The Pre-Travel Digital Security Checklist

Updated on June 6, 2026

Before You Pack Your Bag, Lock Down Your Digital Life

Most travelers spend hours obsessing over packing lists — the right adapter, the lightweight jacket, the walking shoes. Almost nobody gives the same attention to their digital life. And that's exactly the gap that pickpockets, hotel Wi-Fi snoopers, and border agents are counting on.

This checklist is built from real travel security scenarios, not theoretical threat models. Work through it a week before you leave — not the night before, because some of these steps take time.

Device Encryption: Your First Line of Defense

  • Enable full-disk encryption on your laptop. On macOS, this is FileVault (System Preferences → Privacy & Security → FileVault). On Windows, it's BitLocker. If your laptop is stolen or seized, encryption without the password means your files are unreadable — not just locked.
  • Check your phone encryption status. Modern iPhones encrypt by default when you set a passcode. Android varies — go to Settings → Security and look for an encryption option if you're on an older device.
  • Use a strong PIN or passphrase, not biometrics, at borders. In many countries, including the US, border agents can compel you to unlock a phone with your fingerprint. They generally cannot compel you to reveal a passcode. Consider temporarily disabling Face ID or Touch ID before crossing.
  • Set a short auto-lock timer. Two minutes is reasonable. An unlocked phone left on a café table is a wide-open security hole regardless of your encryption settings.

Backups: Because Gear Gets Lost, Stolen, or Broken

This is the unglamorous part of travel prep that people skip until they're standing in a foreign hotel lobby watching a taxi drive away with their laptop in it. Do these before you leave.

  1. Run a full encrypted backup of your laptop. Time Machine on macOS, Windows Backup, or a dedicated tool like Backblaze. Make sure the backup completed successfully — actually verify it, don't just assume.
  2. Back up your phone photos and contacts. iCloud or Google Photos set to automatic backup. Confirm the last sync timestamp before you leave home.
  3. Store a copy of critical documents in an encrypted cloud folder. Passport photo page, travel insurance details, hotel confirmations, emergency contacts. Use something like Bitwarden's secure notes or an encrypted folder in your cloud storage — not just a regular Google Drive folder anyone with your Google account can open.
  4. Write down or print two or three critical passwords. Keep them in your luggage separately from your devices. If your phone dies and you're locked out of every account, you'll want a way back in.

Public Wi-Fi: The Risk Is Real, Not Paranoid

Airport Wi-Fi, hotel networks, hostel connections — these are shared, often unencrypted, and occasionally set up by someone specifically to intercept traffic. A VPN doesn't make you invisible, but it closes the most obvious attack vector: someone on the same network watching your unencrypted traffic.

  • Set up a VPN before you travel, not while you're there. Some countries block VPN downloads. Get a paid, reputable service like Mullvad or ProtonVPN installed and tested at home.
  • Enable the VPN kill switch. Most good VPN apps have one — it cuts your internet connection if the VPN drops, so you're never accidentally transmitting on an unprotected connection without realizing it.
  • Turn off auto-connect to open Wi-Fi networks. On iPhone: Settings → Wi-Fi → toggle off "Auto-Join Hotspot." On Android: look under Wi-Fi preferences. Your device should ask before joining any new network.
  • Use your phone's hotspot as a fallback. For sensitive tasks — logging into your bank, checking work email — skip the hotel Wi-Fi entirely and use mobile data through your phone's hotspot instead.
  • Watch for evil twin networks. A network named "Hilton_Guest" might be legitimate. "Hilton_Guest_Free" probably isn't. When in doubt, call the front desk and confirm the exact network name before connecting.

Accounts and Passwords: Tighten Before You Leave

  • Audit your password manager. If you're using one (and you should be), check for any accounts with weak or reused passwords that you'll actively use while traveling. Change them now, not at the airport gate.
  • Enable two-factor authentication on email, banking, and any work accounts. Use an authenticator app rather than SMS if possible — SIM swapping is a real threat, and international SIM issues can break SMS-based 2FA at the worst moment.
  • Download offline authenticator backups. Apps like Aegis (Android) allow you to export an encrypted backup of your 2FA codes. Store it somewhere safe. Losing access to your authenticator abroad is a miserable experience.
  • Log out of devices you're not bringing. If you're leaving your home desktop behind, sign out of sensitive apps and revoke its active sessions where possible. Some services let you see every logged-in device.
  • Set up account recovery before you go. Verify that your backup email and recovery phone number are current on your most important accounts. A locked-out situation is much harder to resolve from a different country.

Border Crossings: A Separate Category Entirely

Border security is a different threat model than café snooping. Here you're dealing with agents who have legal authority, who may be able to compel device access, and who can detain you if they choose. The right approach depends on your destination, your citizenship, and what's on your devices.

  • Know the rules for your specific crossing. US Customs and Border Protection has broad authority to search devices at the border, even for citizens. The UK, Canada, Australia, and many other countries have similar powers. Some countries inspect devices routinely; others almost never do. Research before you arrive.
  • Consider a travel-only device. For high-risk crossings, some security professionals bring a clean laptop or cheap phone loaded only with what they need for the trip. Everything sensitive lives in the cloud, accessible after they've cleared the border.
  • Disable biometric unlock before you reach the checkpoint. On iPhone: press the side button and volume button together to trigger Emergency SOS mode, which disables Face ID temporarily. On Android, the process varies by manufacturer — find your device's method before you travel.
  • Back up and selectively clear sensitive data if needed. If you have legitimate reasons to protect sensitive client files, legal communications, or personal medical records, talk to a lawyer about your rights before choosing this path. Document your reasoning.
  • Log out of social media apps before crossing. Border agents in some jurisdictions have requested social media passwords. An app with no active session gives them nothing to scroll through even if they ask you to hand over the device.

A Few Small Things That Matter More Than You'd Think

  • Cover your laptop camera with a physical shutter. Not because you're being watched right now, but because hotel and hostel environments put you near more strangers than you're used to. It takes one piece of malware on one shared computer to give someone a window into your room.
  • Use a privacy screen on your laptop in airports and trains. Shoulder surfing — someone literally reading your screen over your shoulder — is still how plenty of credentials get stolen in transit hubs.
  • Check app permissions before you travel. Do your travel apps need your camera? Your contacts? Your location when you're not using them? Trim these now. You don't need your flashlight app accessing your microphone in any country.
  • Update everything before you leave. Operating system, apps, your VPN client. Traveling with unpatched software is traveling with known vulnerabilities. Do the updates while you're on your home Wi-Fi.

The Morning You Leave

Run one final check: VPN is installed and tested, biometric unlock is configured correctly, your backup completed overnight, and your password manager is synced. Lock your home computer before you close the door. Enable Find My Device on your phone and laptop if you haven't already — not because you expect to need it, but because you won't regret the two minutes it takes.

Travel changes your risk profile. You're on unfamiliar networks, in physical environments you don't control, often tired and distracted. The point of this checklist isn't to make you paranoid — it's to make sure the decisions you'd make carefully at home are already in place before you're juggling luggage and a boarding pass.