Technology has made it easy to work from just about any location where you can get an internet connection. However, working from your home office that’s been set up to be secure isn’t the same as when you’re traveling. There are a few things you can do before and during your trip to make sure that you can connect to your corporate accounts and data so you can work securely from anywhere.

[Updated for 2025: This article now includes protection against AI-enhanced cyber threats based on the latest guidance from CISA, NIST, and FBI advisories.]

Before Your Trip

Notify Your IT Department

The first thing you need to do when you know you’re going to work while you’re traveling is to let your IT department know about it. They may have to make some changes to your security settings. For example, if you’re going out of the country, you may not be able to connect if there are geo-blockers set up to block traffic from outside the US.

Activate Device Locks and Identity Management Tools

Device locks can be annoying but using them creates a layer of defense if your laptop or smartphone is stolen. Likewise, using strong passwords and multi-factor authentication (MFA) protects your accounts from being compromised. Consider using an IT-approved password manager, but make sure you understand what you can and cannot use it for.

ENHANCED FOR 2025: CISA continues to emphasize strong passwords, software updates, and multi-factor authentication as essential cyber hygiene basics. However, be aware that AI-powered attacks are making credential theft more sophisticated. Ensure your MFA uses app-based authentication rather than SMS when possible.

Limit File Storage on Your Device

Work files are better stored in your company’s cloud environment than on your laptop. Do an audit and transfer what you find to your corporate IT network. If you must work with files that are on your laptop, enable device encryption so your info is scrambled for anyone except you. Additionally, sensitivity labeling is another layer of security you can use to prevent unwanted access to your files and communications.

Update and Patch Software

Unpatched software is a favorite method for cyber-criminals to obtain entry to a device so make sure all your software and operating systems are updated before you go. Your IT department may have patching set up on a schedule so ask them to push the latest updates before you go. Don’t overlook third-party software in addition to your normal line-of-business and Microsoft apps.

2025 WARNING: Ransomware remains the biggest ongoing threat to critical infrastructure, according to the FBI’s 2024 Internet Crime Report.

Set Up a Method of Secure Connection

Make sure that you have a method to access your corporate network with a secure connection. This could be via a virtual private network (VPN) or virtual desktop infrastructure (VDI). If you decide to use a mobile hotspot, get it set up before you go.

EVOLVED FOR 2025: While VPNs remain important, many organizations are moving toward Zero Trust network access solutions. Ask your IT team about the latest secure connection methods available to you, especially if you’re traveling internationally where network conditions may vary.

Know What to Do If Your Device is Stolen

Have a plan so that you know what to do if your laptop or phone gets lost or stolen. Think through how you’re going to contact your IT department if you don’t have your phone. Part of your plan should include having a list of emergency contact information that is stored separate from your devices. Ask your IT team about tools that can track your devices, lock, and wipe them remotely.

Prepare for AI-Enhanced Threats [New for 2025]

AI systems are augmenting the cyber threat landscape, enabling new attack methods like deepfakes and enhanced phishing. Before you travel:

• Ask your IT team about training on identifying AI-generated phishing attempts
• Understand that social engineering attacks are becoming more sophisticated
• Be aware that attackers may use AI to create convincing fake communications that appear to come from your colleagues or vendors

While You’re on Your Trip

Disable Automatic Features

When you’re ready to depart, disable auto-fill and auto-logon features on your web browsers and applications. Turn off Wi-Fi auto-connect so that your device won’t connect to Wi-Fi networks without your knowledge and so that you stay under the radar of hackers who are monitoring that kind of activity.

Don’t Use Unsecured Wi-Fi

Public Wi-Fi is notorious for being a hacker playground. Hotel Wi-Fi isn’t much better when the network is shared among guests. Utilize the secure connection method that you set up before you left home. Likewise, avoid using public computers.

2025 EMPHASIS: This advice is more critical than ever. With AI-powered attacks becoming more sophisticated, unsecured networks present even greater risks for data interception and manipulation.

Be Aware of Shoulder Surfing

When you’re working in a public place, be aware of people around you who might be looking over your shoulder at what you’re doing. Use a privacy screen protector to make viewing your screen harder for a passer-by. If you don’t have one, put purchasing one on your pre-trip list of things to do.

Keep Your Stuff with You

If your devices aren’t with you, lock them up. Enough said.

Avoid Public Charging Stations

Public charging stations were created to be a convenience, but they’ve become a convenient place for hackers to spread malware. If you have to use a public charging station, use a “charge-only” cable that cannot transfer data. Better yet, bring your own USB chargers and plug them into a wall outlet.

Don’t Overshare on Social Media

Don’t put your travel plans all over social media. Be careful about how much you share because it can give hackers information they can use in an attack. For example, they might use your absence as an opportune time to send a spear phishing email to someone in your company with instructions on changing your bank info or something like that.

2025 UPDATE: This is even more important now that AI can analyze social media posts to create highly targeted phishing campaigns. What seems like innocent travel photos can provide attackers with enough information to craft convincing social engineering attempts.

Stay Alert for AI-Enhanced Social Engineering [New for 2025]

Be extra cautious of unexpected communications while traveling, even if they appear to come from known contacts. AI-enhanced attacks can create convincing fake emails, texts, or even voice calls. When in doubt, verify through a separate communication channel before taking any action.

When You Get Home

When you return from your trip, let your IT department know you’re back. They may want to run a virus scan, monitor for suspicious activity and backup any new data if you stored it on your machine. Also consider:

• Changing your passwords
• Reviewing account activity
• Clear your browser history
• Remove or disable travel related apps

ENHANCED FOR 2025: NIST recommends that organizations adapt their defensive activities to thwart AI-enabled cyber-attacks. Ask your IT team about enhanced monitoring capabilities that can detect sophisticated threats you may have encountered while traveling.

Secure Travel Takes Prep and Attention

It takes a little preparation and mindfulness of your behavior to stay secure while you’re traveling but it can be done. Best to make the effort and NOT get compromised than to have the hassle and stress of having to deal with the impact of a cyber-attack.

2025 REALITY CHECK: With AI systems both transforming cyber defense capabilities and creating new attack vectors, staying secure while traveling requires more vigilance than ever. However, following these updated guidelines – backed by the latest guidance from CISA, NIST, and FBI – will keep you well-protected.

Cybersecurity Guidance and Managed Cyber Defense Services

At XPERTECHS, we work with companies to help them manage the risk of cybercrime by creating multi-layered strategies that match up with their risk profile and tolerance. Our approach incorporates the latest emerging threat intelligence to keep your business protected, whether your team is in the office or on the road.

If you’re not confident that your IT team is meeting the risks your company faces in 2025’s evolving threat landscape, we should talk.

Contact us to schedule a consultation.