Baseline Travel Prep 


Emerging External Resources

General Best Practices
(Things to include in your organisational travel policy)
  • General staff policy
  • Have a pre-flight checklist to cover your personal baseline 
  • Each staff person has an email address and phone number
  •  Emergency contacts are recorded for each staff member
  •  Travel plans, itinerary and contact info are submitted to office
  • When a staff member is travelling
  •  Decide on a check-in policy with colleagues/family: 
  • Set reasonable agreed upon check-in times
  • Specify the channel of communication for the check-in
  •  Establish coded communication that makes it clear that the traveling staff is not under duress if surveillance is likely
  •  Establish a back-up channel for communication in the event that primary communication is not feasible
  • Emergency planning
  •  Create and maintain an up-to-date phone directory to contact all staff in the event of staff emergency - where possible fresh contact info should be submitted prior to travel especially if it will differ from the "phone directory"
  •  Maintain contact information for local authorities, lawyers, or other agencies who would provide assistance in the event of an emergency

Protecting your Information and Devices

When traveling for sensitive work or with sensitive information, it's important to understand the potential risk of unwanted access to this information, and risk mitigation measures. It is vital tobe aware of the nature of the information you will be carrying into and out of the country, and how you will carry it. 
  • Data on people at risk/HRDs you are meeting
  • Travel plansPasswords/ access codes
  • Censored/ banned information
  • Organisation sensitive information
  • Personal information
  • Embarrassing/ incriminating information
  • Legal - encryption or data not allowed for export
  • Receipts
  • Reports
  • This information maybe stored in/on notebooks, publications, laptops, phones, USBs, CDs,or SD cards. Know where this information is, how sensitive it is, and how to protect.
  • Preparing your personal devices for travel
  • How can I protect the content of my devices?
  • Clear your saved passwords,
  • Clear your browser history,
  • Log out of applications with data you want hidden
  • Separate password manager from your device (save on USB or another device)
  • Active screenlock
  • Make sure your software is up-to-date:
  • Operating System
  • Installed software
  • Install Secunia or similiar software to check software are updated
  • Prepare a VPN or other connection privacy tool, test!
  • Download potentially blocked circumvention applications like Tor prior to going in-country (another: https://censorship.no/ )
  • set up app-based 2FA if available, test! 
  • Print backup codes
  • install Google Authenticator or Authy or FreeOTP
  • Ensure devices (laptop, phone, tablet) have device encryption (FDE) enabled
  • Securing Content of Devices
  • Minimize content, access to accounts on travel systems
  • Don't bring sensitive info with you.(email...)
  • Mobile Devices
  • If you don't need it on your phone, you don't want it on your phone
  • Use a password, not a pin, fingerprint, or face recognition. 
  • If it is sensitive, and you don't need it, take it off for the trip and reinstall when you get back.
  • Social Media - Operational Security
  • Think carefully about what information you share
  • What persons, places, and things are sensitive?
  • Who can see your posts?
  • Know what your privacy settings let others see
  • Get consent before posting information about or photos of others during/after your trip

During Travel

  • Wi-Fi Operational Security
  • Don't connect to random access points if you can avoid it
  • Turn on your VPN if you can't
  • Turn off your Wi-Fi when not in use.
  • Delete old networks from your connection list
  • Device Operational Security:
  • Know where your device is,
  • Don't give easy access to your device,
  • Don't log in to services on others devices,
  • Log-out of your device when walking away,
  • Shutdown when leaving your device somewhere.


Specialized strategies for securing your devices when traveling
  • Chromebook + burner phone (deal with re-contact; temporary accounts, no PGP?)
  • can "powerwash" chromebook on return
  • VPN setup is either through chrome "apps" (which are new, and a bit unclear in terms of what they protect and how, e.g. tunnelbear's chrome app is only 128bit AES, as opposed to the 256bit of their desktop application) or OpenVPN or L2TP "built in" options, which are very difficult to set up
  • PortableApps 
  • Knowing when to store your data on a remote server versus protecting the data locally on your computer in an encrypted partition/veracrypt/pgp/etc. archive
  • It might be best to travel without needed sensitive data, downloading your data from trusted remote server once in-country via VPNs or Tor
  • But, is knowing the account info to a target place to DL more secure than it locked away locally on an encrypted partition/veracrypt/pgp/etc. archive?  In both cases, you likely have some "stub" locally and a password in your manager or brain; remote has the benefit of not having a file someone can take and hammer at offline, but relies on a steady and high-quality connection if the files are of any decent size) 
  • It also needs to take into account where you are likely to be targeted if information / hardware is to be taken. Remote storage is fine if only border crossings are the worry.
  • Use a locked briefcase as a basic detterent / tamper-proof box to store laptop (if it is tampered, at least the user will know)

Advanced Prep

Decide on more advanced options depending on travel destination, topic/theme of work, or community you're interacting with