compromised.

(20) When travelling with other devices, users must ensure that they run a manual antivirus scan on any removable media before opening any files on it.

(21) When travelling overseas or when returning to Australia users must never use any other devices that have been gifted or loaned to them, especially removable media. If required, users must purchase other devices from established and reputable local businesses.

Returning From Travel

(22) Users must return clean travel devices to IMTS to be wiped and returned to factory default.

(23) At no time may users connect clean travel devices to the UOW network upon return from travel.

(24) IMTS will scan any data obtained whilst travelling and stored on a clean travel device for cyber security risks and if required, will assist with data transfers.

Top of Page

Section 3 - Roles and Responsibilities

IMTS

(25) IMTS will ensure laptops are patched and running all appropriate antivirus and protection software and running hard disk encryption.

(26) IMTS will ensure that a University phone is password/fingerprint protected.

(27) If University data needs to be stored/taken, a clean travel device (that contains no identifying marks/stickers) should be provided by IMTS instead of the user's day-to-day device being used.

All Users

(28) Users must ensure all appropriate steps within this document are being followed.

Top of Page

Section 4 - Definitions

Word/Term Definition (with examples if required)
Clean Travel Device A device that has been wiped of any stored data and set to the default UOW managed device image.
Device Any device that is provided to University staff and paid for by the University for the purposes of fulfilling individual work requirements.
Other Device Any device, including personal devices, or any device that is provided to you for use by organisations or institutions other than UOW.
IMTS Information Management and Technology Services at the University of Wollongong.
IT Facilities & Services Information Technology facilities operated by or on behalf of the University. This includes services and systems and associated computing hardware and software used for the communication, processing, and storage of information.
University University of Wollongong (UOW)
User A person assigned a User Account by the University or a person who is otherwise authorised to use University IT Facilities and Services.