Guide to information security on business trips

Country-specific requirements

• Before traveling, check the legal requirements of the destination country (e.g. on encryption, data access or VPN use).

Further information on the requirements of the destination country can be found on the website of the Federal Foreign Office. 

Data minimization

• Only carry the data that is absolutely necessary.
• Check whether access to sensitive information is possible via secure cloud services of the University of Kassel to avoid the physical transportation of data. (BSI: Reducing the amount of data when traveling)

Software and security measures

• Update operating systems and applications before you travel.
• Install recommended security software such as antivirus programs and firewalls. (BSI: System hardening and updating software)

Training and awareness-raising

• Take part in security training courses at the University of Kassel to learn about current dangers and protective measures. (BSI: Raising awareness before traveling abroad)

Registration in the crisis preparedness list (ELEFAND)

• Register on the Federal Foreign Office's crisis preparedness list before traveling abroad. This makes it possible to contact and support you quickly in the event of a crisis.

You can register for the crisis prevention list at https://krisenvorsorgeliste.diplo.de/

Access control

• Secure your devices with strong passwords and, if possible, activate two-factor authentication (2FA).
• Keep passwords separate from the devices. (BSI: Access controls for IT systems)

Encryption

• Use encrypted storage media or hard disks for sensitive information.
• This protects the data if the devices are lost. (BSI: Use of encryption technologies)

Secure network connections

• Avoid public WLANs. Use the University of Kassel's Virtual Private Network (VPN) to establish a secure connection. (BSI: Protection of communication in insecure networks)

To ensure a secure connection, please only use the VPN of the University of Kassel. Instructions and the corresponding download of the VPN client can be found under the following link: https://www.uni-kassel.de/its/dienstleistungen/mobiler-netzanschluss/cisco-secure-vpn-client/anleitung

Physical protection of devices

• Never leave appliances unattended.
• Use lockable bags or safes, especially when staying in hotels or public areas. (BSI: Protection against physical access to devices)

Device access

• Be prepared for customs or border officials to demand access to devices.
• Do not disclose passwords, but enter them yourself if necessary.
• Be cooperative to avoid legal consequences or confiscation of the devices.

Data avoidance

• Travel without locally stored confidential information. Access data via secure cloud services. (BSI: Protection of sensitive data in critical countries)
• Use secure cloud services of the University of Kassel to access required data (e.g. Next.Hessenbox).

Reporting incidents

• Report security incidents, such as the loss of devices or suspected data leakage, to your IT administrator immediately. (BSI: Incident reporting procedure)
• Quick action can help to minimize damage.

Remote deletion and blocking

• If available, activate the remote wipe function on your devices to protect the data in the event of loss or theft.
• Block access to online services if passwords could be compromised. (BSI: Minimizing damage in the event of incidents)

Password change

• On your return, change all passwords that were used during the trip.
• Follow the guidelines of the University of Kassel for creating secure passwords. (BSI: Ensuring account integrity after traveling)

Safety check of the devices

• Have your devices checked for malware. (BSI: Check for malware after traveling)