Protecting your digital data while travelling: a traveller's cybersecurity guide
Travelling rarely makes you a target on purpose. What it does is stack up small openings: a shared wifi in a hostel lobby, a phone left charging at an airport gate, a password reused across ten accounts because remembering eleven felt impossible. Most of the time, nothing happens. The point of a little digital hygiene isn't fear — it's making sure that if something does go sideways, it stays a minor annoyance instead of a ruined trip.
Here's the calm version of travel cybersecurity: a handful of habits you set up once, mostly before leaving, that quietly protect your email, your bank app and your photos. No jargon, no paranoia — just the moves that actually move the needle.
Before you leave: the boring setup that does most of the work
The single best habit is a password manager with a unique password for every account. The real danger isn't usually someone guessing your password — it's that one leaked password from some forgotten website gets tried against your email and bank. Unique passwords break that chain. A manager remembers them so you don't have to, and you only memorise one strong master password.
Then turn on two-factor authentication (2FA) on the accounts that matter most: email first (it's the master key to everything else), then banking, then your main app store and cloud. Where you can choose, an authenticator app or a physical security key is sturdier than SMS codes, which can be intercepted or fail when you've swapped SIMs abroad. That said, don't ditch SMS entirely: some banks only offer it, so keeping a number that can still receive a text is part of the plan — more on that below.
Finish the checklist at home, on a network you trust: update your phone and apps (updates close the holes attackers rely on), confirm device encryption is on (it usually is by default on modern phones with a passcode), and make a recent, encrypted backup — to an encrypted cloud or an encrypted drive — so a lost or stolen phone is a hardware problem, not a life problem.
« Good security abroad is mostly decisions you made at home, on a network you trusted. »
This is also where connectivity quietly becomes a security tool, not just a convenience. The cleanest way to avoid sketchy networks is to not depend on them: routing your traffic through your own mobile data is generally safer than hopping onto a public, shared wifi you know nothing about. A travel eSIM is one tidy way to keep that personal data line live the moment you land — and because it's a second line, your usual SIM (and number) can stay in the phone, ready to receive those backup SMS codes. We'll come back to it; it's one tool among several, not the headline.
On the road: how to behave on networks you don't control
Public wifi isn't evil, but treat it as a stranger. On any network you didn't set up, use a reputable VPN to wrap your traffic in encryption — particularly for email, banking or anything with a login. Modern sites use HTTPS, which already encrypts a lot, but a VPN adds a layer and hides which sites you're even visiting. Better still, when it's an option, do the sensitive stuff on your own mobile data rather than the café's wifi at all.
Watch the small physical traps too. Public USB charging ports carry a real-but-limited risk known as "juice jacking," where a tampered port could try to pull data or push malware down the cable. It's uncommon, and you don't need to panic — but the easy defence is simply to carry your own power bank, plug into a regular wall socket with your own adapter, or use a charge-only ("data-block") cable. Cheap insurance for a rare problem.
And mind the habits that have nothing to do with hackers: lock your phone with a strong passcode, turn off auto-join for open networks so you don't silently connect to anything named "Free Wifi," and be a little discreet typing passwords in crowded places.
Keep a number reachable — and know your exits
Because some 2FA still arrives by SMS, losing access to your number can lock you out at the worst moment. If you swap to a local SIM or lean on an eSIM for data, the fix is to keep your home SIM reachable — a dual-SIM phone (or a physical SIM kept active alongside a data eSIM) means those bank texts still land. Treat your phone number like a key, because for a lot of accounts it now is one.
Finally, plan your exits before you need them. Know how to log out of sessions remotely and wipe a lost device from your email and cloud account settings, keep a couple of 2FA backup codes saved somewhere safe (not only inside the phone that might go missing), and jot down your bank's number to report a problem from abroad. None of this takes long, and you'll likely never use it — which is exactly the goal.
📶 The AEY team's tip
One of the simplest security upgrades on the road is to stop relying on public wifi for anything sensitive and route it through your own data instead. Check your phone's compatibility in 30 seconds here and find your plan on the destinations page (in the EU/EEA, roam-like-at-home applies; elsewhere an EU/EEA plan or a local eSIM is the move). Keep your usual SIM in the phone so backup SMS codes still reach you.
What to remember
You don't need to become a security expert to travel safely — you need a few habits that do the heavy lifting. Set up a password manager with unique passwords and turn on app-based 2FA before you go; keep your phone updated, encrypted and backed up; on the road, prefer your own data over public wifi and lean on a VPN when you can't; carry your own charger; and keep a number reachable for the SMS codes you can't avoid. Do that and a bad wifi stays just a bad wifi — not a story about your hacked email.
— The AEY team, wishing you trips that are memorable for the right reasons.