• Guides and help
• Tools, software and services
• Service status
• Cybersecurity
  • Spam and phishing email
  • Virus and malware help
  • Keeping your computer up to date
  • File security
  • Protecting confidential data
  • P2P applications
  • Secure PC disposal
  • Passwords
  • Two-factor authentication
  • Usage advice for cloud services
  • Monitoring internet usage
  • Remote security
  • Screen lock
  • Network settings & firewalls
  • Using University IT facilities overseas
  • Vulnerability disclosure policy
  • Contact CERT
  • MetaCompliance
• IT training
• About us
• Contact us

Using University IT facilities overseas

This guidance is intended to help you make use of our IT facilities overseas. There is more detailed University policy and guidance that you should follow if you are handling particularly sensitive data or carrying out sensitive research:

• Policy for safe use of University information on all devices
• Policy for safe use of University information on all devices: guidance
• Travelling abroad

When travelling anywhere overseas, you should be aware that data on any devices you take with you may be at risk. The risk will vary according to the country you are visiting, and the type of data you have. If you are visiting countries that implement web filtering, you may be unable to access some resources. 

If you are travelling overseas for an organised event such as a conference or to another institution, they may provide advice on what IT equipment you should bring. In some instances they may suggest you do not take your operational "everyday" laptop but take a temporary laptop; a blank device which has not been used to store information or data and only hosts the minimum amount of information you need for your trip. This protects information from inappropriate access or device theft.

If you need a temporary laptop for a trip, please complete the Travel Laptop Request form at least two weeks beforehand. On your return to the UK we will erase the temporary device and ask you to reset your password.

The guidance we give here is quite general - the situation in any country changes regularly, and can vary between regions within the country, so it's difficult to give any definitive guidance. Please contact IT Services well before your trip if you want to discuss any concerns.

Travelling with laptops and other mobile devices

If you are travelling with your primary everyday device, then we require that it has disk encryption configured to protect the data on your laptop in case of loss or theft. However, some countries (eg China and Russia) do not allow the import or export of encrypted devices and this is where we do recommend a temporary device. Please contact IT Services to arrange this as early as possible. Attempts at hiding encrypted disk partitions may be detected, and lying in response to border official questioning about the existence of encrypted disk partitions may be a potentially serious criminal offence.

In some countries, unattended laptops (encrypted or not) may be tampered with. This is a particular risk if you deal with sensitive information relating to (for example) high technology, defence, human rights, or other politically sensitive matters. If you discover any tampering with your device, do not interfere or attempt to remove any software or hardware. Contact IT Services and CERT@york.ac.uk as soon as possible using a different device.

Laptops, tablets, phones and other mobile devices may be attacked and compromised via malware or automated attack tools. Commercially available security software, even when completely up to date, may not prevent this.

Devices taken across international borders may be subject to official governmental review and even complete duplication (eg in some countries, customs officers may temporarily seize your device, and keep a copy of its entire system on entry or exit).

If it is appropriate to use a temporary device, you need to ensure that you populate it with as little data as possible, and don't let it out of your sight. If you need more access to University services while overseas then you use the virtual desktop service (VDS) rather than storing data on the device. This will need set-up prior to your departure. Always contact IT Services for advice on the use of a temporary device.

Whatever device you are using you must make sure that you are complying with all the University's security guidelines, including installing software, ensuring the device is set for automatic patch updates, and that your accounts have a strong password.

• IT Security

If you are handling particularly sensitive data or carrying out sensitive research, you may need to take further precautions. Follow the University policy and guidance relating to Information Security, and contact us for advice before you travel.

• Policy for safe use of University information on all devices

Overseas Access

Google

Google Workspace is available in most countries and regions, however Google restricts access to some of its business services in certain areas. Some Google services may be available in these countries or regions for personal use, but not for business or education use.

Countries or regions where access to Google Apps is unreliable or restricted currently (June 2023) include:

• China
• Crimea
• self-proclaimed Donetsk People's Republic and Luhansk People's Republic
• Cuba
• Iran
• Syria

Countries or regions where access to Google Workspace Apps is currently unreliable include:

• North Korea
• Pakistan
• Russia
• Sudan
• Some Arab countries (the situation here is fluid)

Duo

Duo apply the US Office of Foreign Assets Control (OFAC) restrictions (June 2023) which will block authentications from users whose IP address originates in a country or region below:

• Cuba
• North Korea
• Iran
• Sudan
• Syria
• Crimea region
• Sevastopol region
• Donetsk region
• Luhansk region

You will receive the message "Access denied. Duo Security does not provide services in your current location" in the Duo Prompt and will therefore not be able to connect to the University VPN or other services that use Duo.

Accessing Google Apps and other resources when abroad

If the resource you need is blocked, you may be able to access it using either the University's VPN or the Virtual Desktop Service. However, it is possible that access to these services may also be blocked (as above) in some areas.

Accessing resources using the University VPN

If you are able to connect to the University virtual private network (VPN), it will allow you to access resources which are otherwise restricted in a country. Find out how to access the VPN at:

• Using the virtual private network (VPN)

We recommend installing GlobalProtect application to connect to the VPN, and that you set this up (and check that it's working) before you leave. This will give you the best experience for using Google Mail and other resources.

If you're using the VPN, or if connections to the internet are slow, use the HTML version of Google Mail - it will load more quickly:

• Gmail in HTML

If you have two factor authentication (2FA) enabled on your Google account (Duo or Google), make sure you are using the Google Authenticator app rather than text messages, as SMS delivery can be unreliable and expensive. Install the app and check that it's working correctly before you travel.

• Google Authenticator

Note on VPN use:

• In certain countries, the use of VPN technology or the use of VPNs not sanctioned by the country may be illegal. You must check or seek advice on the use of VPNs if you are still in doubt.
• It's still important that you are aware of, and abide by, the laws of the country you are visiting. For example, if you use the VVPN to access material in a country where it is illegal, you may face legal action if caught.

Shared computers

Never use computers in internet cafes or hotel/airport business centres, or systems belonging to other travellers, colleagues, or friends. They may be monitored or infected with malware.

Other advice

• Ensure that data is stored on either Google Drive, OneDrive or centralised storage. You should not have the only copy of any data on your device.
• Do not purchase new hardware while travelling.
• Do not purchase or download any new software while travelling. Even if not malicious, it will frequently be a counterfeit copy.
• Do not have any of your electronic devices repaired or otherwise worked on while you are abroad.
• Change the password to your University account, and any other accounts you have used, when you return to the UK.
• If you decide to use a non-Google email account while you're abroad, remember that it won't be protected by the same contractual arrangements that we have with Google.
• Don't use a non-University account to send or receive personal, confidential or otherwise sensitive University information.
• Do not attempt to get IT hardware repaired locally, seek advice via IT Support. 

If you have any other concerns or specific questions, please email itsupport@york.ac.uk, and our Security team will be able to offer you advice.