Security Guidelines for Overseas Travel for Users

Transcription

1 Guidelines Information Communications Technology Security Guidelines for Overseas Travel for Users January 2013 Version 1.2 Corporate and Information Services

2 Document details Document Title Contact details File name Version 1.2 Date issued January 2013 Document Control Information Communication Technology (ICT) Policy and Strategy Division, Corporate and Information Services (DCIS) Northern Territory Government (NTG). Approved by NTG IMC: 09 December 2010 Change History Version Date Author Change details 1.0 October 2010 K. Kannoorpatti New guidelines 1.1 October 2011 K. Kannoorpatti Changed format 1.2 January 2013 K. McCarthy Update government names Corporate and Information Services

3 Table of Contents 1 Guidelines Further Information...5 Corporate and Information Services

4 Information Communications Technology 1 Guidelines Overseas travel has a number of issues that need to be considered to secure information and devices. Planning early reduces the risks to NTG ICT information, reduces the stress and lets you enjoy your stay overseas. The document covers simple measures that can be followed to improve security and your peace of mind. Whilst the guidelines are meant for NTG staff with sensitive information on overseas travel, NTG staff with no sensitive information should also largely follow the guidelines. The guidelines are based on a few principles: You are likely to lose a device or have it stolen. Physical security is more important than electronic security. It is much more difficult to break an encryption than to steal an electronic device or information on hard copy. Infection more easily spreads through USB sticks than other means. Avoid them. Plan Early Identify the documents that will be taken with you on an overseas trip. Amongst them identify the sensitive documents that are likely to cause damage if lost or stolen. Do not use internet café s computers. They may capture all that your are typing using key-stroke loggers. Do not store any personal information in the laptop such as bank details, passport details, private credentials, photographs, etc. Get your epass challenge questions properly filled in before you go overseas. This will enable the service provider to assist you in case you need to contact them to reset password, initiate remote wipe or provide other assistance. Carry the appropriate electrical plugs to suit the overseas country. Some countries may have different voltage. Check before you go. Smartphones If you do have a smartphone, carry it with you. Use it to read and reply to s. Make sure that you have global roaming turned on. Be careful. Global roaming costs can be very high. Set it up with passcode for using the features on the phone. If you are comfortable with global roaming costs, then the Smartphone can be used as a modem for your laptop. This is also called tethering (This is available in iphones). Do not use Bluetooth or wireless as default. Turn on wireless only when you need it. Ask your IT Manager to train you with this. If your contacts are sensitive, do not carry the contacts on the phone and try and memorise the most important ones. Store them on your NTG webmail account under contacts. Your IT Manager can assist you with this. Do not carry any sensitive documents on your phone or memory card. Corporate and Information Services 4

5 Information Communications Technology Plan Early Do not use the phone s application to access your . Use webmail through the smartphone to access your account. This way you don t need to store your LAN userid and password on the phone. While travelling Keep the laptop in your sights if possible. If you are leaving it in a cabinet or an overhead locker, make sure you will be able to keep an eye on it. It is possible the laptops can be left in restaurants and cafes. Please be alert. Leave the laptop in the boot of the car and not exposed elsewhere in the car. In the airport It is possible that there can be a mix up during security checks. Stay vigilant. In the hotel Keep the laptop tethered to a stationary object in your hotel room. If locker facility is available, leave the laptop in the locker. Meetings Do not provide access to your computer to others Do not plug in any USB stick in to your laptop Do not give your USB Stick, memory card, etc to be used in anybody s computer. Provide your CD or DVD if you want to pass on your business information. If you are provided with a USB stick, CD, DVD, etc and you do not have any sensitive information on your laptop, plug them to your laptop. Lost or Stolen devices If your laptop is stolen, report to the local police and get a receipt of complaint from them If possible let the service provider to initiate a password reset of your LAN credentials. The service provider can be contacted on If a smartphone is lost, ask the service provider to initiate a phone lockup and remote wipe of your phone contents. It is possible for you to initiate the wipe by going to webmail and clicking on options and follow the links from there. On Return Do not plug your computer to the NTG ICT network Ask the service provider to wipe the hard drive clean and have it reformatted Do not plug your smart phone to the laptop at any time 1.1 Further Information Further information about this standard can be obtained from: NTG Help Desk Chief Minister DEB ICT Policy and Strategy Corporate and Information Services 5

6 Information Communications Technology Corporate and Information Services 6