Skip to content

17 cybersecurity tips for business travelers

Meredith Kreisa headshot
Meredith Kreisa|Updated October 23, 2024
Cybersecurity tips for business travelers
Cybersecurity tips for business travelers

Cybersecurity should be a high priority for all businesses. With threats constantly evolving, maintaining a secure environment is challenging. But when users travel for business, cybersecurity concerns skyrocket. They must maintain secure remote access, or your sensitive data could be exposed. Worse still, you must rely largely on users to reduce the security risk. We’ll break down the top business travel cybersecurity tips to share with users before they take off.

1. Follow company policies

Why put all that work into developing IT policies if users don’t follow them? Before business travel, it wouldn’t hurt to remind users of your guidelines. Not only can it help reinforce what they hopefully already know, but it gives them an opportunity to ask any travel-related policy questions. And it gives you an opportunity to lay down the law.

2. Install updates

Whether you ask users to install updates themselves (please, no), or your IT team takes care of that, someone should install updates before your user hits the road. Vulnerability patching is especially critical since cybercriminals may look to exploit known weaknesses. However, even general updates may be worth installing to enhance productivity and functionality while users are away from the office.

Patch vulnerabilities from anywhere

PDQ Connect helps you reach managed Windows devices regardless of where they're located. With just a few clicks, you can detect vulnerabilities, prioritize them contextually, and patch them.

3. Back up data

Whoever maintains your backups should work their magic before the user departs. A recent backup lets you restore lost company data if a disaster happens (e.g., the employee’s laptop ends up at the bottom of the hotel pool).

Encourage users to plan ahead. Many like to download airline, hotel, restaurant, or conference apps. While these can be incredibly convenient, it’s best to download them before departure. 

Why, you ask? That’s an excellent question. You’re very astute. Well, cyber threat actors know that business travelers are easy victims. They can just post a QR code in a high-traffic area, claiming it will download a legitimate app. Instead, it could download a malicious app or malware. So ask users to download those apps ahead of time — from a trusted source.

5. Use strong passwords

In a perfect world, you’ve already laid the groundwork by writing and enforcing a strong password policy. But even if your guidelines are flawless, urge users to revisit their passwords before traveling. For the highest level of protection, it may be worth changing passwords before they depart and again upon their return. That way, any credentials that fall into the wrong hands won’t be usable for long. A password manager can make the process quick and easy.

6. Avoid sharing travel information with outside parties

Obviously, employees’ families should know about their upcoming travels. But other than that, urge them to limit who else knows to protect your business from phishing emails. If an employee posts on social media or other public channels, aspiring phishers could easily put together a highly targeted attack by pretending to represent a legitimate company directly related to the user’s corporate travel plans. For instance, an email that appears to be from the airline offering a free upgrade to first class would be hard for anyone to ignore. Most of us would walk through fire for even a few extra inches of legroom, so clicking a suspicious link seems like nothing.

The fewer people that know a traveler’s plans, the less likely it is that someone will be able to leverage their business trip details against them. As a bonus, being super secretive can make your users seem delightfully mysterious.

7. Leave unnecessary devices behind

When it comes to bringing work devices on trips, less is more. Your users should bring as few devices along as possible. For instance, if they attend a conference where they’ll be in sessions all day, they might not even need their laptop. Paring it down to the bare essentials massively reduces the attack surface. And it gives your users more room in their luggage to bring you back a souvenir snow globe.

8. Keep any device you bring with you

The less time the mobile device spends alone, the better. Ideally, your users should keep it with them at all times. Don’t leave it sitting out in the hotel room. Don’t use it to save your table at Starbucks while running to the bathroom. And don’t forget it in an Uber or on public transportation. If the device is constantly with the user, it’s much harder for bad actors to gain unauthorized access.

If, for some reason, the user has no choice but to leave their laptop in their hotel room, it should be tucked out of sight. Make sure the door is locked, and hang the “Do Not Disturb” sign. For even greater security, convince users to bring a laptop cable lock.

9. Lock your device

Whenever a device isn’t in use, it should be locked and protected by a password, pin, fingerprint ID, or facial recognition. Even if the user plans to stop using the computer for just a few moments while they chat with a colleague, it’s better to lock the device. Sadly, security threat actors need very little time to do serious damage.

10. Disable Bluetooth

We won’t deny that Bluetooth is convenient. But it also allows nearby devices to connect and communicate with your user’s device, and that can be trouble. Disabling Bluetooth reduces cybersecurity risks and extends the battery life.

11. Be aware of border crossings

Crossing international borders, even into the United States, could get dicey. U.S. Customs and Border Protection agents and international authorities may conduct advanced searches on phones and laptops. According to the ACLU, they might download personal data even if the user isn’t suspected of a crime. They can also hold onto any device for up to 5 days (or longer under undefined “extenuating circumstances”).

So if international travel is involved, we suggest ensuring their work device contains little to no locally saved data. While officials could still request access to cloud-based resources, at least it’s an extra hoop for them to jump through.

12. Consider the security of the Wi-Fi network

If you use an unsecured public Wi-Fi network, it’s easy for threat actors to collect personal information. (Which is why you should use a VPN. More on that later.) But malicious Wi-Fi networks (also known as hotspot honeypots) take things a step further, impersonating legitimate networks to steal sensitive information, like credentials and bank account details.

Users should avoid unsecured public Wi-Fi whenever possible. However, if they simply can’t resist that sweet, sweet free internet, they need to assess the security and legitimacy of the network. They can check for signage indicating a business’s official Wi-Fi network or confirm the network name with an employee. And even then, they should also avoid sending confidential information over the network. That means no banking. No accessing confidential company resources. And no filing your taxes. (Sorry to be a buzzkill.)

13. Use a VPN

Regardless of how official the network is, users should probably connect to a virtual private network (VPN) whenever they use an unsecured public network. VPN acts as an encrypted tunnel, making information much harder to steal in transit.

Think of it this way: Using public Wi-Fi is like riding a low-cost bus to your destination, while VPN is like upgrading to a private jet. Like that bus, anyone can hop on and off public Wi-Fi. That means you could be exposed to almost anything without even knowing who is all up in your business. In contrast, a private jet or VPN connection keeps out the riffraff so you can sip your champagne in the lap of luxury. Could someone get in? Theoretically. But it’s not likely.

14. Run antivirus software

Hopefully, you’ve already installed antivirus software on your users’ devices. Better still, you’ve worked the user out of the equation entirely, scanning the devices yourself on a regular basis. If so, let users know they should expect a few extra scans while the user is away on business. If you’ve put the ball in your user’s court (don’t), they should regularly run scans.

15. Don’t use credentials on public computers

Every so often, a user may run into a public computer. If they haven’t brought their device along for the trip, that computer can seem like a great opportunity to check in at work. But it definitely, definitely is not. A public computer could have spyware or a keylogger installed. That means if the business traveler logs in to work accounts, they’re basically handing over their credentials on a silver platter.

Remind users that under no circumstances should they use public computers for work. If they need to feed their Neopets, sure, let them. But even then, they should anticipate that Neopian ne’er-do-wells might loot their NP balance.

16. Steer clear of public charging station

Public charging stations are convenient for travelers and even more convenient for hackers. That’s right: Juicing up a device can put you at risk. Bad actors can modify USB ports to infect devices with monitoring software or malware. Hello, data breach! Instead, users should rely on a standard electrical outlet or carry their own power bank.

17. Report potential incidents to IT

If users see (or do) something dubious, they should report it to IT immediately. Everyone messes up. They might forget one of these rules or even lose the device altogether. Regardless of what hullabaloo befalls them, business travelers should know to reach out to you ASAP. If there’s one thing worse than a compromised device, it’s a compromised device you don’t know about.


We know. It’s hard to send users out into the world and trust them to do the right thing. They grow up so quickly. But reinforcing these tips can set them down the right path and reduce the risk of a major security breach.

And luckily, you don’t have to rely on users alone to keep remote devices secure. PDQ Connect allows you to manage devices over the cloud. Once the agent is installed, you can monitor and update machines whenever the user connects to the internet — regardless of whether they’re in the office or across the world. Deploy Java for a user in Jakarta. Update Microsoft Edge while your traveling employee gazes off the Big Sur Cliffs. Take advantage of a free Connect trial to see how easy it can be.

Meredith Kreisa headshot
Meredith Kreisa

Meredith gets her kicks diving into the depths of IT lore and checking her internet speed incessantly. When she's not spending quality time behind a computer screen, she's probably curled up under a blanket, silently contemplating the efficacy of napping.

Related articles