IT Security Guidelines for International Travel

Traveling internationally with portable electronic devices such as laptops, tablets and smartphones has unique risks and requires precautions that differ from travelling domestically. As a Northwell workforce member, you are required to protect confidential, sensitive and highly sensitive information, and follow Northwell policies in your work capacity abroad. Failure to follow these guidelines may result in fines, prosecution, detention, arrest or imprisonment by the country you are visiting.

Northwell Health must comply with all applicable U.S. export control laws, sanctions, regulations and associated executive orders. An export is a shipment or transmission of items, services or technical data that may be subject to either the Export Administration Regulations (EAR) or the International Traffic in Arms Regulations (ITAR). Exports can take place out of the U.S. or the release of technology or software source code (EAR), or technical data (ITAR), to a non-U.S. person within the U.S. The releasing or transfer of information and/or tangible items to a non-U.S. person is considered a “deemed export” to their home country. The Department of Treasury administers sanctions through the Office of Foreign Asset Control (OFAC) against high risk countries. Currently, OFAC has comprehensive sanctions against Cuba, Iran, North Korea, Sudan, Syria, and Crimea.  These sanctions may change frequently and may require a license before engaging in any activity with someone who is on a debarred or entity list or from a sanctioned country. If any activities involve sanctioned countries, entities or individuals, further review by the Office of Research Compliance will be required.

Review the policy GR103 Export Controls in Research, and visit the Export Controls Compliance web site for more information.

Violation of U.S. Export Control laws may also subject you to disciplinary action by Northwell, up to and including termination of employment. Violation of U.S. export control laws can result in severe criminal penalties and fines as well as sanctions.

Some foreign governments specifically target researchers or those who work in higher education, and actively attempt to compromise electronic devices and steal information from a visitor within their borders. Upon entry or exit of a country, government authorities may inspect or copy the contents of electronic devices, and may compel a visitor to login to electronic devices, or disclose passwords or encryption keys, even for personal cloud services. In some foreign countries, the mere use or possession of encryption may violate laws.

Prior to Traveling

  1. Consult the S. State Department’s Travel Advisories and U.S. Department of Treasury web sites for up to date information on travel risks by country.
  2. Consult the S. State Department’s Country Information Pages, and pay particular attention to the “Safety and Security” and “Local Laws & Special Circumstances” sections.
  3. Print paper copies of the addresses and phone numbers of nearby U.S. Embassies in the countries you are visiting. Keep one copy on you at all times, and store another copy in your baggage.
  4. Photocopy your Passport, and keep the copy in your possession and store the original in your hotel safe. Store an additional photocopy in your baggage in case your Passport is lost or stolen.
  5. Check with your department or Research IS whether any clean loaner laptops are available.
  6. For any portable electronic devices you will take on your trip:
    • Backup all data on the devices – Northwell data to network drives or OneDrive, personal data to personal computers or cloud storage, then;
    • Reset portable electronic devices to factory default, or wipe and reinstall the operating system on computers. Submit a ticket to OCIO for assistance.
    • Copy only the data you absolutely need to have with you for the purpose of your trip (e.g. presentations).
    • DO NOT copy any confidential, sensitive or highly sensitive information.
  1. Test your Northwell Virtual Portal VPN account to ensure that you accomplish your other expected work tasks (writing documents, viewing reports, checking email, etc.). Submit a ticket if you need additional access such as Remote Desktop to a Northwell workstation, or need assistance with the VPN.
  2. If you expect to use your cell phone, verify your plan has cell and data service at your destination. Consider using an unlocked phone and purchasing a local SIM card.

While Traveling at Your Destination

  1. Assume your Internet access is monitored at all times, regardless of whether the network is secured by a password, such as hotel Wi-Fi, universities, airports, restaurants or other hotspots.
  2. Be mindful of the types of websites you are viewing. Some countries have “morality laws”, religious laws, or laws barring certain types of political speech. Consult the S. State Department’s Country Information Pages for relevant information.
  3. Use only the Northwell Virtual Portal VPN to access your Northwell email and other work accounts. Pay special attention to the URL bar and ensure the connection is secure. Use Remote Desktop to a workstation at a Northwell facility, if possible.
  4. In high risk countries, limit your use of work and personal accounts to minimize the chance of being compromised.
  5. Do not access any Sensitive or Highly Sensitive information while abroad. Unless you are using Remote Desktop, viewing email attachments will download a copy to your computer abroad.
  6. Do not plug in any third-party removable media (USB flash drive, external hard drive, etc.).

Upon your Return to the U.S.

  1. For any portable electronic devices you brought on your trip:
    • DO NOT connect to the Northwell enterprise network (wired or WAB Wireless)
    • Perform a full system scan for any malware. Submit a ticket to OCIO for assistance.
    • Backup only necessary data to your OneDrive account using Northwell Guest or cellular network.
    • Submit a ticket to reset the devices to factory default, or wipe and reinstall the operating system on computers. Submit a ticket to OCIO for assistance.
    • Restore any files you backed up.
  1. Change your Northwell Universal ID password as soon as possible, and any passwords for personal accounts you used while traveling.
  2. Discard any photocopies of your Passport in a secure shred bin, or use a cross-cut shredder to destroy the copies.

For additional information or assistance prior to traveling to a high risk/sanctioned country, please contact the Office of Research Compliance at exportcontrols@northwell.edu.

For technical assistance, please contact the Center for Research Informatics and Innovations at ResearchIS@northwell.edu.