Mobile devices and business travellers (ITSAP.00.087)

High risk travel

Travel can be considered high-risk when factoring in the following variables:

• identity of the traveller (for example, Chief Executive Officer)
• special events (for example, The World Economic Forum)
• high-risk locations, as defined by Global Affairs Canada (GAC)

If you are unsure of the risk, contact your IT security department.

High-risk travel requires the following special considerations:

• If your organization has an inventory of devices for travel, contact your IT department to request one for your trip. If you must use a personal device, turn off Bluetooth, Wi-Fi, and location sharing and use a VPN.
• Assume that all communications transmitted over public carriers are at risk of being intercepted. Encrypt all sensitive information on your mobile devices before your trip.
• Report any unusual device performance issues or any other associated security concerns to your IT security department.

Guide for business travellers

Before you travel

• Protect your assets. Back up your information and update device software to improve defence capabilities.
• Move anonymously. Deactivate features such as location, Bluetooth, and auto-connect settings on your device.
• Travel light. Take only the devices that you need and remove unnecessary data.
• Lock it down! Update your credentials with complex passphrases and passwords and activate multi-factor authentication (MFA), if available.
• Avoid using free password managers that are not part of your operating system or browser.

While you travel

• Keep your devices in your possession at all times. If you must leave a device unattended, remove the battery and SIM card if possible, and keep them with you. Power off devices while going through customs or other inspection points.
• Be aware of your surroundings. Be mindful of shoulder surfers trying to view your screen or keyboard. Power off devices while going through customs or other inspection points.
• Deactivate the “Remember Me” feature on websites of business or personal value and where MFA is not available, enter your login credentials every time so your passwords are not stored.
• Connect safely. Where possible, use your cellular data plan to access the Internet and avoid unknown, unsecured, or public Wi-Fi networks when accessing sensitive information.
• Communicate securely. Do not store or communicate information above the approved classification of the device. Do not use PIN-to-PIN messaging to exchange sensitive information as it is not protected by security settings.

After you travel

• Report suspected security concerns to your IT security department.
• Switch it up! Change passphrases, passwords, or PINs on your devices and accounts that you accessed while abroad.
• Use anti-virus software to scan devices for malicious activity before connecting to your home and work networks.