Cybersecurity guidance for international travellers

Cyber security may not top your travel checklist—but it should. Travelling to certain regions can significantly increase the risk of data breaches, privacy violations, and even government surveillance. While corporate or state-sponsored espionage might sound like fiction, it's a very real and growing threat targeting businesses of all sizes. Your organisation might already have some comprehensive security advice and practices in place, but we’ve put together the following guidance to help safeguard you, your devices and your data against any unforeseen events while you’re travelling overseas.

And while we’re talking primarily about business trips, the same advice should be followed if you’re accessing business services overseas, as well as for your own personal data.

Be prepared

Preparation is key before travelling—especially to regions where data protection standards are weaker or known cyber threats originate. While some countries pose a greater risk than others, it’s wise to follow this guidance when travelling out with the EU. Firstly, think about the devices you will be taking with you. Make sure that you prepare them before you go, and that means making sure you’ve updated your software including Windows (or OSX if you’re a Mac user), any applications you use, and any anti-malware software you use. You should consider that you may be stopped by customs, and they may ask why you have certain applications installed, so consider removing any unnecessary apps.

Assume any device you carry could be accessed, copied, or compromised. In some countries, authorities may inspect your laptop and its contents. Limit the data you travel with to only what’s essential. Even beyond border checks, devices are at risk of theft or covert access—putting corporate data in jeopardy.

So, what are your options?

One approach is to use a dedicated travel laptop—often referred to as a “burner” device—containing only the data and tools you need for the trip. This reduces the risk to your primary device and helps protect your organisation’s wider network. If that’s not an option, then there’s a few things you can do. Make sure your drive is encrypted using Bitlocker for Windows or FileVault for MacOS. Store files in the cloud rather than on the device, and make sure that you have a full backup of your data back at home. You can also consider setting up an alternative login so that if you are forced to login, the temporary account will only have access to limited data.

With regards to cloud data, before you go is the time to make sure that your online accounts are secure. Use strong passwords and think about using a biometric MFA token (such as a Yubikey) rather than a text message which could be intercepted on a foreign mobile network. When you’re connecting to the cloud be suspicious of any Wi-Fi networks as they can be insecure. VPN’s might also be an option to help to keep you secure but set them up before you go. And alongside Wi-fi, remember that Bluetooth connections can also be used to hack devices, so consider disabling it alongside any other unneeded services.

While you’re away

With so many things happening in an unusual environment, try to keep your wits about you, and consider what you have learned about cyber-risks at home, and apply those skills when you’re abroad.

Aside from the obvious risk of theft, keep your devices safe as it can be easy for someone to connect to your device via USB or Bluetooth and leave them compromised. That includes picking up a promotional USB device from a vendor at a trade conference, connecting to Bluetooth to share contact details, or connecting to a Wi-Fi hotspot. Any USB device could have been altered to attack you, so unless you brought it and know it’s not been tampered with, don’t plug anything in (and that includes USB power supplies that aren’t your own, or someone who asks to quickly charge their phone).

Even on networks that appear trustworthy, assume your activity could be monitored. Hotel Wi-Fi and other public networks are prime targets for interception. Treat any data you transmit as potentially visible to others — especially in high-risk regions. Disable your Wi-Fi and USB when you’re not using them (save your battery too), and when you do connect, remember to bring up the VPN if you had it setup before you left home.

When you’re back

The vigilance doesn’t end when you get back home. Just as you might have picked up a few bugs on the flight home, your devices might also have picked up some unwanted additions during your travels, so stop before you connect to any private networks back home until you’ve checked.

Assume that anything you used while you were away could be compromised and take steps to make sure you don’t pass anything on. Assume that your devices could have been infiltrated by malware of some sort. If you haven’t used a “burner” laptop, you should consider having it wiped and restored back to your pre-trip backup. At the very least you should have it scanned with separate, reliable anti-malware software, and check for any changes – new applications installed or changes to user accounts could all be signs that you’ve been compromised.

For your online services, consider that someone could have snooped your passwords and MFA methods. Reset your passwords and check your accounts to make check for any changes to your account such as additional MFA methods that might have been added.

If you have your own IT department, it’s worthwhile asking them to check the device over before you consider it safe to connect back to your company network, and to check the logs on online services for anything that looks suspicious. And finally, it’s time to throw any foreign USB devices or accessories you might have been given, even if they’re not USB storage, they could still be infectious.

By following these comprehensive and proactive security measures, you can help to keep you and your organisation safe and minimise cybersecurity risks associated with international business travel.