Travel Security

By Jeffery Carr Founder, Suits and Spooks; Author of “Inside Cyber Warfare (O’Reilly Media, 2009,

“George Friedman (Founder and CEO, Stratfor) used to brag about how he never worried about computer security when traveling around the world.”[1]

Whether you’re a small business or a multinational enterprise, one of the easiest ways to have your network security compromised is by bringing your primary laptop and mobile phone with you when you travel. Possible points of compromise for your mobile devices while traveling include:

• Free WiFi in the airport, hotel, restaurant, or car service
• Your hotel safe
• Your hotel room
• Your conference venue
• USB sticks given as gifts or SWAG
• Interception, recording, and storage of your Internet and telephone communications by foreign telecommunications carriers (perfectly
legal in many countries)
• Airport security
• Customs and Border crossings

Fortunately there are some simple, low cost tips that will make any attack against your devices or collection of your phone calls and emails moot.

“When preparing to travel, lay out all your clothes and all your money. Then take half the clothes and twice the money.” – Susan Heller


Susan Heller’s excellent travel advice also applies to your data. The key to safe travel from a cybersecurity perspective is to only take the data that you need, and store it off your laptop or tablet in a relatively secure cloud platform like Google Drive, Microsoft OneDrive, Dropbox, etc. If you’re in a high risk profession, you should be using Tresorit or another end-to-end encryption, zero-knowledge Cloud storage provider.
If you want the ability to work on your documents without having to rely upon WiFi, then store them on an encrypted flash drive like Aegis Secure Key, which provides you with option of setting a Self-Destruct PIN in case you are forced to reveal the unlock code. The key will appear to unlock normally but there won’t be any data on it. Never save any data to your laptop or tablet; only to your cloud provider or to your flash drive.

“The greater share of you in this room are entirely capable of taking care of yourselves and would, I wager, be better off if you did. I say that because cybersecurity people, or the best ones anyway, have a propensity to ask not what some gizmo can do for you but rather what that gizmo can do to you.” -Daniel E. Geer, Jr., Sc.D.; CISO, In-Q-Tel


Never take your primary laptop with you when you travel. Instead, purchase a laptop or tablet that will become your dedicated travel workstation.
Choose something with an easy factory restore setting, a long battery life, a USB port, and one that is compatible with your encrypted USB flash drive. Options include the Apple iPad (requires an adaptor) or Macbook Air, the Microsoft Surface, or any of Android tablets.

Device Rules:
1. Do not store any files on your device. Store them in the Cloud or your USB drive.
2. Do not use your device’s email client. Use a web-based email account.
3. Never connect your travel device to your corporate network.
4. Always restore your device to factory settings after every trip.

“When I arrived in Beijing, I was handed the keys to a brand new Porsche 911 and introduced to my guide, a stunning Chinese woman who spoke better English than I did.” – Daniel, CFO of a Global 2000 financial services firm [2]


Just as you shouldn’t take your primary laptop with you when you travel, you should have a pre-paid travel phone that only contains the contacts needed for your specific trip. Keep Bluetooth and WiFi turned off. Use your phone’s personal hot spot as a WiFi connection for your laptop. You’ll be paying for data usage through your carrier, which may incur substantial fees, so be sure to shop around for the best deals.
Be sure to install Signal on your phone and use it for all of your text messages and calls. The company has recently addressed attempts to block the use of the app in Egypt and the UAE by adopting a strategy known as “domain-fronting”.[3] Signal is your best friend. Don’t leave home without it.
Do not expect to bring a burner phone into China for very long without having to register it. The key to travel security is not to hide your identity, but to limit the amount of data that a foreign entity or malicious actor can obtain from you. Trust that if you are of interest to any nation’s intelligence or law enforcement services, they already know that you’re coming (like “Daniel” in the example above).


These best practices are for security-conscious travelers who want to protect their sensitive client or corporate data from malicious actors. If you are a high value target for foreign intelligence services and price is not an object, there are other options available to you including creating a completely secure communications package that is undetectable to foreign governments. Contact us for more information.

[1] Former employee of Stratfor speaking with the author after the Stratfor breach in December, 2011 when the company lost 200GB of data to hackers.
[2] Daniel is a pseudonym for a financial services executive who spoke with the author about his experiences with China’s Ministry of State Security.