auremar - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What's the best way to protect sensitive information while traveling?

Security professionals often have to travel with important data, but that introduces many security risks. Here are some tips to protect sensitive information while traveling.

After reading about one security professional's experience of being forced to boot up and decrypt her laptop at an airport overseas, I'm concerned about traveling with sensitive data. What does this mean for those of us who do travel with corporate data on our devices and want to protect sensitive information?

Unprotected sensitive data isn't great on its own, so traveling with unprotected sensitive data is definitely inadvisable. Unless such data is protected with strong encryption or stored in an obfuscated disk image, it is best left at home.

Realistically, the traveler will eventually need to work on sensitive data while abroad and although airport personnel rarely ask to decrypt a laptop, the question is how can security professionals pass airport security without risking compromise?

An informal poll of well-traveled professionals confirms that being forced to boot up and decrypt laptop contents at international or domestic airports is very rare. Although the likelihood is very low, the impact of compromise can be significant. Some ways to better protect sensitive information while traveling abroad include:

  • When possible, do not travel with sensitive data;
  • Strongly encrypt the entire hard disk on the laptop with methods such as AES-256;
  • Doubly encrypt sensitive data using synchronous passcodes or a PKI;
  • Create a strongly encrypted disk image that requires a passcode to activate;
  • Obfuscate folders that store sensitive data with names that do not draw attention;
  • Perform a full backup before traveling; and
  • Store sensitive data needed while traveling on a secure SFTP site or Web portal that requires two-factor authentication and VPN IPsec protection.

Airport security personnel typically are not experts in information security. These measures should be sufficient for protecting sensitive information while traveling abroad.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Learn how to protect sensitive information that resides on your laptop and how to protect corporate data from government surveillance

This was last published in August 2015

Dig Deeper on Data security technology and strategy

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

Have you ever been asked to boot up your laptop at airport security?
Yes, but it's been quite a while. Even then, security seemed to be checking that the computer case actually contained a computer and not something even more nefarious. No one ever looked at the machine, let alone ask me to open encrypted or zipped files.

Probably not a very clever idea to bring encrypted files to a place where security is paranoid enough to want them opened.
No, never, in fact I had never even heard of such a thing before. I question whether it's even legal, but of course, if you're being told that you have to do what they say or you can't board your flight, you really haven't got much choice.
It has been about 12-15 years since I had to do that. I think it was right before and after September 11. It was to prove that the laptop was really a laptop. Now xrays are so good they can at least tell what's inside without erasing the drive...I hope.
No I never have been asked that question. every "now & then" TSA personnel will ask me to remove my laptop from the bag, but that's all.
Yes but that was shortly after the TSA took over security. I think it was slowing down lines if they are booting from a cold start and that may be why they no longer ask.
I’ve been asked to boot up my laptop, but that was at least 10 years ago. Since then, I’ve had to show that my tablet was indeed functioning, but that wasn’t nearly the hassle as booting a laptop. I don’t see that either was a good security practice because neither truly showed that there was nothing harmful in the case, only that there were enough electronics to show something on the screen.