Pre-Travel Planning Checklist

1. Check Travel Advisories

Consult the Government of Canada's official travel advisory for your destination. For countries rated "Exercise a high degree of caution" or higher, use a temporary "clean" device.

2. Register Your Trip

Register with Registration of Canadians Abroad so you can be contacted in an emergency.

3. Get University Approval

Obtain formal pre-trip authorization through the university's travel expense policy to ensure your trip is officially sanctioned and your insurance is active.

4. Review Local Laws

Be aware that you are subject to the laws of your destination country, which may include restrictions on encrypted devices, VPNs, or certain content.

Device Preparation Essentials

• Travel Light: Only take devices that are absolutely necessary for your trip.
• Use a "Clean" Device: For high-risk destinations, use a temporary device that contains no sensitive data. Lakehead does not currently provide loaner devices — use a personal backup device or purchase an inexpensive temporary device.
• Update Everything: Ensure the operating system and all applications are fully updated with the latest security patches. See Software Updates.
• Enable Security Software: Install and update reputable anti-malware software and ensure a firewall is active.
• Set Up Remote Wipe: Enable "Find My iPhone/iPad" (Apple) or "Find My Device" (Android) so you can locate or remotely wipe your device if lost or stolen.

Install and Test VPN

Install the Lakehead University FortiClient VPN on your travel devices and test it before you leave. A VPN encrypts your internet traffic and provides a secure connection back to university resources.

Data Minimization

• Minimize Data: Do not travel with sensitive or confidential research data stored on your device.
• Back-Up and Wipe: Back up all essential data to a secure location you are leaving at home (like Lakehead's Google Drive) and then securely delete the original files from your travel device. See Backup Practices and Secure Data Disposal.

Account Security

• Use Temporary Passwords: Change your device and account passwords to new, unique, and complex temporary passwords for your trip. Use a password manager to keep track of them. See Strong Passwords & Password Managers.
• Enable Multi-Factor Authentication (MFA): Activate MFA on your Lakehead account and all other critical accounts (banking, email, etc.). See Two-Factor Authentication.
• Disable Biometrics: Disable fingerprint or facial recognition logins. Use a strong PIN or passcode instead.

Social Media & App Management

Your social media presence and the apps on your device can be examined at borders and may reveal information about your research, contacts, or opinions. For high-risk destinations:

• Review & Limit Visibility: Check what's publicly visible on LinkedIn, ResearchGate, and personal social media. Consider making accounts private for the duration of your trip.
• Never Post Your Location in Real-Time: Posting photos or updates while at a location tells everyone — including people with malicious intent — exactly where you are. Wait until after you've left a location before sharing content.
• Remove Sensitive Content: Delete documents, chats, or media that might be perceived as provocative by certain governments.
• Minimize Apps: Remove university email apps, cloud storage, and social media apps from your device. Access via web browser (in private/incognito mode) instead. Clear bookmarks and saved passwords before travel.

Border Crossing Best Practices

• Power Down: Turn your devices completely off before reaching customs and immigration checkpoints. This ensures cloud data isn't accidentally downloaded during a search.
• Handle Searches: Border officials in many countries have the authority to search electronic devices without a warrant. If asked, comply with lawful requests. If possible, unlock the device yourself rather than providing the password.
• Know the Limits: Officials typically can only search data stored on the device — not cloud data. If your device is in airplane mode and powered off, cloud content should be inaccessible.
• Be Aware of Local Laws: What's commonplace in Canada may be restricted elsewhere. Some countries monitor internet activity, restrict encrypted content, or prohibit certain downloaded materials (films, books, apps). Border officials can legally search your devices and may question or seize content that violates local laws.
• Carry Documents: Have your immigration documents, passport, and proof of your academic activity readily accessible.

Network Security Guidelines

• Use VPN Always: Connect to the Lakehead VPN before accessing any university or personal online services. See VPN guidance.
• Avoid Untrusted Networks: Public Wi-Fi in hotels, airports, and cafes should be considered hostile. Some networks are deliberately set up to trick travellers — check the exact network name with staff before connecting. Use your phone's mobile data as a hotspot when possible.
• Disable Auto-Connect: Turn off automatic Wi-Fi and Bluetooth connections. Only connect to networks manually when needed.
• Use Official SIM Cards Only: If purchasing a local SIM card for extended travel, buy only from official carrier stores. Cards sold by unauthorized resellers or modified phones may be vulnerable to malware or surveillance.
• Use Private Browsing: When accessing email or cloud services, use your browser's private/incognito mode and clear browsing data after each session.

Secure Communications for Sensitive Research

For confidential discussions while abroad, standard email and phone calls may not be secure. Consider using end-to-end encrypted communication tools:

• Messaging: Signal (recommended) — free, end-to-end encrypted
• Email: ProtonMail — encrypted email service
• Video Calls: Signal or WhatsApp video — both offer E2EE

See the End-to-End Encryption section on our Cybersecurity page for more details.

Physical Security

• Maintain Control: Keep your devices physically with you and in your sight at all times. If a device is left unattended, assume it has been compromised. See Device Physical Security.
• Avoid Public Computers: Do not use hotel or internet cafe computers for any task that requires a login.
• Beware of USB Devices & Conference Swag: Never plug an unknown USB drive into your device — including "free" promotional USB drives, charging cables, or electronic items from conferences. These can contain malware. Use your own charger in a wall outlet or carry a portable battery pack. See USB & Unknown Devices.
• Never Scan Unknown QR Codes: QR codes displayed in public places (menus, Wi-Fi access, tourist information) can be falsified to redirect you to fraudulent websites or install malware. Only scan QR codes from verified sources.
• Secure Your Hotel Room: Use the room safe for devices when you must leave them. Consider a privacy screen for your laptop in public spaces.

Human Security & Elicitation

Be discreet. Foreign intelligence services often use "elicitation" — seemingly innocent conversations designed to extract information about your research, colleagues, or institution.

Watch for these warning signs:

• Overly inquisitive new acquaintances who show unusual interest in your research
• Questions about your institution's security practices, IT systems, or vulnerabilities
• Requests for introductions to your colleagues or access to your networks
• Unsolicited invitations to dinner, drinks, or private events

Post-Travel Checklist

• Change All Passwords: Immediately change the passwords for every account and device you used while travelling. See Strong Passwords.
• Scan Your Devices: Before connecting to any campus or home network, run a full scan with updated anti-malware software.
• Wipe Loaner Devices: Securely wipe any temporary devices you may have used. See Secure Data Disposal.
• Check Sign-In Activity: Review the sign-in activity on your accounts (Google, Microsoft, banking) a few days after returning to ensure no unauthorized access occurred.
• Monitor for Anomalies: Watch your financial statements for fraudulent activity. Be alert for targeted phishing emails that reference your trip.
• Reinstall Apps: If you removed email or social media apps before travel, reinstall them and re-enable any features you disabled.

• Lost or stolen devices
• Border searches or device seizures
• Suspected device compromise
• Suspicious contacts or elicitation attempts

See Incident Reporting for contact details.

🔑 Key Resources

• Travel Advice and Advisories — Check risk levels before booking
• Registration of Canadians Abroad — Register your trip for emergency contact
• Travelling with Electronic Devices — Global Affairs Canada practical tips
• Lakehead Cybersecurity for Researchers — Detailed guidance on all security practices
• Travel Security Guide for University Researchers — Official Government of Canada guide

🎓 Free Government Training

Public Safety Canada's Research Security Centre offers Safeguarding Science training modules, including:

• Module 6: Travelling Safely — Global threat environment, foreign government techniques, before/during/after best practices (75 min)
• Module 1: Safeguarding Science — Overview of research security risks and mitigation tools (90 min)
• Module 7: Open-Source Due Diligence — Techniques for evaluating partner risks

→ View all modules and upcoming session dates

Additional Government Resources

• Cybersecurity While Travelling
• Remaining Cyber Safe While Travelling: Security Recommendations
• Device Security for Travel and Telework Abroad
• Mobile Device Guidance for High Profile Travellers
• Far From Home — A Travel Security Guide (CSIS)

Lakehead University & Academic Resources

• TSC Helpdesk — Technical support and device preparation assistance
• Lakehead VPN Setup — FortiClient VPN installation and configuration
• Universities Canada's Travel Security Guide
• CAUT Travel Advisory for the United States