Most device security advice is written for a device that lives in one place, connects to one trusted network, and gets backed up to one drive sitting in the same building. None of those assumptions hold for someone working out of a rotating set of Airbnbs, coworking spaces, and departure lounges. The specific habits that matter shift accordingly.
Encryption stops being optional the day the device leaves the house
Full disk encryption is good practice for any device. It becomes the actual difference between a lost bag being an inconvenience and a lost bag being a breach the moment the device routinely leaves your physical control, checked luggage, a shared apartment, a hostel locker. Whole-disk encryption with a strong passphrase, not just a login password that a removed drive bypasses entirely, is the baseline that everything else in this piece assumes is already in place.
The backup problem nobody solves until they lose something
At home, "my backup drive is in the closet" is a real backup strategy, however lazy. On the road, there is no closet, and a stolen or damaged laptop can mean a stolen or damaged backup drive if the two travel in the same bag, which they usually do. The 3-2-1 backup discipline, three copies, two different media types, one offsite, matters more for a traveler than for almost anyone else, because "offsite" for a nomad has to mean genuinely offsite: encrypted cloud backup, not a second drive in the same backpack.
Network hygiene across a rotating set of untrusted networks
A nomad connects to more unfamiliar networks in a month than most people connect to in years, hotel wifi, cafe wifi, coworking space wifi, each with its own segmentation and captive portal quirks. Our breakdown of what hotel wifi actually exposes applies here directly, and the accumulated exposure across dozens of networks is the reason a VPN earns its place in a nomad's toolkit specifically, even for people who'd reasonably skip it on a single trusted home connection.
Local SIMs and eSIMs add a second layer: switching data providers every few weeks or months as you cross borders means trusting a new carrier's network each time, and eSIM privacy considerations, like whether a profile can be remotely reprovisioned or what metadata a carrier retains, compound across however many providers a long trip accumulates.
Jurisdictions don't stay constant, and neither do their rules
SIM registration requirements, data localization rules, and lawful-intercept obligations vary by country, sometimes significantly, and a device or account that behaves one way at home can be subject to a different legal regime the moment you cross a border. This isn't a reason to panic about any single country. It's a reason to treat "what jurisdiction is my data actually in right now" as a question worth periodically re-asking rather than settling once and forgetting.
This is a different concern from the specific act of crossing a border with a device in hand, which we cover in our border crossing device privacy guide. This piece is about the months of ongoing exposure between border crossings, not the search itself.
Physical security in shared, short-term spaces
A hotel room or a shared Airbnb is not a controlled space the way a home office is, and the standard advice, a cable lock for a laptop left in a coworking space, never leaving a device in checked luggage, keeping a hardware security key on your person rather than in the same bag as the laptop it protects, exists specifically because the exposure window is longer and more frequent for someone who repeats this cycle every few weeks.
The identity-recovery problem: what happens when you lose a device far from home
Two-factor authentication is good security until the second factor is a single phone that's just been stolen in a city where you have no backup device, no local bank branch, and no easy path to a replacement SIM. The fix that actually holds up is having backup authentication codes stored somewhere entirely separate from the primary device, a second hardware security key kept in a different bag, or a written backup of recovery codes kept encrypted and offline, so losing one device doesn't cascade into losing access to email, banking, and cloud storage all at once, in a country where resolving any of it takes days instead of hours.
| Habit | What it protects against |
|---|---|
| Full disk encryption | Data exposure from a lost or stolen device |
| Offsite encrypted backup | Total data loss when the only local backup travels with the laptop |
| VPN on unfamiliar networks | Local network snooping across dozens of untrusted wifi networks |
| Separated second authentication factor | Cascading account lockout after a single device is lost or stolen |
None of this requires exotic hardware or a security background. It requires treating the device you carry as something that will, eventually, sit unattended in a room you don't control, connect to a network you didn't choose, and possibly go missing entirely, and setting it up in advance for all three.