Post-Travel Mobile Device Actions
Overview
The ISM-1300 control outlines mandatory cybersecurity procedures for personnel returning from international travel with mobile devices. These actions are designed to mitigate risks associated with potential device compromise, credential exposure, and data integrity concerns.
Purpose
This article outlines mandatory post-travel procedures required by ISM-1300 Control to maintain information security upon return from overseas travel with mobile devices. These steps are designed to prevent data compromise, ensure device integrity, and protect the corporate network.
Scope
This applies to:
- Company-issued mobile phones
- Staff travelling for work purposes outside of Australia
Post-Travel Requirements
Upon returning from overseas travel, all personnel must complete the following actions before reconnecting any mobile device to the corporate network:
1. Sanitise and Reset Devices and Removable Media
To prevent any potential compromise or malware introduced during travel:
1.1 Perform a factory reset of mobile phone
1.2 Reset up phone using the organisation’s standard deployment process
1.3 Remove any unverified files or unknown applications
1.4 Wipe or format all USB drives, SD cards, or external storage devices
1.5 If a device cannot be reset, it must be inspected and cleared by ICT before use.
2. Decommission Travel-Exposed Credentials
If any credentials (passwords, access tokens, authentication keys) left your possession or were used in untrusted environments (e.g. internet cafes, foreign Wi-Fi, customs border patrol inspection):
2.1 Immediately change passwords for any accounts accessed while travelling
2.2 Revoke or replace certificates, tokens, or VPN profiles used overseas
3. Report Device Integrity Concerns
If you have any doubt about the integrity or security of a device or removable media used while travelling: Examples of concern include unusual device behaviour, unexpected prompts, or physical tampering
3.1 Do not reconnect it to any internal systems
3.2 Report the concern using the 'Cyber Security Incident' form
3.3 Devices with suspected compromise will be isolated and assessed by IT SecOps