Traveling and your St. Thomas account

Traveling on Vacation? Studying Abroad? Returning home for the holidays?

Planning ahead and knowing how to be safe and how to most securely access your St. Thomas resources while away from campus can help you avoid common pitfalls.

• UST Global Protect VPN
• Why Personally Acquired VPNs are not recommended
• Digital Security Risks to be Aware of While Travelling
• Other Ways to Minimize Risk While Travelling
• Getting Tech Help
• Additional Note on MFA

Global Protect VPN

• Benefits of using Global Protect while traveling (more on Global Protect VPN and how to install/use available here)
  • We recommend ensuring you're prepared to use the St. Thomas Global Protect VPN while travelling to access your St. Thomas email and other resources.
  • Stable and University security recognized IP and location information
  • Added protection from data and traffic interception while using unsecured or poorly secured networks

Personal VPNs not recommended

Using personal VPNs while interacting with your University account can have major drawbacks.

• Potential for you account being flagged as compromised and locking you out:
  • IP Address Changes - VPNs mask your real IP address by routing your Internet traffic through different servers. If you frequently switch servers or connect from locations far from your usual one, it can trigger security alerts. Many online services monitor IP addresses to detect unusual activity
  • Geolocation Discrepancies - If your VPN server is in a different country, it can appear as though you're accessing your account from multiple locations in a short period. This can be flagged as suspicious behavior.
  • Unusual Login Patterns - Consistently logging in from different IP addresses or locations can create a pattern that looks like someone is trying to hack into your account. This is especially true for services that track login history.
  • Security Protocols - Some VPNs use security protocols that might be flagged by certain websites or services as suspicious. This can lead to temporary account locks or additional verification steps
  • Shared IP Addresses - Many personal VPNs use shared IP addresses, meaning multiple users are assigned the same IP. If another user with the same IP engages in suspicious activity, it could affect your account as well
• Additional things to consider about personal VPNs:
  • Security Concerns - Personal VPNs might not have the same level of security the St. Thomas Global Protect VPN. This can leave your data vulnerable to breaches, especially if the VPN provider doesn't have strong encryption protocols or a no-logs policy
  • Data Leakage - If the VPN connection drops, your data might be exposed. Some personal VPNs lack a kill switch feature, which automatically disconnects your device from the Internet if the VPN connection fails
  • Performance Issues - Personal VPNs can sometimes slow down your Internet connection, which can be problematic if you need a fast and stable connection for work/school
  • Credential Compromise - If your personal VPN credentials are compromised, it could lead to unauthorized access to your company's network

Digital Security Risks While Travelling

Traveling exposes us to a unique set of digital risks that can compromise both our personal data and devices. Whether you're hopping between continents or simply navigating a busy urban hub, understanding these risks and taking proactive measures to neutralize them is crucial for preserving your digital security.

• Public and Insecure Wi-Fi Networks
  • Wi-Fi Vulnerabilities: Unsecured or weakly encrypted networks (like those in cafes, airports, and hotels) can be exploited by cybercriminals. Once connected, your data transmissions may be intercepted or manipulated.
  • Rogue Access Points: Cybercriminals often set up fake Wi-Fi hotspots that mimic trusted networks, luring travelers into connecting. Once connected, your sensitive data such as login credentials and banking details can be quickly captured.
• Device Theft and Loss
  • Physical Theft: Laptops, smartphones, and tablets are handy targets. Losing a device that isn’t properly secured (e.g., with strong passwords or encryption) can give thieves direct access to your personal and financial data.
  • Loss and Misplacement: Even if not stolen, misplaced devices can lead to data breaches if they’re not remotely locked or wiped.
• Outdated Software and Operating Systems
  • Unpatched Vulnerabilities: Traveling can disrupt your usual update schedule, and using devices with outdated software increases the risk of exploiting known vulnerabilities.
  • Malware and Ransomware Exposure: Infections from malicious downloads or compromised network traffic can lead to ransomware attacks or malware infections, locking you out of vital data.
• Social Engineering and Phishing
  • Targeted Scams: Tourists are often targeted through phishing emails, SMS scams, or even fraudulent in-person assistance. These scams can trick you into providing sensitive data or clicking on malicious links.
  • Fake Applications and Services: Fraudulent apps that appear to offer travel-related services (like maps or translation) might secretly harvest personal information.
• Location Tracking and Privacy Breaches
  • GPS and App Data: Many apps continuously track your location. If misconfigured or compromised, your movements can be tracked by unauthorized parties, jeopardizing your personal safety.
  • Geolocation Leakage: Frequent check-ins on social media or using mapping services can inadvertently broadcast your exact location to strangers.
• Unreliable Charging Stations (Juice Jacking)
  • Malicious Charging Points: Using public charging stations might expose your device to “juice jacking,” where attackers install malware or siphon off data through compromised USB ports.
• Government Surveillance and Local Regulations
  • State-Level Monitoring: In some regions, government surveillance is pervasive. Just accessing certain websites or using particular communication apps might draw unwanted attention.
  • Legal and Regulatory Risks: Certain countries may have stricter digital laws, and accessing or storing specific data while on their networks could have legal repercussions.

Minimizing Digital Security Risks While Travelling

To safeguard your digital life while traveling, here are some robust strategies you can adopt

• Use Global Protect VPN: A VPN protects your Internet traffic, helping safeguard your data even on unsecured networks. It hides your real IP address and minimizes the risk of man-in-the-middle attacks. 
• Ensure you have a reliable Multi-Factor Authentication device: MFA ensures that even if you username and password are compromised, unauthorized access to your accounts is significantly hampered. (for more info on MFA start here)
• Keep Software Up-to-Date: Regularly update your operating system, applications, and antivirus software to patch vulnerabilities that could be exploited while on the move.
• Adopt Strong Device Security Practices: Use complex passwords, biometric locks, and encryption for sensitive files. Enable remote tracking and data-wipe capabilities to protect lost or stolen devices.
• Be Vigilant with Network Usage: Prefer using mobile data or secure personal hotspots over public Wi-Fi whenever possible. If you must use public Wi-Fi, avoid logging into sensitive accounts.
• Avoid Suspicious Charging Stations: Carry a portable charger and use your own power adapter to avoid risks associated with public USB charging stations.
• Practice Digital Minimalism: When traveling, consider carrying only the essential data on your portable devices. Use cloud storage for backups, ensuring that sensitive data is not stored locally.

Getting Help

• Tech Desk is available to help at the methods and hours outlined in their homepage here
• Ask our AI Tech Help Search by clicking here, checking the box next to "I Understand", and clicking the "Try Tommie Tech AI Search" button
• Search our Service Catalog and Knowledge Base for common questions and to report an incident or request help related to St. Thomas technology services.
• Chat with a tech for remote support (more info)
• Call the Tech Desk 
• Email the Tech Desk (more info)

If you need help with account services (password reset, MFA reset, compromised account, account information) we will need to thoroughly verify your identity. The fastest ways to get support for this are to call us at 651-962-6230.

We understand that there can be unique challenges to calling in to the Tech Desk while travelling/abroad, if you are unable to call in to the Tech Desk or come to one of our walk-up locations, then the easiest ways to get help and verify your identity would be by either:

• Chatting with us and requesting a video call
• Providing us the phone number we can reach you at (and a variety of days/times you might be reached).
  • We are able to call out to you at long-distance and international phone numbers

Note - It is especially important while travelling/abroad to have a working MFA method. 

• While travelling/abroad is when most users are at the highest risk of being compromised. 
• The MFA requirement can not be removed from your account. 
• If you will need absolutely uninterrupted access to your University account and University systems while travelling we recommend ensuring you have access to multiple devices to meet this need. 
  • The Authenticator app can be installed on any smartphone and most tablets (any tablet allowing install from the Google Play store or iPad Apple store) if you have access to multiple devices to carry with you we recommend setting all of them up with the Authenticator app prior to travelling
  • You can purchase the specific Yubikey device linked to from this article and set it up (in addition to any other devices like smartphone or tablet) as a primary or backup MFA method