Skip to main
University-wide Navigation

Personal Travel Guidelines

START OVER Official Capacity Travel Guidelines

Recommendations for Personal Travel

Travel often represents considerable risks to information stored on devices such as smartphones, tablets, and computers. Since there is an elevated risk of device loss, theft, and exposure to untrusted or compromised internet connections, there are several practices that we recommend ensuring that your data and UK’s data stays as safe as possible.

Basic security requirements should be observed when traveling:  
  1. Only take devices necessary while traveling. If you can do without the device, it is best to leave it at home.  
  1. Do not log into sensitive accounts (e.g., bank accounts, email services) when using publicly available computers. Consider changing passwords upon return.   
  1. Be aware that your account login information can be stolen in common ways, such as hidden software that records what you type, someone watching over your shoulder, or cameras capturing your keystrokes. 
  1. Don't leave computers/devices in hotel rooms or public spaces unattended. It’s important to lock them in a hotel safe or keep them with you at all times.  

UK Mobile Device Recommendations phone, tablet, laptop, ect.

  1. Only connect your devices to computers and accessories that you trust and recognize. 
  1. Do not charge devices by connecting them to public charging stations. If this is unavoidable, a data blocker device should be utilized to block any potential transfer of data.  
  1. Keep software and apps up to date. 
  1. Use lock screen PINs and Passwords with a minimum 6-character length. 
  1. Set devices to lock after 5 minutes or less. 
  1. Protect your devices with anti-virus software.  
  1. Don't connect flash drives or other removable media received while traveling to your devices.  
  1. Don't install new software while traveling. 
  1. Restart your mobile device daily. 
  1. Consider clearing internet browsers before traveling and before returning home. 
  1. Remove all non-essential data and unused software from your device before traveling and before returning.  
  1. If available, use the eduroam network for wireless service. This service is made up of a consortium of education institutions and the research community that shares each other's secured wireless networks, allowing members to log in with their home institution ID. UK is a member of the eduroam consortium. Please be sure to test your eduroam access before departing.
  2. Encrypt data, if possible, following these directions for MacOS and/or Windows. NOTE:  Some countries, such as China, Cuba, Iran, North Korea, Russia, Sudan, and Syria have restrictions on the import and use of encryption tools and do not allow cryptography tools to be imported or used within their borders without a license, or in some cases, at all.

  3. Do not connect to open Wi-Fi networks, use reputable U.S.-based or UK’s Virtual Private Network (VPN) whenever possible, and in accordance with local, state, and country laws. NOTE:  Some countries, such as China, Russia, Belarus, Egypt, and Turkey have restrictions or bans that do not allow VPN.   

  4. Disable nonessential mobile device capabilities: 

    1. Wi-Fi when not connected to a trusted network. 
    1. Bluetooth. 
    1. Near-Field Communication (NFC). 

Training Recommendations

All UK employees and students traveling to make best efforts to participate in the following trainings:

  1. CyberSafeCats Website (students and employees): 

  2. myUK Learning Portal (employees only): 

    1. CYB 101 Cybersecurity Awareness Foundations
    1. CYB 202 International Travel Cybersecurity Basics  
    1. CYB 401 Protecting Protected Health Information (PHI), Personal Identifiable Information (PII), Data, & Other Information  

Travel to Sanctioned/High-Risk Destinations

Traveling to Cuba, North Korea, Iran, Sudan, Syria, certain parts of Ukraine (Crimea region, Donetsk region, Luhansk region, and Sevastopol region), Afghanistan, Belarus, Burma, Cambodia, China, Russia, or Venezuela is considered high risk from an IT security perspective. When traveling in these areas you may experience “Access denied. Duo Security does not provide services in your current location” messaging when attempting to log-in utilizing multi-factor authentication.

You may also be unable to access Microsoft resources. For some locations conditional access may be granted to Microsoft resources by following reviewing following article: "How do I request conditional access for Microsoft 365 in a blocked locale?" and submitting a self-service form below.

How do I request conditional access for Microsoft 365 in a blocked locale?

Self-Service Form

Individuals traveling to Ghana, Nigeria, and/or Tanzania will not be able to access University technology resources and must submit a exception request form before traveling.

Exception Request Form

For a current list of sanctioned/high-risk areas travelers can search here:

Sanctions List Search

Travel Advisories

When traveling to a comprehensively sanctioned jurisdiction notify the University’s Export Controls point-of-contact in advance. They will review General Licenses issued by the U.S. Department of the Treasury, Office of Foreign Assets Control, along with the Export Administration Regulations (EAR) and International Traffic in Arms Regulations (ITAR) to ensure the travel plan abides by U.S. export control and sanctions regulations and that any necessary licenses are obtained.

Travelers should review national guidance here: 

High-Risk Area Travelers

Individuals traveling to these areas must contact the UK International Center and/or Enterprise Cybersecurity prior to traveling, to receive additional guidance.

Report Appropriately When Something Goes Wrong

If your UK device or device you utilize to access UK resources is lost, stolen, and/or confiscated for any amount of time, report the incident immediately at:

Stolen, Lost, and/or Confiscated Equipment Report

Staff: If you are no longer in possession of your UK device and need a replacement reach out to your departmental IT staff.

Students: If you are no longer in possession of your UK issued iPad you may be eligible for replacement. Smart Campus will not replace devices/equipment (iPad, Apple pencil, keyboard, or charger) lost by a student. The student is responsible for purchasing lost items. Technology that has been stolen is eligible for replacement. To qualify for this replacement process, you must be able to file and provide a police report saying what was stolen. When filing this report you will need the iPad, keyboard, or accessories' serial number. It is your responsibility to notify Smart Campus through email at smartcampus@uky.edu. Smart Campus staff will be able to disable the device remotely, making it unusable until found/returned.

Campus Security Authorities: Campus Security Authorities should report Clery Act crimes that occur in their own or students’ hotel rooms, hotel common space (lobby, stairwell, elevators, etc.), and/or rented academic space when participating in institution sponsored travel.  If the University of Kentucky has entered into a written agreement with a third-party contractor to arrange housing and/or classroom space for the sponsored trip or study program, it is assumed that the contractor is operating on behalf of the institution as the institution’s agent, putting the institution in control of this space. Learn more about your responsibility as a CSA:

Campus Security Authorities

Have questions? Email:

Clery.compliance@uky.edu 

Special Note on Border Crossings

Traveling with an electronic device may result in unexpected disclosure of personal information. Certain countries are known for requiring access to device files upon entry to their country. It is important to understand that the device, the device technology, and the data stored on it are all subject to export control regulations. As such, both foreign and domestic custom agents are authorized to seize travelers’ devices at their discretion. Therefore, you should be extremely thoughtful about any proprietary or sensitive information that may be stored on your device.  Prior to leaving you are required to back up and securely erase.

Illness and Access to HealthCare Systems

If you become ill while traveling, be aware you and/or your care provider may not have access to your medical records/history. Employees and students whose medical records/history are contained in UK HealthCare MyChart records will not have access internationally. HealthCare employees/students traveling internationally will not have access to healthcare tools/applications that have access to patient data. Examples include, but are not limited to, HealthCare VPN, Epic, myChart.

Regulation References

  1. General Data Protection Regulation (GDPR) 

    1. Regulation (EU) 2016/679 
    1. European Commission. https://gdpr.eu 

  2. Gramm-Leach-Bliley Act (GLBA) 

    1. 15 U.S.C. §§ 6801–6809 (Safeguards Rule) 
    1. Federal Trade Commission. https://www.ftc.gov 

  3. Payment Card Industry Data Security Standard (PCI DSS) 

    1. PCI Security Standards Council. https://www.pcisecuritystandards.org 

  4. Family Educational Rights and Privacy Act (FERPA) 

    1. 20 U.S.C. § 1232g; 34 CFR Part 99 
    1. U.S. Department of Education. https://studentprivacy.ed.gov 

  5. Health Insurance Portability and Accountability Act (HIPAA) 

    1. 45 CFR Parts 160, 162, and 164 
    1. U.S. Department of Health and Human Services (HHS). https://www.hhs.gov/hipaa 

  6. The Joint Commission Standards 

    1. Information Management (IM) and Emergency Management (EM) domains 
    1. The Joint Commission. https://www.jointcommission.org 

  7. Digital Millennium Copyright Act (DMCA) 

    1. 17 U.S.C. § 512 and § 1201 
    1. U.S. Copyright Office. https://www.copyright.gov/dmca 

  8. National Institute of Standards and Technology (NIST) 

    1. NIST SP 800-53 Rev. 5 – Security and Privacy Controls for Information Systems and Organizations 
    1. NIST SP 800-171 Rev. 2 – Protecting Controlled Unclassified Information (CUI) in Nonfederal Systems 
    1. NIST Cybersecurity Framework (CSF) 2.0 https://www.nist.gov/cyberframework 

  9. U.S. Department of Defense (DoD) 

    1. DoD Instruction 8500.01 – Cybersecurity 
    1. DoD Instruction 8510.01 – Risk Management Framework (RMF) for DoD IT 

  10. Cybersecurity & Infrastructure Security Agency (CISA) 

    1. CISA Travel Cybersecurity Guidance and Alerts https://www.cisa.gov 

  11. U.S. Department of Homeland Security (DHS) 

    1. DHS Tips: Cybersecurity While Traveling  https://www.dhs.gov 

  12. U.S. State Department – Travel and Export Controls 

    1. International travel advisories and technology export guidance https://travel.state.gov 

  13. U.S. Department of Commerce – Bureau of Industry and Security (BIS) 

    1. Export Administration Regulations (EAR), including deemed export rules https://www.bis.doc.gov 

What if I'm traveling in both a personal and official capacity in the same trip?

If you are traveling under an Official University capacity for part of your trip and in a personal capacity for another part of your trip, be sure to refer to the Official Capacity Travel Guidelines in addition to the Personal Travel Guidelines.

Official Capacity Travel Guidelines

Personal Travel Guidelines

Customer Services

Important Information
24/7 Urgent Assistance 859-218-HELP (4357)
Non-Urgent Matters techhelpcenter.uky.edu/assistance
Online Support techhelpcenter.uky.edu
 1:1 Assistance Student Tech Help @ The Hub in W.T. Young Library
University of Kentucky Homepage A link to return to the University of Kentucky Homepage
An Equal Opportunity University
Accreditation
Directory
Email
Privacy Policy
Accessibility
Disclosures
© University of Kentucky
Lexington, Kentucky 40506