Information security while travelling - Kunnskapsbasen
Information security while travelling
This page provides specific requirements and measures during travel at NTNU. The Digital Security Section at NTNU is responsible for the content of this page.
The information on this page is based on the Guidelines for Securing Personal ICT Equipment, which is part of the Information Security Management System.
Norsk versjon - Informasjonssikkerhet på reise
Risk reduction while travelling
When travelling, attempts of information extraction must be anticipated.
- When travelling to other countries, information assets covered by the Export Control Act shall not be brought
- Evaluate the need to carry information outside Norway and minimize the amount.
- Local authorities may demand access to encrypted information.
Install anti-virus and security software ahead of departure.
- Make sure the firewall is activated.
- Update both your operating system and security software ahead of departure.
- Activate encryption on cellphone, iPad and laptop ahead of departure. This will prevent others from reading content on the units.
- Deactivate WiFi and Bluetooth when not in use.
- If offered a USB storage device, e.g. a memory stick, say no. Also avoid lending others your own memory sticks or other USB storage devices. In general, one should be very careful with any unfamiliar USB device. This also applies to pointing devices and mouse units.
- When accessing the Internet, always make sure there is a padlock icon in the browser’s top left-hand corner before entering your user name and password, and look out for possible security alerts and error messages.
- If accessing the Internet, we recommend that you connect through NTNU’s VPN. This will prevent scanning of traffic. Keep in mind that several high-risk countries have powerful surveillance resources with regards to digital communications and will attempt to access your flow of data. \\Please note: Use of external VPN providers may be illegal, but so far there have been no cases of someone being confronted with accessing their own organisation through a VPN.
- Make sure that remote wiping is activated on all units.
- Do not disclose your NTNU username and password.
- Use your own cellphone charger.
Both the PST and the National Security Authority have issued warnings against intelligence activity from several high-risk countries targeting Norway. In particular, Russia, China and Iran are flagged as high-risk territories.
Based mainly on industrial espionage and technological motives, we know that these countries in particular have intentions of gathering information and compromising data systems to achieve economic and research goals. The high-risk countries have several military units working systematically in acquiring confidential and state-of-the-art technology through industrial espionage. These units are capable of quite sophisticated operations.
NTNU provides state-of-the-art research and technology within several of the high-risk countries’ fields of interest, therefore we are an obvious target. We have already seen attempts to compromise NTNU personnel while travelling, so the risk is imminent.
Specific advice for travels to high-risk countries
In addition to the advice above, we recommend the following when travelling in high-risk countries:
- The Digital Security Section strongly recommends the use of special travel equipment when travelling to high-risk countries
- When travelling to countries defined as high-risk countries by PST, an extra assessment must be made before ICT equipment used in a work context is brought. The assessment is made in consultation with the department and faculty.
a. At faculties where there are security managers or security advisers, these shall be consulted in the assessment.
b. If you have any questions, please contact firstname.lastname@example.org
- The Digital Security Section strongly recommends that you bring a cellphone/tablet/laptop not ordinarily in use (iPhone and iPad are recommended, as these are especially hard to break into).
- Avoid installing updates while abroad
- Avoid leaving information units (cellphone, tablet and laptop) where you cannot see them. This includes hotel rooms and hotel safes. If going on a trip, bring all your information units with you.
- Avoid bringing managed clients to high-risk countries (i.e. computers linked to the NTNU domain).
a. Several faculties/departments have loan equipment that can be used
b. If loan equipment cannot be obtained, contact Digital Security on email@example.com
- Use 6-digit PIN or password on cellphone and tablet. Deactivate fingerprint and facial recognition on your cellphone. These security mechanisms are considered too weak against a digital intruder.
- Return loan equipment. The ICT units must be reinstalled.
Reporting an incident or suspected incident
If you suspect that information has been accessed, or any other digital security incident, contact firstname.lastname@example.org (+47 90 66 43 50) so that we can assist you in solving possible problems.
NTNU has a separate page with travel guidelines.
We recommend that you acquaint yourself with NTNU’s Data Storage Guide.
Sikresiden.no provides various advice for travel preparations.