← All Policies

Public Policies

Employee Travel Policy

Expectations for approvals, device handling, secure connectivity, and incident reporting while traveling for company work.

Employee Travel Policy

Effective Date: April 15, 2026
Applies To: All employees, contractors, and vendors traveling on behalf of the company

Overview

Travel on behalf of the company introduces elevated risk to client data, company systems, and personnel. This policy exists to ensure that security posture is maintained regardless of location. When in doubt: don’t connect, don’t assume, and escalate.

Before You Travel

Approval & Destination Registration

  • All business travel must be approved by your direct manager at least 5 business days in advance.
  • Submit your destination, travel dates, and purpose using the Travel Request Form.
  • If your destination country or region is not listed, submit a separate Destination Addition Request and await confirmation before booking.
  • International travel requires additional approval from the IT Security lead.

Device Preparation

All devices carried during travel must be prepared prior to departure:

  • Ensure full-disk encryption is enabled (BitLocker for Windows, FileVault for macOS).
  • Confirm device OS and endpoint agent are fully updated.
  • Enable remote wipe capability and verify it is functional.
  • Remove any locally cached client credentials or sensitive data not required for the trip.
  • Confirm VPN client is installed and tested.
  • Laptop screen privacy filters are required for any travel involving public transit or shared spaces.

Loaner Devices

For high-risk destinations (international, conference travel, or travel to countries with elevated cyber threat profiles), a hardened loaner device may be issued. Contact IT to request one at least 3 business days before departure.

While Traveling

Network & Connectivity

  • Never connect to unsecured or public Wi-Fi without an active VPN connection.
  • Hotel networks, airport Wi-Fi, and conference networks are treated as untrusted by default.
  • Mobile hotspot (company-issued or personal with reimbursement approval) is the preferred connection method when VPN is unavailable or unreliable.
  • Do not use USB charging stations (juice jacking risk). Use a personal charger or a USB data blocker.

Device Handling

  • Devices must never be left unattended in vehicles, hotel rooms, or public spaces without being locked and physically secured where possible.
  • Enable automatic screen lock (maximum 2-minute timeout).
  • Do not allow hotel staff, event personnel, or any third party to handle company devices.
  • If a device is lost or stolen, report it immediately to IT (do not wait until you return).

Client & Company Data

  • Do not access or discuss sensitive client information in public spaces where you may be overheard or observed.
  • Do not transfer client data to personal devices or unapproved cloud services for convenience.
  • Screen sharing, video calls, and support sessions in public require headphones and awareness of your surroundings.

Remote Access

  • All remote access to client environments or internal systems must go through the company VPN.
  • MFA must remain active on all accounts. Do not approve MFA prompts you did not initiate.
  • If you encounter unusual authentication behavior while traveling, treat it as a potential compromise and notify IT immediately.

After You Return

  • Report any security concerns, lost/stolen devices, or suspicious network activity within 24 hours of returning.
  • Return loaner devices to IT within 1 business day.
  • Reimage devices that connected to untrusted networks at IT’s discretion.

Incident Reporting

Any suspected compromise, data exposure, or device loss must be reported immediately regardless of time zone or hour. Do not wait.

IT Security Contact: security@techgarrison.com
After-Hours: (253) 341-4233

Policy Compliance

Failure to comply with this policy may result in disciplinary action and may affect the company’s ability to fulfill client security obligations. Employees are responsible for understanding this policy before traveling.

Last reviewed: April 2026 — IT Security