Data and Device Security for International Travel

1. Disclosure and Approval: StFX is subject to Nova Scotia FOIPOP and PIIDPA legislation requiring University staff and faculty to disclose when personal data may be accessed outside of Canada. Travelling outside of the country with personal data on a device must be disclosed and approved before travel.  This potentially includes information related to students, course work, research, University business and any information that isn’t intended to be public.

2. Update your software: Ensure all your devices and applications have the latest security updates and most recent version(s) of anti-virus software.

3. Consider what device(s) to take: It is best to limit the devices you take with you to only what is absolutely necessary. Consider travelling with a temporary/loaner instead of your university or personal one. The University may have a limited number of devices for loan, however you may be responsible for arranging for your own temporary device(s).  Record the make, model and serial number of any device you take with you to help report or identify a lost or stolen device. 

4. Backup your data: Securely back up critical data from every device you take with you to another device or secure cloud storage.  

5. Enhance password security: Consider the following actions so an external authority/party gains access to your device does not have immediate and easy access to your information:

   • Turn off “remember me” and wipe any stored passwords from applications and browsers on your travel device(s). 

   • Configure the accounts on your mobile device to not automatically login.  

   • Change your device and online account passwords to temporary travel passwords. To keep secure records of your new passwords, 

   • Use a password manager. 

   • Ensure multi-factor authentication is used on your accounts where possible and use multiple authentication methods in case you lose access to your mobile device.

6. Use secure external storage: If bringing a USB or hard drive, ensure it is encrypted. Do not accept or use USB devices from a untrusted source.

1. Keep your device(s) with you: Be vigilant at security checkpoints and never leave your belongings unattended. If your devices are taken out of your sight by anyone, it is best to assume they are compromised. 

2. Disable auto-connect: Turn off automatic Bluetooth and Wi-Fi connections to avoid unsafe network connections.

3. Avoid public Wi-Fi: Do not use untrusted networks (e.g., hotels, airports, cafes) for university-related work or sensitive personal use (e.g. banking); they have the potential to exploit any vulnerabilities that may exist on your devices.

4. Access files securely: Do not use your Microsoft desktop or mobile Office apps - use Microsoft 365 online web apps, M365.cloud.microsoft, to access confidential university files and email.  Do not use “remember me” to store your password.

5. Avoid sensitive online communication: Always assume communications could be monitored. Avoid accessing or sending highly sensitive messages, emails or data files while travelling.

6. Avoid untrusted devices: Do not use public computers, unknown USB drives or unverified power chargers. Do not bring back external media to use on the university or your home network.

7. Stay alert online: Avoid clicking on untrusted links or downloading files from unknown sources. 

When you Return

1. Scan your devices: Do not use your device until you have completed a full system scan using your anti-virus software.

2. Change passwords: Upon return go to mypassword.stfx.ca to change your StFX password and any other passwords you used while travelling. Use a device you did not take with you to make the password changes.