Stay Cyber Secure While Traveling

Disclose your requirement to take devices or data outside of Canada: StFX is subject to Nova Scotia FOIPOP and PIIDPA legislation requiring University staff and faculty to disclose when personal data may be accessed outside of Canada.  This potentially includes information related to students, course work, research, University business, and any information that isn’t intended to be public. Travelling outside of Canada with personal data on a device is considered storage outside of the country, and it must be disclosed and approved in advance.

Review interactive training modules in the university’s security awareness and training platform (Terranova), to learn about cybersecurity best practices when travelling with devices and sensitive data.  More about Terranova and access links found on our Terranova Service Page. 

Confirm your mobile plan: If travelling with a mobile device on the university’s corporate mobile services plan, contact IT Services to confirm plan coverage for travel location(s) or possible alternatives.  IT Services can also provide guidance and answer travel security-related questions.

Consider what device(s) to take: It is best to limit the devices you take with you to only what is necessary.  Consider travelling with a temporary/loaner instead of your university or personal device. The University may have a limited number of devices for loan; however, you may be responsible for arranging your own temporary device(s).  Record the make, model, and serial number of any device you take with you to help report or identify a lost or stolen device. 

Update your software: Ensure all your devices and applications have the latest security updates and most recent version(s) of anti-virus software.

Backup your data: Securely back up critical data from every device you take with you to another device or secure cloud storage.  

Enhance password security: Consider the following actions so an external authority/party that gains access to your device does not have immediate and easy access to your information:

• Turn off “remember me” and wipe any stored passwords from applications and browsers on your travel device(s). 
• Configure the accounts on your mobile device to not automatically login.  
• Change your device and online account passwords to temporary travel passwords.   This is particularly important when travelling outside of Canada.
• Use a reputable password manager to securely store and access login credentials including temporary travel passwords. 
• Ensure multi-factor authentication is used on your accounts where possible and use multiple authentication methods in case you lose access to your mobile device.

Secure your external storage: If you bring a USB or hard drive, ensure it is encrypted. Do not accept or use USB devices from an untrusted source.

Keep your device(s) with you: Be vigilant at security checkpoints and never leave your belongings unattended. If your devices are taken out of your sight by anyone, it is best to assume they are compromised. 

Disable auto-connect: Turn off automatic Bluetooth and Wi-Fi connections to avoid unsafe network connections.

Avoid public Wi-Fi: Do not use untrusted networks (e.g., hotels, airports, cafes) for university-related work or sensitive personal use (e.g. banking); they have the potential to exploit any vulnerabilities that may exist on your devices.

Use a personal VPN:   A personal Virtual Private Network (VPN) is a service that:

• Encrypts your internet connection to improve online privacy
• Allows access to services limited to certain countries
• Protects you from some public wi-fi threats
• Hides browsing activity and sensitive data like passwords and payment information
• Makes it difficult for advertisers to track your location.

Note that VPNs do not protect against malware or phishing attacks, unsafe downloads, or weak passwords.   Choose a reputable VPN vendor; free VPN services are available, but they do not necessarily offer the same level of security or privacy protection as a pay-for/subscription personal VPN. 

Note the StFX VPN only encrypts traffic when accessing StFX owned resources; it is not suitable for general internet access like web browsing.

​Access files securely: Do not use your Microsoft desktop or mobile Office apps - use Microsoft 365 online web apps, M365.cloud.microsoft, to access confidential university files and email.  Do not use “remember me” option to store your password in web browsers.

Avoid sensitive online communication: Always assume communications could be monitored. Avoid accessing or sending highly sensitive messages, emails or data files while travelling.

Avoid untrusted devices: 

• Avoid logging in to Microsoft 365 services on non-university owned/managed devices including public computers in cafes, hotel business centers and public libraries. 
• Do not login to Microsoft 365 services on someone else’s device, even if you know the person.   
• Do not use unknown USB drives.
• Use your own portable battery charger instead of public USB chargers (in airports, hotels and cafes/coffee shops, etc.).
• Do not bring back external media to use on the university or your home network.

Stay alert online: Avoid clicking on untrusted links or downloading files from unknown sources. 

When you Return

Scan your devices: Do not use your device until you have completed a full system scan using your anti-virus software.

Change passwords: Upon return go to mypassword.stfx.ca to change your StFX password and any other passwords you used while travelling. Use a device you did not take with you to make the password changes.