ACSC programs and advice are being migrated to cyber.gov.au (see sidebar)

Travelling Overseas with Electronic Devices (Technical Guidance)

Download ACSC Protect: Travelling Overseas with Electronic Devices (Technical Guidance) (PDF), January 2019
First published 2012; updated 2018; reformatted January 2019

Related Travelling Overseas with Electronic Devices (User Guidance)

Introduction

This publication has been developed to assist IT security staff to secure electronic devices and information before employees travel overseas. It should be read in conjunction with the guidance in Travelling Overseas with Electronic Devices (User Guidance).

For devices carrying classified information, the Australian Government Information Security Manual (ISM) contains further guidance.

Mitigation strategies

The following mitigation strategies should be implemented before employees travel overseas in order to maximise the security of devices and the information held on them. This is general guidance which may not be applicable to every device.

  • Update the operating system and all applications on devices. Most updates are fixes for identified security vulnerabilities and should be applied as soon as they become available.
  • Restrict administrative privileges on devices to only users who need them. Restrict user’s rights in order to permit them to only execute a specific set of predefined functions as required to complete their duties.
  • Implement application whitelisting on devices, such as Microsoft AppLocker, to only allow approved programs to run. For tablets and smartphones, use Mobile Application Management tools to specify which applications are allowed to be run.
  • Install antivirus software on devices. Virus pattern signatures should be checked for updates several times per day and installed as soon as they become available. All storage should be regularly scanned for malicious code.
  • Where possible, install a firewall to protect against malicious incoming network traffic.
  • Disable unnecessary features or software; minimising software on devices reduces opportunities to gain access to devices through software-based security vulnerabilities.
  • Implement passphrase policies as per the ISM or device-specific hardening guides.

Device encryption

All devices should be encrypted to mitigate the risk of unauthorised access to information if a device is lost or stolen. In doing so, organisations should use either full disk encryption or partial disk encryption where access controls will only allow writing to encrypted partitions.

Full disk encryption provides a greater level of protection than file-based encryption. While file-based encryption may protect individual files, there is a risk that unencrypted copies of the file may be left in temporary locations used by the operating system. Full disk encryption also allows operating system and software files to be more easily protected from an adversary with physical access.

Network connections

Configure wireless security settings on devices such that they can’t connect to ad hoc wireless networks. Further, configure devices such that split tunnelling is disabled when users connect back to the organisation via a Virtual Private Network (VPN) to browse the web or access their emails. Finally, disable Bluetooth pairing by default. This can be enabled if required but should be done prior to the departure of employees on overseas travel.

Further information

The Australian Government Information Security Manual (ISM) assists in the protection of information that is processed, stored or communicated by organisations' systems.

The Strategies to Mitigate Cyber Security Incidents complement the advice in the ISM.

Contact details

Organisations or individuals with questions regarding this advice can contact the ACSC by emailing asd.assist@defence.gov.au or calling 1300 CYBER1 (1300 292 371).

In August 2018 ACSC launched a new website, cyber.gov.au, to reflect its new organisation.

Cyber security programs and advice are being migrated to cyber.gov.au. Information and advice on this site remains current.

Reports help the ACSC to develop a better understanding of the threat environment and will assist other organisations who are also at risk.

Cyber security incident reports are also used in aggregate for developing new defensive policies, procedures, techniques and training measures to help prevent future incidents.

Information for Australian businesses
Information for individual Australian citizens
Information for Federal, State and Local government agencies