Information Technology Services asks that students notify it of international travel to ensure that students are not caught by filters meant to catch foreign cybersecurity threats.

According to an announcement from ITS Operations Assistant Bobbie Brown, students are asked to email the Helpdesk with at least 48 hours’ notice of their destination, departure and return dates, and services required. That way, travelling students can be properly unblocked.

“By letting us know your itinerary, we can add you to the International Travelers group, allowing you to access email and college resources from your destination without being flagged as a security risk,” Brown wrote in an announcement posted on my.hillsdale.edu.

IT Operations Manager Tim Post said the primary concern is when a student connects from a country in which Hillsdale College has no presence.

“There’s a signature of Hillsdale College users,” Post said. “Any state in the U.S. is going to be on an ‘allowed’ list. Where we are blocking countries is where we have no business. For risk profile and risk tolerance, it’s better for us to just have those nefarious countries on a blacklist.”

The primary services affected are those hosting from servers on campus, such as those used for class registration, according to Senior Director of Information Security Scott Aschenbach.

“It’s mostly just the on premise computing that we have,” Aschenbach said. “You have maybe about 100 servers here, which handle all of the registration systems. You couldn’t register from somewhere else.”

As Post notes, however, the policy also affects email.

“In the last three years, we have moved from an on-premise Exchange environment to cloud-based email, Microsoft 365,” Post said. “With that change, it has given us more security capabilities and different tools, and different tools allow us to see our threat vectors a lot better.”

The turnaround for ITS to record upcoming international travel is relatively quick, according to Post.

“It takes probably two to three days,” Post said. “The actual work, we budget 30 minutes.”

Junior Hidi Cramer, who is studying abroad in Saarland, Germany, found this process quick and painless.

“All they asked me for was when I’m leaving and then when exactly I’m coming back. I’m not exactly sure when I’m gonna be back in town, but I just said I would email him back as soon as I know the exact date, and they were perfectly fine with that,” Cramer said. “I think that was settled within 20 minutes of emailing back and forth.”

Post said that if a student has forgotten to notify the Helpdesk, ITS can work faster if needed.

“If it’s an emergency, they should indicate that on the ticket,” Post explained. “If they’re leaving tomorrow, we’ll prioritize it higher.”

If students have an upcoming password expiration, however, they should change their passwords while still on campus, according to Post.

“When you’re off campus and change your password on a Mac, although it updates in Keychain, it doesn’t get changed here locally. Right now, there is not a workaround around that,” Post explained. “If you think you’re going to be expiring within a few months, it’s just safe to come in when you work on campus and do the change.”

According to Aschenbach, the international travel policy works with two other main ITS cybersecurity policies to decrease the amount of risk to the college’s infrastructure.

“These are all percentage games,” Aschenbach said. “We have 80% to 92% fewer major breaches due to just those three controls.”