–Laptops, mobile devices, and removable media. Only take devices you will need when you travel. For removable media, consider purchasing separate media for travel, rather than taking devices containing thousands of files you definitely will not need. Check with your company before taking company equipment on personal travel, especially if the travel is international.

–Sanitize your devices. If you are taking personal or work devices like computers, mobile phones, or removable media, look at what files are on those systems. Consider removing sensitive files not be needed for the trip, and then reinstalling them after the trip is complete.

–“Disposable” devices. Consider getting a prepaid mobile phone when you travel internationally, rather than taking or relying on your personal phone. A prepaid phone can reduce your risk and avoid roaming charges.

–Get roaming service. Inquire with your mobile carriers about roaming and international service. You may be able to get international roaming, texting, and data for a nominal charge, if you purchase it ahead of time.

–Powered off and locked up when not in use. Put screen locks on all your computers and mobile devices, so hotel staff can not power them up or look at them when you are not present. Use hotel safes to lock up equipment not in use, or keep it with you on your person.

–Leverage the cloud. Keep additional files you might need in the cloud, using Microsoft, Apple, or Google shared drives, or a service like Dropbox. The cloud can also be a useful place to put backup copies of the files you take with you, in case your primary devices are lost or damaged.

–Protect your wallet and travel documents. If you are traveling with a partner, make sure each of you has separate sets of identifying papers, trip itineraries, money, and credit cards. Back each other up, and then have more backups in your bags. If you are traveling alone, take two complete wallets where each has an ID, separate credit card, cash, and other important documents. If your passport is lost or stolen, even an expired driver’s license can be helpful for proving who you are to embassy officials. Make sure you have redundant copies of travel documents and itineraries, and the extras are stored separately from the originals.

–Know where to go for help. Think through where you can go for help, should things go wrong. Have phone numbers for local consular offices, tourist assistance offices, your hotel, and travel agent. Make sure someone back home has this information as well, so they can help you in an emergency. Think through how you might get help, money, and support should things go very wrong. If you are traveling on business, get the contact information for your company’s security and travel offices, as well as those for your supervisor and management.

–Backup your data. Backup your electronic files before you begin your trip. Do not take anything with you that can not be replaced from a backup, if necessary. Of particular concern are pictures on your mobile phone, if they are not automatically backed up when you take them. If there are critical files on your laptop computer, make sure you have a second copy of those files on removable media, and maybe even a third copy stored in the cloud.

–Digital versus paper. If you are traveling on business for a contract negotiation, you might want to have a paper copy of the contract somewhere in your bag. The paper copy can not get accidentally erased. Conversely, consider taking digital photographs of your passport, itinerary, and tickets, and keeping them on your smartphone. It’s all about redundancy because you never know what might go wrong.

–Assume kiosk machines are compromised. Assume kiosk computers you are using are compromised, and reduce your use accordingly. If you are printing files or travel papers, consider forwarding those documents to a less-sensitive e-mail account rather than using your primary or company e-mail account from kiosk computers. Consider using a thumb drive for your files, rather than accessing sensitive e-mail or online accounts from a kiosk computer. Write protect your thumb drive (some have this feature) so the kiosk machine can not try to infect it with malware. If you have to enter sensitive credentials, try to change them soon afterward from a trusted device.

–Assume public networks are dangerous. When you connect to public networks, you do not know who or what is connected to that network or monitoring your network traffic. Other computers on the same network may be able to scan your computer for vulnerabilities and attempt to compromise it. In addition, the network may be able to monitor everywhere you go and everything you do. Depending on the configuration, this monitoring may include intercepting your connections to trusted websites and intercepting username and password credentials.

–Engage your device defenses. On your devices, ensure your personal firewall is enabled along with other defenses like antimalware software. When using your device, watch for signs of attack—like unsolicited messages, unexpected invitations, pop-ups, or attempts to install software. If you have access to a virtual private network (VPN) connection, immediately connect to the VPN so your outbound traffic is private and encrypted. The VPN tunnel protects your computer’s network connection, and your web browsing, from prying eyes.

–Do not automatically connect. Turn off Wi-Fi options to “automatically connect” to known wireless networks. Attackers often stand up malicious networks that use common names like “public Wi-Fi,” “hotspot,” “coffee shop,” “lobby,” or “guest.” Prefer wireless networks that are password-protected over unprotected “open” networks, when possible.

–Use your cellular hotspot. When you have a powerful “3G” or “4G” smartphone with good signal quality, the phone can act as an internet service provider (ISP) that you can use instead of public Wi-Fi for your laptop computer (data and roaming charges may apply). Cellular data connections tend to generally be more secure and more private than public Wi-Fi. For sensitive online activity, your hotspot may be a more secure alternative. Just make sure you configure it with a strong password.

–Check with the authorities. When traveling internationally check with the government (in the United States, www.state.gov) for guidance and warnings specific to the country and region to which you are going. If traveling on business, your company security office may have guidance for you as well. Find out the addresses and telephone numbers of the embassy and consular offices in the country you are visiting.

–Protect your valuables. When staying in hotels, consider the following priority list for your valuables:

1. Lock your valuables in the hotel or room safe, protected by a combination or password selected by you.
2. If no safe is available, place valuables in drawers or suitcases where they are out of sight and not obviously present. Check on your valuables when you enter or leave the room to make sure everything is in order. Remember to check the safe and all drawers before you check out.
3. When not locked in a safe place, carry your valuables with you. Avoid keeping wallets in bags or back pockets where they may be visible and pickpocketed or easily taken.
4. For personal or business computers, use carry cases that do not look like they contain computers. “High-tech” computer cases may be particularly obvious and should be avoided for sensitive travel.

–Hotel fire safety. For each place where you stay, including hotels, hostels, or houses, walk the fire escape route and make sure it actually leads to the outside of the building. Know the primary and alternate fire escape routes from your room and other places you will be visiting.

–Bring spare batteries and chargers. While it may not be feasible to carry a spare laptop battery or power adapter, external “USB batteries” are popular and can double or triple the endurance of your smartphone or mobile device. In addition, bring at least one spare charger and charging cable—they are small, lightweight, inexpensive, and indispensable if a proprietary plug gets damaged or lost. With the right cable, you should be able charge your phone from your laptop in a pinch. In addition, devices with “USB C” connectors may be able to both send and receive power from other devices, including external batteries.

–Do not forget power plug adapters. Today, most consumer electronics have “multi-voltage” digital power adapters that can accept power from basically anywhere in the world. This capability is a far cry from twenty years ago, when international travel required getting separate transformers and power adapters. However, wall plugs are not quite so standardized. It is important to find out what the plug standards are for each area you will visit and make sure you bring the appropriate adapters with you on the trip for all your electrical needs. You will end up needing them and trying to find them in the middle of a trip might be a challenge. If you forget, check with the hotel front desk—they may be able to help you out in a pinch.

–Step outside or go back to the room. You do not need to discuss your company’s negotiating strategy in the lobby of the hotel, if you can avoid it. The same goes for reviewing account numbers with a family member back home who is trying to pay your credit card bill. If you need to have a private conversation regarding sensitive information, try to get away from potentially spying people, or go back to your room. If it appears that someone is following you as you move, end the conversation and make arrangements to continue the conversation later.

–Lock your screen. Install a screen lock on your laptop and mobile devices. Make sure the screen is locked if you have to step away, even if it is just for a minute. Configure the screen to automatically lock after a period of inactivity—say 15 minutes or so.

–Install a privacy screen. Privacy screens are available for laptop computers, as well as for mobile devices. Some privacy screens are removable, which can be helpful if you need to share a laptop screen sometimes, while staying private at other times. Privacy screens on a mobile device can make it much harder for prying eyes to see your accounts, contacts, logons, or phone numbers.

–Beware of shoulder surfing. When you are entering phone numbers, e-mail addresses, usernames, or passwords, be aware of the people around you. Who is sitting or standing behind you? Can they see your screen? Can they see your hands? Orient yourself so people are not behind you, and so your hands can not be easily seen while you are typing in sensitive information or accessing your online accounts.

–Mobile devices and remote wipe. On your mobile devices, enable storage encryption for built-in and removable storage. This enablement is usually done by specifying a device “passcode” for access to the device. On Android, these features are usually in the “Security Settings” area and include options for encrypting the phone and microSD removable storage. On Apple’s iOS, encryption is enabled by default once a passcode is put in place. You should also consider enabling “find my phone” and “remote wipe” functions available for your operating system.

–Laptop drive encryption. Whether your laptop has a conventional spinning hard drive or a solid-state drive (SSD) with no moving parts, drive encryption protects against someone removing the drive and simply copying its data. This type of attack is daunting because it does not matter what the operating system is, or what your password is to logon to the computer. By enabling drive encryption, the drive is not accessible until the user has entered the drive encryption password, prior to the computer starting up. In Windows, this enablement can be done using the built-in “BitLocker” drive encryption; Apple’s version is called “FileVault;” and most Linux distributions include the “dm-crypt” and “LUKS” open source encryption tools.

–Removable media encryption. Removable hard drives and solid-state drives can be encrypted using the same tools as laptop computers. However, there may be additional challenges if the removable media is to be used with multiple computers or operating systems. If you encrypt your removable media, make sure all computers that may need to use that media have the appropriate software installed, or that you bring the software with you. Third-party tools from McAfee and Symantec include disk encryption tools that can work across multiple computer platforms, with a simple installation.

–Backup, backup, backup. The downside of drive encryption is that it may make data recovery from a failed drive difficult or even impossible, even if you have the password for the encryption. It also means a minor drive failure may make your computer unable to boot, even in “safe mode.” It also means that data can be lost if the encryption key is deleted or forgotten. So, backups become more important when encryption is used. Make sure you have backups of your operating system, applications, and data.

–Bring your own USB chargers. Bring your own USB devices, peripherals, and chargers. If you can avoid it, do not use USB ports at hotels or public places to charge your devices. It is just too easy to rewire these devices so they both charge and infect their customers. Use your own charger and plug it into an electrical wall socket.

–Get thumb drives with write protect. For file sharing, get thumb drives that include a “write protect” feature so that no malware can be written onto the drives when you plug them into an untrusted computer. Use the write protect feature when all you need to do is read the files contained on the drives. With a new thumb drive, reformat it completely before using it, and again after you have exposed it to untrusted computers or devices.

–Beware of “free” USB devices. While it may be convenient to get vendor information on a free thumb drive with the vendor’s logo on it, these devices can be easily infected in a number of ways (even from the factory). Unfortunately, cheap thumb drive manufacturing is incredibly competitive and quality control may be lacking. Also, there are many ways that malicious cyber attackers can use such “free” thumb drives to attempt to get past your computer’s defenses, as discussed above.

–Be aware of international laws and politics. Different countries have different rules regarding data handling, merchandise for demonstration or samples, prescription drugs, and controlled substances. If you are traveling with prescription drugs—particularly narcotics—make sure you have all of the appropriate paperwork and doctor’s orders with you. Understand what is allowed and not allowed crossing the border and in the country you are visiting. If you are confronted by the authorities, do not get belligerent, but also try to get help from your country’s local consulate. Treat everyone respectfully and try to get others involved who are on your side.

–Know if you handle export-controlled data. If you are in a business that handles export-controlled data, or highly proprietary commercial data, know if you have it on your computer, removable media, or mobile device. Encryption does not protect data from export, and just taking a device with export-controlled data on it outside of the country may constitute export, even if you do not intend to leave it there. If in doubt, get another “clean” device that has never contacted export-controlled data. If you suspect someone tampered with your device while on travel, wipe your device clean and reinstall your operating system when you return.

–Consult with your employer or security officer. If you have a security clearance, you may be required to report international travel beforehand, and then submit a post-trip report afterward. If you handle export-controlled or highly sensitive data, your company may want you to report international travel, regardless. Contact your security office and follow their guidance.

–Watch out for other confidential and proprietary data. You should consider what other confidential and/or proprietary data you have, and if you should take that data with you. If you are visiting a company, do you have data from that company’s competitor as well? It would be terribly embarrassing if that data were to leak, even by accident. Such embarrassment could be career-limiting for you, if it turns out you could have prevented it.

–Be cautious and have contingency plans. As is often the case with travel, it pays to be cautious and plan for things that could go wrong. Make sure people know you are traveling, and can contact the authorities if you go missing or something happens to you. What if you have an accident—will someone be able to find you at the hospital? Accidents are scary enough when they are at home, where we have family and friends available to help us. Do not take unnecessary risks, do not be a daredevil, and be prepared for things that could go wrong. Above all else, be considerate of your surroundings, as you are a guest to their country and an ambassador for your own country.