Cybersecurity & Travel Guidance

Protect Your Devices and University Data When Travelling or Working Abroad
Whether you’re going on fieldwork, attending international conferences, studying overseas, or working remotely, extra care is needed to protect your University accounts, devices and information.

High-Risk Countries

Some staff may reside in, or be required to travel as part of their role to, countries that are classed as high-risk from a cybersecurity perspective.

Based on guidance published by the UK National Cyber Security Centre (NCSC), the following countries are currently considered high-risk:

• Russia
• China
• Iran
• North Korea

Travel to, or working from, these countries presents an increased likelihood of:

• Device inspection or seizure
• Communications monitoring
• Network restrictions or interception

Additional guidance is available from the National Cyber Security Centre (NCSC).

Before Travelling

• Ensure your devices are up to date with the latest security patches.
• Remove any unnecessary or sensitive data from your devices.
• Ensure you will have access to your primary multi-factor authentication (MFA) method while travelling. If you rely on SMS or phone calls for MFA, consider switching to an app-based or hardware method before you travel to ensure access continuity.
• Back up important data to University-approved storage before you travel.

In the UK, certain authorities can lawfully require you to decrypt your devices. Similar laws exist in many other countries.

Some countries may also have stricter laws relating to:

• The use of encryption
• Import and export controls
• Obligations on individuals to assist authorities

You should always check the UK Government’s foreign travel advice before you travel.

Before Travelling to a High-Risk Country

If you are travelling to a high-risk country, you should contact IT Services in advance to request a loan laptop and mobile phone for the duration of your travel.

These devices are configured to reduce risk and will include:

• Only the necessary software required for your role, which may include restricting access to University services via Microsoft 365 web applications rather than locally installed software.
• IT Services may also recommend specific MFA methods (such as app-based or hardware authentication) to reduce reliance on local mobile networks and improve reliability while abroad.
• The ability for the loan laptop to be remotely wiped if it is lost or stolen

This approach is used to minimise the amount of University data stored on the device itself, reducing the potential impact if a device is lost, inspected, or accessed while abroad.

You should also consider additional security measures for any personal devices you take with you, such as:

• Using a separate account to synchronise personal data
• Avoiding access to University systems from personal devices where possible

While Travelling

• Be mindful of your surroundings and who can see your screen or overhear conversations.
• Do not leave devices unattended.
• Be aware that your experience may differ from the UK, as some popular services (such as Gmail, Wikipedia, and social media platforms) may be blocked or restricted.

While Travelling to a High-Risk Country

• Assume that phone calls, text messages, and internet communications may be monitored.
• Take extra care to ensure devices are not left unattended. For example, devices left in hotel rooms may be accessed by hotel staff or authorities.
• Consider keeping devices switched off or in aeroplane mode when not in use, or when you do not need to receive notifications.

After Travelling

• Change passwords for any accounts you accessed while abroad.
• Review account activity and report anything unusual to IT Services.

After Travelling to a High-Risk Country

• Restore your default MFA method once you return.
• Return your loan laptop and mobile phone to IT Services as soon as possible.