Travel Security

Before any international travel, take time to understand the security landscape of your destination and whether your research area makes you a specific target.

Pre-Travel Planning Checklist:

1. Check Travel Advisories

Consult the Government of Canada's official travel advisory for your destination. For countries rated "Exercise a high degree of caution" or higher, use a temporary "clean" device.

2. Register Your Trip

Register with Registration of Canadians Abroad so you can be contacted in an emergency.

3. Get University Approval

Obtain formal pre-trip authorization through the university's travel expense policy to ensure your trip is officially sanctioned and your insurance is active.

4. Review Local Laws

Be aware that you are subject to the laws of your destination country, which may include restrictions on encrypted devices, VPNs, or certain content.

Book a Travel Security Consultation

For travel to high-risk destinations or if your research involves sensitive technologies, contact the Research Security and Data Management Specialist before finalizing travel plans.

Contact: Andrew Austin | security.research@lakeheadu.ca | (807) 343-8010 ext. 8190

Your devices are the primary vectors through which your research data can be compromised. Proper preparation significantly reduces your risk exposure.

Device Preparation Essentials

• Travel Light: Only take devices that are absolutely necessary for your trip.
• Use a "Clean" Device: For high-risk destinations, use a temporary device that contains no sensitive data. Lakehead does not currently provide loaner devices — use a personal backup device or purchase an inexpensive temporary device.
• Update Everything: Ensure the operating system and all applications are fully updated with the latest security patches. See Software Updates.
• Enable Security Software: Install and update reputable anti-malware software and ensure a firewall is active.
• Set Up Remote Wipe: Enable "Find My iPhone/iPad" (Apple) or "Find My Device" (Android) so you can locate or remotely wipe your device if lost or stolen.

Device Encryption:

Enable full-disk encryption on all devices — BitLocker (Windows) or FileVault (Mac). If travelling to a country that restricts encryption (e.g., China, Russia), use an unencrypted device with no sensitive data. See Encryption guidance.

Install and Test VPN

Install the Lakehead University FortiClient VPN on your travel devices and test it before you leave. A VPN encrypts your internet traffic and provides a secure connection back to university resources.

Note: VPNs are restricted or blocked in some countries (e.g., China, Russia). Multi-factor authentication (Duo) may also not work in all locations. Contact the TSC Helpdesk before travel to discuss alternatives.

Data Minimization

• Minimize Data: Do not travel with sensitive or confidential research data stored on your device.
• Back-Up and Wipe: Back up all essential data to a secure location you are leaving at home (like Lakehead's Google Drive) and then securely delete the original files from your travel device. See Backup Practices and Secure Data Disposal.

Account Security

• Use Temporary Passwords: Change your device and account passwords to new, unique, and complex temporary passwords for your trip. Use a password manager to keep track of them. See Strong Passwords & Password Managers.
• Enable Multi-Factor Authentication (MFA): Activate MFA on your Lakehead account and all other critical accounts (banking, email, etc.). See Two-Factor Authentication.
• Disable Biometrics: Disable fingerprint or facial recognition logins. Use a strong PIN or passcode instead.

Why Disable Biometrics? In many jurisdictions, authorities can compel you to unlock a device with your fingerprint or face, but cannot legally force you to reveal a password. A PIN or passcode provides stronger legal protection.

Social Media & App Management

Your social media presence and the apps on your device can be examined at borders and may reveal information about your research, contacts, or opinions. For high-risk destinations:

• Review & Limit Visibility: Check what's publicly visible on LinkedIn, ResearchGate, and personal social media. Consider making accounts private for the duration of your trip.
• Never Post Your Location in Real-Time: Posting photos or updates while at a location tells everyone — including people with malicious intent — exactly where you are. Wait until after you've left a location before sharing content.
• Remove Sensitive Content: Delete documents, chats, or media that might be perceived as provocative by certain governments.
• Minimize Apps: Remove university email apps, cloud storage, and social media apps from your device. Access via web browser (in private/incognito mode) instead. Clear bookmarks and saved passwords before travel.

Border crossings represent a particularly vulnerable point in your travels. Understand your rights and obligations, and prepare accordingly.

Border Crossing Best Practices

• Power Down: Turn your devices completely off before reaching customs and immigration checkpoints. This ensures cloud data isn't accidentally downloaded during a search.
• Handle Searches: Border officials in many countries have the authority to search electronic devices without a warrant. If asked, comply with lawful requests. If possible, unlock the device yourself rather than providing the password.
• Know the Limits: Officials typically can only search data stored on the device — not cloud data. If your device is in airplane mode and powered off, cloud content should be inaccessible.
• Be Aware of Local Laws: What's commonplace in Canada may be restricted elsewhere. Some countries monitor internet activity, restrict encrypted content, or prohibit certain downloaded materials (films, books, apps). Border officials can legally search your devices and may question or seize content that violates local laws.
• Carry Documents: Have your immigration documents, passport, and proof of your academic activity readily accessible.

If Your Device is Searched or Seized: If border agents access or seize your device, change ALL account passwords from a secure device as soon as possible, and report the incident to the TSC Helpdesk and Research Security Specialist immediately upon return.

Internet connections abroad present significant security risks. Malicious actors may attempt to intercept calls, monitor internet activity, or gain access to your devices.

Network Security Guidelines

• Use VPN Always: Connect to the Lakehead VPN before accessing any university or personal online services. See VPN guidance.
• Avoid Untrusted Networks: Public Wi-Fi in hotels, airports, and cafes should be considered hostile. Some networks are deliberately set up to trick travellers — check the exact network name with staff before connecting. Use your phone's mobile data as a hotspot when possible.
• Disable Auto-Connect: Turn off automatic Wi-Fi and Bluetooth connections. Only connect to networks manually when needed.
• Use Official SIM Cards Only: If purchasing a local SIM card for extended travel, buy only from official carrier stores. Cards sold by unauthorized resellers or modified phones may be vulnerable to malware or surveillance.
• Use Private Browsing: When accessing email or cloud services, use your browser's private/incognito mode and clear browsing data after each session.

VPN Best Practice: Treat your VPN as your first line of defence. Connect to VPN before doing anything else on any network outside your home or trusted office.

Secure Communications for Sensitive Research

For confidential discussions while abroad, standard email and phone calls may not be secure. Consider using end-to-end encrypted communication tools:

• Messaging: Signal (recommended) — free, end-to-end encrypted
• Email: ProtonMail — encrypted email service
• Video Calls: Signal or WhatsApp video — both offer E2EE

See the End-to-End Encryption section on our Cybersecurity page for more details.

Security threats aren't limited to digital attacks. Physical device security and awareness of social engineering tactics are equally important.

Physical Security:

• Maintain Control: Keep your devices physically with you and in your sight at all times. If a device is left unattended, assume it has been compromised. See Device Physical Security.
• Avoid Public Computers: Do not use hotel or internet cafe computers for any task that requires a login.
• Beware of USB Devices & Conference Swag: Never plug an unknown USB drive into your device — including "free" promotional USB drives, charging cables, or electronic items from conferences. These can contain malware. Use your own charger in a wall outlet or carry a portable battery pack. See USB & Unknown Devices.
• Never Scan Unknown QR Codes: QR codes displayed in public places (menus, Wi-Fi access, tourist information) can be falsified to redirect you to fraudulent websites or install malware. Only scan QR codes from verified sources.
• Secure Your Hotel Room: Use the room safe for devices when you must leave them. Consider a privacy screen for your laptop in public spaces.

Human Security & Elicitation

Be discreet. Foreign intelligence services often use "elicitation" — seemingly innocent conversations designed to extract information about your research, colleagues, or institution.

Watch for these warning signs:

• Overly inquisitive new acquaintances who show unusual interest in your research
• Questions about your institution's security practices, IT systems, or vulnerabilities
• Requests for introductions to your colleagues or access to your networks
• Unsolicited invitations to dinner, drinks, or private events

Trust Your Instincts: If something feels wrong, it probably is. Politely disengage from conversations that feel like probing, and report any suspicious contacts to the Research Security Specialist upon your return.

Your security responsibilities don't end when you land back in Canada. Take these final steps to secure your accounts and prevent bringing threats back to the university network.

Post-Travel Checklist

• Change All Passwords: Immediately change the passwords for every account and device you used while travelling. See Strong Passwords.
• Scan Your Devices: Before connecting to any campus or home network, run a full scan with updated anti-malware software.
• Wipe Loaner Devices: Securely wipe any temporary devices you may have used. See Secure Data Disposal.
• Check Sign-In Activity: Review the sign-in activity on your accounts (Google, Microsoft, banking) a few days after returning to ensure no unauthorized access occurred.
• Monitor for Anomalies: Watch your financial statements for fraudulent activity. Be alert for targeted phishing emails that reference your trip.
• Reinstall Apps: If you removed email or social media apps before travel, reinstall them and re-enable any features you disabled.

Report Security Incidents:

Report any of the following to the TSC Helpdesk and Research Security Specialist:

• Lost or stolen devices
• Border searches or device seizures
• Suspected device compromise
• Suspicious contacts or elicitation attempts

See Incident Reporting for contact details.

Additional guidance and training to help you prepare for secure international travel.

Key Resources

• Travel Advice and Advisories — Check risk levels before booking
• Registration of Canadians Abroad — Register your trip for emergency contact
• Travelling with Electronic Devices — Global Affairs Canada practical tips
• Lakehead Cybersecurity for Researchers — Detailed guidance on all security practices
• Travel Security Guide for University Researchers — Official Government of Canada guide

Free Government Training

Public Safety Canada's Research Security Centre offers Safeguarding Science training modules, including:

• Module 6: Travelling Safely — Global threat environment, foreign government techniques, before/during/after best practices (75 min)
• Module 1: Safeguarding Science — Overview of research security risks and mitigation tools (90 min)
• Module 7: Open-Source Due Diligence — Techniques for evaluating partner risks

View all modules and upcoming session dates

Additional Government Resources

• Cybersecurity While Travelling
• Remaining Cyber Safe While Travelling: Security Recommendations
• Device Security for Travel and Telework Abroad
• Mobile Device Guidance for High Profile Travellers
• Far From Home — A Travel Security Guide (CSIS)

Lakehead University & Academic Resources

• TSC Helpdesk — Technical support and device preparation assistance
• Lakehead VPN Setup — FortiClient VPN installation and configuration
• Universities Canada's Travel Security Guide
• CAUT Travel Advisory for the United States