Using laptops and apps abroad
When travelling outside the UK, data on your devices may be at risk and apps and services that you normally use may be restricted.
Risks depend on your destination and the data on your device. This checklist will help you prepare, stay secure while abroad and take the right steps when you return.
For full responsibilities, see the Safe use of University information: travelling abroad policy.
Before you travel
Check if your work involves sensitive data
- If you work with internal, confidential or secret information or research, contact IT Services for advice (at least two weeks before you travel).
- We advise taking a temporary laptop (see next steps) to reduce risks to internal, confidential or secret information.
Decide which device to take
- Use a temporary laptop (recommended): a blank device with no stored data, reducing risks if lost or tampered with.
- Request a temporary laptop (at least two weeks before travel).
- If taking your normal laptop (eg personal or from work), check local laws on encryption first, and encrypt your device before travelling. This safeguards your data if it's lost or stolen. You must not travel with your normal laptop without encryption.
Prepare your accounts and access
- Set up the virtual desktop service (VDS) if you need secure access to University systems, software or filestores.
- Check local restrictions for other apps or websites you rely on, before you go. Some countries filter web content, blocking access to apps and websites you normally use, such as Google and Duo two-factor authentication (2FA).
- Use an authentication app instead of SMS for two-factor authentication – texts may be blocked, unreliable or expensive. Check that your two-factor authentication app is working before you leave.
- Set a strong password for your University account.
- Store important files that you'll need to access while abroad in Google Drive, OneDrive or Filestore. Never have the only copy of data on your laptop.
- You can continue to access Filestore remotely by connecting to the virtual desktop service (VDS).
- Access to Google Drive is restricted in some countries. Check app restrictions before you travel.
While abroad
Protect your devices
- Never leave your device unattended – even encrypted devices can be tampered with.
- Avoid using shared computers (eg internet cafes, hotels, airport kiosks) or those owned by others, such as travellers, colleagues or friends. They may be monitored or infected with malware.
Use secure access methods
- Use the virtual desktop service (VDS) instead of saving data locally.
- Only access University accounts via trusted networks. Avoid public Wi-Fi.
- Don't use a non-University account to send or receive personal, or internal, confidential or secret University information. (If you decide to use a non-Google email account while you're abroad, remember that it won't be protected by the same contractual arrangements that we have with Google.)
- Avoid purchasing or downloading new software or hardware. Even if not malicious, it could be counterfeit.
- Don't have your devices repaired abroad. For support with faulty hardware, contact IT Services.
Report lost and confiscated devices, or suspicious activity
All devices you take are vulnerable to being tampered with, stolen or lost.
Your data might be copied (eg by border officers when crossing borders) or malware could be installed on your device (which even updated security software may not prevent).
Report lost, stolen or confiscated devices immediately. If you suspect tampering, stop using the device and contact us from a different device.
When you return
Change your passwords
- Change your University password immediately.
- Change passwords for any accounts you accessed while abroad.
Return temporary devices
- If you borrowed a temporary laptop, return it for secure erasure.
Restricted apps and services by country
Some countries restrict access to key University services. Check the list below to see which apps are restricted, in which countries. If you're travelling to somewhere with restrictions, look into alternative access options in advance.
Google Workspace
Google Workspace is available in most countries and regions, however, Google restricts access to some of its business services in certain areas. Whilst Google services may be available in these countries or regions for personal use, it may be unavailable for business or education use. Access to your University Google account may therefore be affected.
Countries or regions where access to Google services is restricted currently include:
- China
- Crimea
- Cuba
- Iran
- Self-proclaimed Donetsk People's Republic and Luhansk People's Republic
- Syria
- North Korea
Countries or regions where Google services aren't explicitly restricted, but access may be unreliable.
- Pakistan
- Russia
- Sudan
- Some Arab countries (the situation here is fluid)
Duo two-factor authentication (2FA)
Duo two-factor authentication applies the US Office of Foreign Assets Control (OFAC) restrictions (June 2023) which will block authentications access from:
- Cuba
- North Korea
- Iran
- Sudan
- Syria
- Crimea region
- Sevastopol region
- Donetsk region
- Luhansk region
If you travel to a restricted region, you may not be able to log in to University services and see an ‘access denied’ message.
Related links
- Safe use of University information on all devices: how to configure and manage your devices.
- Travelling abroad policy: your responsibilities for keeping your devices and data secure when travelling abroad.
- Business travel guidance: accommodation, car hire, travel insurance and the University's expenses policy.
Related links
- Safe use of University information on all devices: how to configure and manage your devices.
- Travelling abroad policy: your responsibilities for keeping your devices and data secure when travelling abroad.
- Business travel guidance: accommodation, car hire, travel insurance and the University's expenses policy.