auremar - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

What's the best way to protect sensitive information while traveling?

Security professionals often have to travel with important data, but that introduces many security risks. Here are some tips to protect sensitive information while traveling.

After reading about one security professional's experience of being forced to boot up and decrypt her laptop at an airport overseas, I'm concerned about traveling with sensitive data. What does this mean for those of us who do travel with corporate data on our devices and want to protect sensitive information?

Unprotected sensitive data isn't great on its own, so traveling with unprotected sensitive data is definitely inadvisable. Unless such data is protected with strong encryption or stored in an obfuscated disk image, it is best left at home.

Realistically, the traveler will eventually need to work on sensitive data while abroad and although airport personnel rarely ask to decrypt a laptop, the question is how can security professionals pass airport security without risking compromise?

An informal poll of well-traveled professionals confirms that being forced to boot up and decrypt laptop contents at international or domestic airports is very rare. Although the likelihood is very low, the impact of compromise can be significant. Some ways to better protect sensitive information while traveling abroad include:

  • When possible, do not travel with sensitive data;
  • Strongly encrypt the entire hard disk on the laptop with methods such as AES-256;
  • Doubly encrypt sensitive data using synchronous passcodes or a PKI;
  • Create a strongly encrypted disk image that requires a passcode to activate;
  • Obfuscate folders that store sensitive data with names that do not draw attention;
  • Perform a full backup before traveling; and
  • Store sensitive data needed while traveling on a secure SFTP site or Web portal that requires two-factor authentication and VPN IPsec protection.

Airport security personnel typically are not experts in information security. These measures should be sufficient for protecting sensitive information while traveling abroad.

Ask the Expert:
Have questions about enterprise security? Send them via email today. (All questions are anonymous.)

Next Steps

Learn how to protect sensitive information that resides on your laptop and how to protect corporate data from government surveillance

This was last published in August 2015

Dig Deeper on Data security technology and strategy