Securing Your Devices for International Travel

Your laptop and phone carry your digital life -- email, banking credentials, client data, personal photos, authentication tokens, and access to cloud services. When crossing international borders or working from unfamiliar locations, these devices face threats that do not exist at home. Preparation before you leave is far more effective than damage control abroad.

Full-Disk Encryption

Encryption is your first line of defense. If a device is lost, stolen, or seized, full-disk encryption means the data is unreadable without your password or biometric authentication.

macOS (FileVault)

FileVault is built into macOS and encrypts the entire startup volume with XTS-AES-128 encryption.

  1. Open System Settings > Privacy & Security > FileVault.
  2. Click "Turn On FileVault."
  3. Choose how to unlock: iCloud account or a recovery key. For travel, write down the recovery key and store it separately from the device (e.g., in a password manager synced to another device).
  4. Encryption happens in the background and does not noticeably impact performance on modern Macs with T2 or Apple Silicon chips.

Windows (BitLocker)

BitLocker is available on Windows Pro, Enterprise, and Education editions.

  1. Open Settings > Privacy & Security > Device encryption, or search for "BitLocker" in the Start menu.
  2. Turn on BitLocker for your system drive.
  3. Save the recovery key to your Microsoft account, a USB drive, or print it. Keep this recovery key accessible from another device.
  4. For Windows Home editions, enable "Device encryption" in Settings, which provides similar protection.

iOS and Android

Modern smartphones encrypt data by default when you set a passcode or PIN:

  • iOS: Encryption is automatic and tied to your passcode. Use a 6-digit PIN minimum; an alphanumeric password is stronger.
  • Android: Most devices running Android 10+ encrypt data by default. Verify in Settings > Security > Encryption.

Remote Wipe Setup

If a device is lost or stolen, remote wipe lets you erase all data remotely:

Apple Devices

  • Enable Find My iPhone/iPad/Mac in iCloud settings. This lets you remotely lock, locate, or erase the device from icloud.com or another Apple device.
  • Activation Lock prevents anyone from reactivating the device without your Apple ID, even after a wipe.

Android Devices

  • Enable Find My Device in Google Settings. You can remotely locate, lock, or erase from google.com/android/find.
  • Samsung devices have the additional SmartThings Find network for offline tracking.

Laptops

  • macOS: Find My Mac handles remote lock and erase.
  • Windows: Microsoft's Find My Device can locate the laptop. For enterprise environments, MDM solutions (Intune, Jamf) provide more robust remote wipe capabilities.
  • Linux: No built-in remote wipe. Consider full-disk encryption with LUKS and a strong passphrase as your primary protection.

Border Crossing Preparation

Several countries assert the legal right to search electronic devices at borders, including the United States, Canada, United Kingdom, Australia, and New Zealand. The legal landscape varies:

  • US CBP (Customs and Border Protection): Can conduct basic searches of devices without suspicion. Advanced searches (connecting the device to external equipment) require reasonable suspicion. You are not legally required to provide passwords, but refusal may result in device seizure and significant delays.
  • Canada CBSA: Can examine any device at the border. Courts have upheld the right to compel passwords in some cases.
  • UK Border Force: Can require you to provide passwords under Schedule 7 of the Terrorism Act 2000.

Preparation Steps

  1. Minimize data on travel devices. Before traveling, remove sensitive files that are not needed for your trip. Sync them to an encrypted cloud service and download after arrival.

  2. Use a travel profile or user account. Create a separate user account on your laptop with only the applications and data needed for your trip. Log out of your primary account.

  3. Log out of sensitive services. Sign out of email, banking, cloud storage, and social media before crossing the border. You can sign back in after clearing customs.

  4. Disable biometric unlock at borders. In many jurisdictions, you can be compelled to use your fingerprint or face to unlock a device, but not to provide a memorized password. On iPhone, press and hold the side button and volume button to trigger the SOS screen, which disables Face ID. On Android, use lockdown mode (long-press the power button and select "Lockdown").

  5. Consider a travel device. For high-risk destinations, use a separate, clean device that contains no sensitive data. Set it up fresh with only the apps you need for the trip.

Burner Devices and Travel Laptops

A "burner" device for travel is not about criminal activity -- it is about risk management. If you regularly travel to countries with aggressive digital surveillance or border search practices, a dedicated travel device makes sense.

Phone: An inexpensive Pixel (excellent security update support) with a fresh Google account, your travel eSIM, and only essential apps. No personal email, no banking apps, no password manager with sensitive entries.

Laptop: A Chromebook or an inexpensive laptop running a minimal OS. Use web-based tools and a VPN to access what you need. If the device is lost or seized, you have lost a few hundred dollars of hardware and zero sensitive data.

After returning home, wipe the travel device and set it up fresh for the next trip.

Two-Factor Authentication Backup

Losing access to your 2FA methods while abroad is a serious problem. Prepare before you leave:

  1. Backup codes. Generate backup codes for all critical services (Google, GitHub, AWS, banking) and store them in a password manager that you can access from multiple devices.
  2. Multiple 2FA devices. If you use a hardware security key (YubiKey), carry a backup. Register both keys with your accounts before traveling.
  3. Authenticator app backup. Use an authenticator app that supports cloud backup (Authy, 1Password, or Google Authenticator's sync feature). If your phone is lost, you can restore your 2FA codes on a replacement device.
  4. SMS as a fallback. Keep your home SIM active (even as a secondary line on a dual-SIM setup) so you can receive SMS-based verification codes. Some services still rely on SMS for 2FA.
  5. Emergency access. For team or business accounts, ensure a trusted colleague has emergency access procedures documented.

Cloud Privacy and Data Residency

Where your data is stored matters, especially when traveling to countries with data access laws:

  • Encrypt before uploading. Use client-side encryption for sensitive files stored in cloud services. Tools like Cryptomator create encrypted vaults within Dropbox, Google Drive, or OneDrive.
  • Know your provider's data jurisdiction. Data stored in US cloud services is subject to the CLOUD Act, regardless of where you are physically located. EU data may be subject to GDPR protections but also to local access laws.
  • Use end-to-end encrypted services for communication: Signal for messaging, ProtonMail for email, Tresorit or SpiderOak for file storage.
  • Review sharing settings. Before traveling, review who has access to your shared drives, documents, and repositories. Revoke unnecessary access.

Physical Security Basics

  • Use a privacy screen on your laptop in public spaces. Shoulder surfing is trivial and effective.
  • Never leave devices unattended, even "just for a minute" in a cafe or co-working space.
  • Use a cable lock for laptops in hotel rooms when you step out.
  • Disable Bluetooth and AirDrop when not actively using them.
  • Enable automatic screen lock with a short timeout (30 seconds to 1 minute).

For the connectivity side of travel security, see our VPN for Travel guide and What is eSIM? introduction. Advanced connectivity strategies are covered in Digital Nomad Connectivity.

Back to the eSIM and Travel Security Hub.