The Travel Day Playbook
A timeline for the seven days before you fly through your first three days abroad. Do these in order. Each step is short. None of them are theoretical — every one closes a real signal your IT can see.
The principle
Almost every "got flagged" story comes from one of two failure modes: a signal you didn't know existed, or a clean signal followed by a sudden change. This playbook handles both — first by closing the unknowns before you go, then by spreading the transition across days instead of hours.
T-7 days
- Pull a baseline IdP audit log. Open your identity provider's recent-activity page (Okta dashboard, Google account.activity, Microsoft 365 account.live.com). Screenshot the last 30 days of logins. This is your "looks normal from home" reference. You'll compare against it later.
- Lock device timezones to home. Laptop and phone. System Settings → Date & Time → uncheck "Set automatically" → manually pin to your home zone. Single highest-leverage fix in this entire document.
- Test your IP layer. If you're using a travel router, plug it in at home, connect through it, and verify
whatismyip.comresolves to your home ISP. Better to find a misconfiguration now than at a hotel. - Notify your personal banks. Travel notice covering your dates and destination. Don't notify any employer-paid card.
T-2 days
- Run a full work day on your travel setup. From home, route through whatever you'll route through abroad. Slack, calendar, your IdP, any VPNs your company uses. If anything is flaky, you have 48 hours to fix instead of being stuck on hotel WiFi at midnight.
- Disable location-aware browser extensions. Honey, RetailMeNot, anything that auto-detects geography to localize prices. They cache location independent of your IP.
- Sign out of personal Apple ID / Google accounts on work devices — or move them to a non-syncing profile. iCloud Drive uploads geotagged photos. Google Photos auto-tags location. These can leak via shared albums and chat attachments.
- Audit timezone defaults in work apps. Slack profile, Google Calendar default, Jira preferences, Outlook. None should be set to your destination.
Morning of flight
- Final clean baseline. Pull the IdP recent-activity page one more time on your home WiFi. Screenshot. This is your "last login from home" timestamp.
- Carry the travel router in carry-on. Checked luggage delays are common. Day 1 with no IP layer is exactly the day you don't want to be unprotected.
- Don't post about flying. No "wheels up" Slack status. No public Instagram with the airport tag. No LinkedIn check-in. The fact that you flew is the highest-friction signal — once it's posted, you can't take it back.
In transit
- Don't connect work apps to airline WiFi. Airline captive portals reveal route metadata in HTTP headers and your egress IP belongs to a satellite block that geo-IPs to "moving aircraft" — which is a stranger artifact than a normal foreign IP.
- Phone in airplane mode + selective WiFi for personal stuff is fine. Just keep work mail, Slack, and calendar set to "do not sync on metered networks" until you're on your travel router at the destination.
First hour at destination
- Travel router first. Work apps second. Plug in, connect, verify
whatismyip.comshows your home country. Then open work. - Phone on the travel router too, before approving any MFA. If a push goes to a phone on the local cell network, the approval geolocates to the destination — and now you've got two foreign signals instead of zero.
- Open Slack first. Send a normal message. Read the thread. If anything renders strangely or your status flipped, you find out in 30 seconds, not 8 hours later.
Day 1
- Second IdP audit. Open the same recent-activity page you screenshot'd at T-7. The destination should not appear in the IP column. If it does, you have an active leak — disconnect, fix, and don't reconnect work apps until the next login is clean.
- Mirror your home routine, not the local one. 9am at home is your work-start, regardless of what time it is locally. Your laptop is locked to home time, your IdP knows you as a 9-5 home user, and your behavior should match.
- No Slack status changes. No "out today" notes. No new calendar declines. You are at your desk. Behave that way.
Day 3
- Third IdP audit. By now you have three days of activity to evaluate. If everything looks like home, you're stable — your routine is producing clean logs. The risk profile flattens out from here.
- For trips longer than two weeks: set a calendar reminder for the midpoint and another for 48h before return. Both are the same audit. Same screenshot. Same comparison.
What to do if you slip
If at any point you notice a destination IP in your audit log, a timezone artifact in a calendar invite, or any other signal that should not be there: stop, close the affected app, fix the underlying issue, and don't keep working until the next login is clean. The worst outcome is a string of bad logins instead of one. Treat the first as a single anomaly; treat the next twenty as a pattern.
If you're flagged in real time, switch to the "If IT pings you" emergency playbook in the same email bundle as this guide.
The IP layer is the only step that's not optional.
Every other item on this list closes a smaller leak. The IP layer is the one that decides whether your trip is invisible or not. HomeLink is a paired router kit that tunnels every device through your home internet — laptop, phone, tablet, all showing your home IP from anywhere.
Start your 30-day free trial →