Scenario 4: Dentistry Professor in Turkey and Greece – Higher Risk Travel, University Device
Scenario Heading link
A dentistry faculty member is going on a three-week research trip to locations in Greece and Turkey. While gone, they need to maintain access to clinical, research, and teaching data and to use specialized software for access. They will hand carry University owned research materials (temporarily export) to Greece and Turkey.
Considerations Heading link
- Will be accessing sensitive data including patient records, ongoing active research including a clinical trial, and student data
- Isn’t sure about consistent internet access; is also unclear about limitations on VPN usage while in Turkey
- Is concerned about encryption software being flagged when they enter Turkey
- Has other research equipment and material they are taking with them
Checklist Heading link
Dentistry Professor in Turkey and Greece // Higher Risk, University Provided Laptop
- Register the trip with the University for medical insurance (free for faculty and staff)
- Review the State Department Directorate of Defense Trade Controls for the country of travel
- If not already done, please consult the Export Controls Compliance Officer (firstname.lastname@example.org) to conduct restricted party screening related to your travel as soon as possible before travel. (https://research.uic.edu/compliance/export-controls/restricted-party-screening-and-visual-compliance/)
- If traveling with UIC data and/or property, please contact the Export Control Compliance Officer, email@example.com to obtain a draft letter to document that you have permission to travel with this UIC data and/or property.
- Don’t lose data – have a backup and move data off the device to appropriate cloud storage
- Confirm your computer is backed up with UIC Crashplan in case of loss, damage, theft, or confiscation
- Confirm removal of export controlled, restricted information and sensitive data from device, including patient data, proprietary research information, etc.
- Confirm removal of export controlled, dual-use software from the device. For questions about potential dual-use software, contact ORDI2@uic.edu.
- Remove items stored locally on your computer and move to cloud storage. For University-related storage use University OneDrive, Google Drive, or Box account
- Download locally only the data or documents you will need offline access to during the trip
- Plan to Safely Use Your Machine
- Confirm installation of active encryption software
- Confirm installation and log in for UIC VPN software
- Confirm installation of and log in for eduroam
- Confirm 2-Step Authentication for University Resources
- Confirm installation of anti-malware software
- Contact the UIC Export Controls Compliance Officer as soon as possible to obtain any necessary export licenses or documentation, if any, for materials or software that you are carrying with you. Obtaining a specific export license could take weeks or months to obtain
- Move any items to be shared to a flash drive or email them to local hosts
- Cell Phone Safety
- Contact your cell phone provider to determine what international data options are available to you. Remove TouchID or face log in from your cell phone
- Consider backing up your phone, doing a factory reset before you travel, and then reinstalling your data after returning home
- Be safe physically with your devices
- Do not leave your devices unattended Hotel room safes are a minimally secure option. If possible, keep your laptop, phone, and peripherals with you at all times
- Do not plug any accessories (flash drives, charging cables, etc) into your laptop that you didn’t bring with you or that you have used with other devices not under your control
- Don’t plug your phone into USB outlets on charger kiosks
- Use your devices and secure wifi
- Do not use business center or public computers or other storage
- Limit usage of “free” wifi in cafes, hotels, restaurants, airport, etc.
- Use VPN software to access the internet, including University resources
- UIC General-Use will protect traffic to UIC resources; the UIC Library-Resources VPN will protect all traffic
- Do not access University Resources or University systems containing high-risk, sensitive, or export-controlled projects or dual-use software. For questions about potential dual-use software, contact ORDI2@uic.edu.
Note log ins you use during the trip and be on the lookout for suspicious updates to data or files
- Be safe physically with your devices
After Returning Home
- Update University password
- If you suspect device tampering or were unable to control access to your device; inform College/Department IT support staff of your concerns and have the device re-imaged to a known secure state