Before you leave home
The most important cyber security decisions you make while traveling happen before you board. Several threats — particularly in restricted countries — can't be addressed after arrival. Everything on this pre-departure list takes under an hour total.
-
01
Install and configure a VPN
This is the highest-impact thing on this list. A VPN encrypts all traffic leaving your device before it touches any network — hotel wifi, airport wifi, any shared connection. It hides your browsing from the network admin, other guests, and anyone monitoring the connection. Enable auto-connect on untrusted networks so it activates automatically at every hotel check-in.
If you're traveling to China, UAE, Russia, or Iran: enable obfuscated servers. Standard VPN connections get blocked in these countries. Obfuscated mode must be configured before you arrive — the App Store is blocked in China.
→ NordVPN travel setup guide -
02
Pack a wall charger and USB data blocker
Public USB charging ports at airports and hotels can be modified to transfer data or install malware while charging — this is called juice jacking. The fix is simple: carry your own charger and use wall outlets. If you must use a USB port, a USB data blocker ($10) physically prevents data transfer while still allowing charging.
→ What is juice jacking? -
03
Update your devices and apps
Security patches close known vulnerabilities. Traveling with an outdated OS is traveling with known security holes. Update everything before you leave — OS, browsers, your VPN app, and any apps that handle sensitive data. This takes five minutes and costs nothing.
-
04
Enable two-factor authentication on key accounts
If your password is compromised while traveling, 2FA is the last line of defense. Enable it on email, banking, and any account you'll access abroad. Use an authenticator app (Google Authenticator, Authy) rather than SMS — SIM swapping attacks are more common when traveling internationally.
-
05
Back up your devices
Not strictly a cyber security tip, but devices get lost, stolen, or confiscated. A full backup before departure means a lost phone is an inconvenience, not a catastrophe. Back up to an encrypted cloud service or a physical drive you leave at home.
On the road
The habits that matter once you're traveling. Most of these take no time once they're automatic.
-
06
Verify the wifi network before connecting
Evil twin attacks use a fake wifi network with a name nearly identical to the legitimate one — "Hotel_Marriott_Guest" vs "HotelMarriottGuest." Ask the front desk for the exact network name and match it character by character before connecting. Takes 30 seconds and eliminates the most common hotel wifi attack vector.
→ How to connect to hotel wifi safely -
07
Handle captive portals correctly
Hotel wifi login pages (captive portals) require a brief VPN disconnect to complete. The sequence: connect to wifi, complete the login without VPN, immediately re-enable VPN before doing anything else. NordVPN's captive portal detection handles this automatically when configured. The unprotected window is 30 seconds — don't open email or banking during it.
→ What is a captive portal? -
08
Use mobile data for sensitive transactions
Mobile data (4G/5G) is a private connection — not shared with other guests, not routed through the hotel's network. For online banking, anything involving passwords, or sensitive work communications, switch to mobile data rather than wifi. A VPN on wifi is secure; mobile data without a VPN is more private than wifi with one.
-
09
Check what's blocked before you arrive
Different countries block different apps and services. What works at home may not work abroad. Check the internet freedom situation for your destination before you travel — not after you land and can't download anything.
→ Internet Freedom Checker — 90+ countries -
10
Lock your screen before charging anywhere public
On both iOS and Android, a locked screen significantly restricts USB data transfer. The "trust this device?" prompt only appears when unlocked — if your phone is locked when you plug in, the default behaviour is to deny data access and allow charging only. Lock first, plug in second.
✓ The 80/20 version
If you only do two things: install NordVPN with auto-connect enabled, and bring your own wall charger. Those two cover the vast majority of real-world travel cyber security risk. Everything else is incremental.
Free Download
The Traveler's Digital Security Checklist
The complete pre-departure and on-the-road checklist — everything on this page in a format you can check off before every trip.
No spam. Unsubscribe anytime.
Frequently asked questions
Safer than HTTP, but not fully private. On HTTPS sites, the content of your traffic is encrypted — the hotel can't read what you're doing. But they can still see which sites you visit and when, through DNS queries that travel unencrypted. A VPN hides this too. For low-stakes browsing, HTTPS-only is acceptable; for anything sensitive, use a VPN.
Privacy isn't about hiding wrongdoing — it's about who has access to information about you. On a hotel network, the admin can see your browsing history. Other guests on the same network may be able to monitor unencrypted traffic. A VPN keeps your business your own, regardless of what that business is.
Connecting to hotel wifi without a VPN and then doing things they'd only do on a private network — checking work email, accessing banking, logging into sensitive accounts. The assumption that a wifi network named after the hotel is private and safe is wrong. Hotel wifi is a shared network like any other public network.
Yes. In countries with active internet surveillance — China, Russia, Iran, UAE — network monitoring is state-level, not just opportunistic. A VPN with obfuscated servers is essential, not optional. In Western countries, the risk is lower but not zero — hotel networks are still shared and unmanaged.
The VPN we travel with
NordVPN — covers tip #1 and most of the rest
Auto-connects on hotel wifi, handles captive portals, works in China and UAE with obfuscated servers, audited no-logs policy. One app, one subscription, most of this list checked off.
Get NordVPN — Save up to 69% →* Affiliate link — we earn a commission at no cost to you.