Safeguarding your data while travelling
Published: April 25, 2025

Protecting the University’s data is a shared responsibility. When traveling outside Canada, cyber security threats become even more significant. Malicious actors may attempt to intercept calls, monitor internet activity or gain access to your devices. In addition, border agents could search your electronic devices as part of their due diligence process.
Below is essential guidance for University of Toronto staff, students and faculty who are looking to safeguard their data while travelling. Read on for best practices.
Before you travel: Secure your devices and data
- Make sure the software on all your travel devices is up to date. Updates to your computer software and mobile device applications will fix known security gaps.
- Minimize data and devices you carry with you.
- Do not travel with U of T level 3 and level 4 data on your mobile phones and computer. Instead, transfer data to University-provided secure cloud solutions like Microsoft 365, and delete the original files from your devices.
- Be mindful of your personal information and remove anything unnecessary.
- Clear your browser history.
- Consider using a “burner” device as a temporary alternative to your work or personal device. Only load necessary files for travel; access other materials via cloud storage.

- Be mindful of your social media presence and the content stored on your device.
- Remove documents, chats, emails, contacts and media that might be perceived as provocative or inflammatory by certain governments.
- Consider making your social media accounts non-public.
- Minimize apps on your phone and computer when traveling to destinations with concerns about device screening by border agents.
- Remove all U of T Microsoft client apps (such as Outlook, OneDrive, SharePoint, etc.,), along with web browser icons and bookmarks pointing to these and other critical University applications.
- Consider removing personal-use apps for social media, chat and email.
- Back up your data.
- Ensure your U of T data is backed up to University-provided secure locations.
- For data on your personal devices, back up your information to a secure cloud service or a secure device that you can leave at home.
- Protect your passwords.
- Turn off “remember me” and wipe stored passwords from all travel device applications and browsers.
- Change your existing device and online account passwords to temporary travel passwords.
- To keep secure records of your new passwords, use a password manager such as 1Password.
- Ensure your devices and external storage are encrypted.
- Verify your devices (laptop, phone, portable hard drives or USB drives, etc.,) are encrypted.
- If unsure, consult your IT department to confirm your U of T devices are encrypted.
- Note that use and presence of encryption devices is restricted in some countries — consult relevant laws and regulations before travel and contact your local IT department for guidance.
- Enable strong authentication.
- Set strong, unique passwords on all devices and accounts.
- Enable multi-factor authentication (MFA) where possible.
- Note: Duo MFA may not work in all countries, preventing you from accessing certain U of T resources. Consult with you your local IT department for guidance.
- Ensure you have departmental authorization to take data off-site. Always check with your departmental contact first.
As you travel: Be vigilant
- Keep your devices with you at all times. Pay extra attention at airport screening and other security checkpoints and never leave your belongings unattended.
- Turn off auto-connect for Bluetooth and Wi-Fi. This will prevent your devices from connecting to unsecured and potentially malicious wireless networks.
- Do not use untrusted wireless networks such as those at hotels, airports and coffee shops. Instead, you could use your phone data as a hotspot to securely access the internet.

- Use a virtual private network (VPN) such as UTORvpn before connecting to any University or personal online service. Check with your department when creating your travel security plan as VPNs are not allowed and/or will not work in some countries.
- Access U of T’s Microsoft 365 ecosystem (e.g., Outlook, SharePoint) via the web interface. The system is designed to maintain the University’s data security. Make sure you sign out after each use.
- Do not use unfamiliar devices.
- Avoid publicly accessible or shared computers.
- Do not plug in unknown and untrusted devices such as USB drives and power chargers.
- Avoid USB port charging stations; instead use AC power outlets.
- Be careful when going through customs and security. In many countries, customs or law enforcement officers have the authority to demand that travelers unlock their devices or provide passwords. Non-compliance can lead to denial of entry, arrest, or confiscation of the device. If an official requests you to unlock a device or provide a password, make reasonable efforts to keep the device in sight at all times. Change passwords and inform your IT team about the access as soon as possible.
- Before crossing the border, turn off your device to ensure remote files don’t get downloaded accidentally. If you have to leave your phone on, make sure it’s kept in airplane mode or otherwise disconnected from the internet by Wi-Fi or cellular data.
- Make sure you know how to remotely wipe your personal devices if lost.
- Travel with a copy of your cellular provider’s toll-free number so you can quickly have service suspended or blocked.
- You can also download and set up tools like Find my iPhone/iPad/Mac and Find My Device (for Android) to locate your device or wipe it remotely.
- Stay alert online.
- Practice the same caution you would at home.
- Do not download or click links from untrusted sources.
- Delete emails that seem suspicious.
- Clear your internet browser after each use to delete your history, cookies, cache, and downloaded or temporary files. Alternatively, use your browser’s private browsing or incognito feature.
After your trip: Restore security and report concerns
- When you return, use a trusted device to change all the passwords or PINs for your devices and accounts you used while travelling.
- Use anti-virus software to scan devices for malicious activity before connecting to your home and work networks. For managed devices, contact your local IT help desk for assistance.
- Report suspected security concerns to your IT security department so they can complete the following steps:
- Check for signs of malicious activity
- Initiate forensic research and a factory reset if your device has been compromised
- Use secure backup to restore the device before further use

Support
For support while traveling, contact your local IT help desk.
Further, check out additional U of T guidance on international travel.
If you are a Researcher looking for security advice regarding your travel plans, please request a consultation session with the Research Information Security team.