Business trip abroad

Task - Plan your business trip abroad thoroughly and with sufficient advance notice, also with a view to information security. Pay particular attention to the following questions:

• Question 1: Am I aware of the risks that travelling abroad poses for my data, but also for my institute, my company and the entire TH OWL?
• Question 2: Have I done everything I can to secure my data and my devices?

Evaluation - If you answered no to one or even both questions, there is a need for action.

• Where are you? - For more information, please refer to the points listed above.
• What does the S(kim) say? - Are there any recommendations on procedures and practices? Ask the S(kim).
• In the department - If necessary, contact your IT staff in the department.
• Support at S(kim) - You are also welcome to contact S(kim) in person at the service points or via the contact addresses listed at the bottom of this page.

Good to know - Contacting the S(kim) at an early stage can eliminate uncertainties. In Germany, the Office for the Protection of the Constitution is also responsible for the defence against espionage by foreign intelligence services and is available as a confidential point of contact.

In detail, this means:

• Find out about the risk, security and legal situation in the destination country, especially when travelling to countries with special security risks as defined in the so-called "list of countries" (see link below). Use, for example, the travel and security advice issued by the Federal Foreign Office.
• Ask for experiences from other travellers and tips from TH OWL safety officers and take advantage of training opportunities.
• Compile contact addresses for emergencies (generally embassies/consulates, medical care, but also contact persons in your department for IT emergencies, the contact details of the S(kim), etc.).
• Subscribe to the Federal Foreign Office's emergency preparedness list (Electronic Registration of Germans Abroad – ELEFAND).
• TH OWL data may only be transferred abroad on fully encrypted end devices (laptops, mobile phones, tablets, etc.).
• Switch off face and fingerprint recognition on your devices. Use number combinations (at least 8 digits) instead.
• Be careful with documents: Only take what is absolutely necessary for the journey. Make backup copies and keep them in a safe place (at home/at the office).
• Pay attention to data economy, for example with location and movement data on laptops and mobile phones (when using Google Maps or similar).
• Please also note that more information about you and your plans can be obtained from the pictures and screenshots on your smartphone than you realise. For this reason, save your pictures externally before travelling abroad and delete the pictures, screenshots etc. on your smartphone.
• In this context, please also pay attention to your obligation to comply with the protection of personal data according to the GDPR. Documents, files, pictures, data etc. which could compromise other persons are particularly vulnerable to protection (examination results, homework, research results, research proposals, etc. ).
• Please refrain from taking mobile phones with you when visiting foreign diplomatic institutions (embassies/consulates) in Germany.
• Provide truthful but generalised information (e.g. on employment relationships) on entry and registration forms. All information provided can be used by foreign security authorities to conduct more thorough surveillance of you. At the same time, false or incomplete information can be used as a means of exerting pressure on you (threat of immediate deportation, etc.).
• Therefore, do not answer the questions incorrectly, but as abstractly as possible, with a low level of detail: only name the current employer, if possible only the university and not the department/institute/chair...

• Be sceptical when being contacted by people you do not know. Also be sceptical about favours and gifts, even from people you know, to avoid compromising situations.
• If possible, travel with someone.
• Plan your means of transport and routes in advance, ideally before you start your journey.
• Stay away from potentially dangerous situations (e.g. protests).
• Keep conversations about confidential content to a minimum.
• If possible, do not hand over sensitive documents, data or data carriers (laptops, mobile phones). Hotel rooms and hotel safes are not secure: national services usually have access to them.
• Do not leave your end devices (laptop, mobile phone, tablet, etc.) unattended. Lock the devices so that you have to log in again afterwards, even if you are only out of sight for a short time.
• Only use your own chargers - third-party chargers could be manipulated and used by you to tap into data without being noticed.
• Avoid open WLAN and Bluetooth connections, even in hotels/public transport. Please also exercise caution if WLAN or Bluetooth connections are expressly offered to you by official bodies.
• Remember that your internet usage can be recorded when using a WLAN. Accessing certain sites may be incompatible with local laws. The threat of punishment can be used as leverage against you.
• Be wary of service providers/service personnel.
• Do not have any confidential conversations or telephone calls in the hotel room. It is known in advance that you will be staying in this room: Preparations for spying can be made.
• For longer or permanent stays: Private living quarters and vehicles can also be the target of searches, including the risk of eavesdropping technology being installed.
• In foreign countries, always assume that someone around you (hotel, restaurant, taxi) understands your language or can at least make a recording of what you say so that you can translate it later. Please do not discuss confidential topics in this environment.

• Summary - Discuss your trip with fellow travellers and safety officers.
• Check - Have the devices you take with you checked for malware and change any access data you use while travelling.
• Change your passwords - After returning to the TH OWL, change all passwords that you have used abroad, especially outside the European Community. Do not use the device you took with you when travelling.
• Be attentive - Make a note of any noticeable observations, events and irregularities and report them to the competent authorities in the S(kim)/Department/Company.

In particular, when travelling to China, the following applies additionally:

• Communication - Do not make any calls to your own office, or only do so in absolutely exceptional cases, and maintain a general discipline when making calls.
• Luggage - When travelling as part of a delegation, expect that Chinese officials will handle the transport of your luggage and that you will not have access to your luggage for a long time. When travelling with delegations from Germany to China or within China, you should always assume that you will be accompanied at all times by members of the Chinese security authorities.
• Observation - Expect conspicuous shadowing or traffic controls if necessary.
• Apps - electronic surveillance using apps: Chinese security services also use smartphone applications to monitor travellers. Among other things, the devices are scanned for certain keywords. Furthermore, widely used apps such as WeChat or Alipay can also be used to obtain information, as the companies are legally obliged to co-operate with the authorities.
• Cloud - Do not use Google services (web search, Gmail, Google Maps, Google Photos, etc.) or social media (Facebook, Instagram, etc.) while you are in China.
• Sync&Share - Remember to switch off the automated synchronisation of certain services. For example, Google Photos may be set to upload images automatically. Deactivate these functions.
• VPN - Do not try to circumvent the Chinese government's Internet blocking measures using VPNs.

IT security is also an important topic, especially in the context of "business trips abroad". The following link will take you directly to our documentation on this topic:

IT-Security

We have also summarized the most important tips and rules of conduct for mobile work in the "home office", on business trips or on campus. You can go directly to the documentation via this link:

Mobile working