itpolicycontent

This guidance information applies to all staff, contractors and agency staff who work for the MOJ.

Personal safety

As a government official, when you travel overseas, you might be of interest to a range of hostile parties. It doesn’t matter what role you have or how senior you are.

Devices such as laptops, tablets and phones are very desirable targets to steal. Travelling abroad with them puts you at a greater security risk of being a victim of theft.

Never put yourself in any danger to protect an IT device. The effect of a compromise on the MOJ does not warrant the risk of injury or loss of liberty.

Reduce risk for you and your colleagues by following departmental policies and advice.

Keeping safe whilst conducting sensitive work abroad

Voice calls and SMS messages are not secure. They are more likely to be intercepted whilst abroad. Be aware of the risk when using a mobile phone.

Keep your devices with you at all times. Keeping data secure is easier when you have physical control over the equipment.

In particular:

• Keep any password or PIN details separate from the device.
• Be careful when using your device in situations where it might get lost or stolen. Examples include busy public places, and while transiting customs or security at airports.
• Think about where you are working. Ensure that no-one can observe you working. For example, somebody might look over your shoulder in a crowded place.
• Never leave the device unattended - not even for a moment.

Sometimes, it is not practical to keep the device secure with you at all times. For example, you might go to the swimming pool or gym. Consider storing the device in the hotel safe. Remember that standard hotel safes are not completely secure. Usually, hotel staff can override controls to gain access to the safe. Where appropriate, store the device in a tamper proof envelope. Make sure you have enough to last while you travel.

If the tamper evident seals show signs of disturbance, or the device exhibits strange behaviour, treat it as compromised. Stop using the device. Contact your Service Desk immediately, and report the device as compromised.

Guidance on using mobile phones

Avoid conducting work-related sensitive phone conversations. They might be intercepted. If you cannot avoid the conversation, ensure you can’t be overheard.

Do not use public charging stations. Do not connect the phone to a vehicle by USB or Bluetooth. These can all download information from your phone.

Hotel and public WiFi spots are not secure. They are easily intercepted or monitored.

Secure the phone with a password or PIN.

If the phone is taken from you, or you think it might have been compromised in any way, report it to the MOJ Duty Security Officer:
 
or email:
 

General guidance

Remove unnecessary files from your device when travelling abroad. This reduces the risk of data exposure if the device is lost or stolen.

What to do if you are asked to unlock a device by officials

The sensitivity of data affects how much you should try to prevent customs, security staff or other officials from accessing it.

Do not risk your own safety when carrying devices to an overseas destination. The sensitivity of data on the devices should not justify any risk to personal safety.

• Try to establish your official status and good faith from the outset.
• Remain calm and polite at all times.
• Carry the names and telephone numbers of suitable MOJ contacts. Invite the overseas officials to contact them, to confirm that you are who you claim to be.
• If the officials continue to insist you enter password or access details, repeat the above steps.
• State that you are carrying official UK government property, that it is sensitive, and that you cannot allow access.
• Ask to see a senior officer or supervisor. Be ready to take the names and contact details of any officials involved in the event. These are helpful when pursuing a complaint, or during an investigation, even at a later date.

If you are on official business:

• State clearly that you are a UK civil servant, travelling on HMG official business.
• Where appropriate, produce an identity card or official document on headed notepaper or with a departmental stamp. It should include your name, photograph and departmental affiliation.
• Produce a letter of introduction from the overseas organisation or individuals you are visiting.
• Carry the names and telephone numbers of the people you are visiting in your visit. Invite the officials to contact them to confirm that you are who you claim to be.

It is possible that you might lose sight of a device, for example if a customs official removes it. The device is immediately considered compromised. Contact the Service Desk at once, and report the device as compromised.

If you have any problem when using MOJ equipment abroad

When calling from abroad, the contact telephone numbers you need are:

1. Technology Service Desk (DOM1):
    
2. NICT Service Desk:
    

If any security-related incident occurs overseas, regardless of whether it involves MOJ equipment, you should contact Corporate Security Branch:
 
as soon as possible.

For any emergency outside normal UK business hours, contact the MOJ Duty Security Officer:
 
or email:
 

If there is a problem with your MOJ equipment, it might be necessary to disable your ability to connect to the MOJ network or services from your device. The Service Desk will do this if required. MOJ-issued phones might still have some functionality, to let you make phone calls, but the device should be treated as compromised and not used any more for any MOJ business.

This document is dated January 2018, and is an updated version of the 'Taking IT equipment abroad (business or personal)' guidance, dated April 2015. To provide feedback on this document, please contact us: itpolicycontent@digital.justice.gov.uk.