Business travel is, statistically, the lowest-risk category of international travel. Most trips are to major cities, in well-secured hotels, with structured days. But two things make it different from leisure travel: the value of what business travellers carry (laptops, sensitive documents, access credentials, sometimes cash), and the predictability of their movements (the same hotels, the same routes, the same client offices, often visible on LinkedIn).

That predictability is the vulnerability. The playbook below is what frequent business travellers – senior executives, M&A bankers, consultants flying weekly, journalists working sensitive stories – run on autopilot. None of it is paranoid, all of it is cheap, and most of it is invisible to anyone watching.

Pre-trip: 30 minutes that pay for the trip

Brief yourself on the actual destination, not the country. "Lagos" and "Nigeria" are different risk environments. "São Paulo" and "Brazil" are different risk environments. Country-level advisories are too coarse to drive decisions for business travellers; you need city- and neighbourhood-level information about where your hotel is, where the client office is, and what the route between them looks like.

Notify your duty-of-care provider. If your firm has one, use it – it's the difference between being recovered in a crisis and being a missing-persons case. If your firm doesn't, register with your embassy as a baseline.

Check your insurance specifically for business travel. Many personal travel policies exclude business activity entirely. Many corporate policies exclude things business travellers actually do (meetings in unscheduled cities, weekend extensions, leisure activities). Read the wording.

Do a digital pre-clean of your laptop and phone. Remove anything you don't need for the specific trip. The principle: assume your devices may be searched at borders, lost, stolen, or imaged in your hotel room. Reduce the surface area of what would be exposed if any of those happened.

Hotel: the operational base

Business travellers spend more time in hotels than leisure travellers and use them as offices. The security implications are different.

Always request a room between floors three and six. High enough that ground-floor break-ins are harder, low enough that fire ladders reach. Avoid ground floor, top floor, and rooms next to lifts or stairwells (highest pedestrian traffic = highest opportunistic risk).

Don't have your room number announced at check-in. If reception says it loudly, ask for a different room. The card holder with your room number written on it is a security failure, not a service feature.

Run the 60-second arrival routine. Two exits, working locks, room is empty, room number memorised, portable door lock deployed. Every check-in. Without exception.

Use the hotel safe for nothing important. As covered elsewhere: hotel safes are deterrents, not safes. For laptops and sensitive documents in particular, use a portable cable safe locked to a fixed object, or carry them on you.

Don't hold sensitive calls or meetings in the hotel room. Most rooms are not as private as they seem – adjoining rooms, thin walls, and (in some markets) more deliberate forms of monitoring. Use a meeting room if the conversation matters.

Communications: assume nothing is private

For routine business travel, the ordinary tools are fine – encrypted messaging, corporate email, standard VPN. For higher-sensitivity environments (M&A discussions, sensitive personnel matters, anything you wouldn't want a hotel cleaner reading), the discipline tightens:

Ground transport: where most incidents happen

The drive from the airport to the hotel and the drive from the hotel to the client office are statistically the two highest-risk components of any business trip. Pre-booked, vetted ground transport eliminates almost all of the risk – and almost no business traveller bothers, because expensing a £40 transfer feels indulgent.

Compared to the cost of the trip, it isn't. Use airport pre-book services or your firm's preferred provider. In higher-risk markets, use the security-vetted transport your duty-of-care provider arranges. Don't take street taxis at airports in unfamiliar cities. Verify the licence plate before getting in.

For day-to-day transport between meetings, ride-hailing apps with verified drivers are dramatically safer than street hails almost everywhere. Where they aren't available (or aren't trusted), the hotel concierge's preferred driver is the next-best option.

The meeting itself

Most business meetings are routine. A few are not – sensitive negotiations, meetings with regulators or law enforcement, meetings in unfamiliar offices in unfamiliar buildings.

The disciplines for the non-routine ones:

Crisis escalation

What happens if something goes wrong? The protocol every business traveller should know cold:

  1. Get to safety. Hotel, embassy district, secured office. Stop moving.
  2. Notify your firm. A single message to one person – your manager, your duty-of-care provider, your assistant. They handle escalation from there.
  3. Preserve evidence. Photograph anything relevant. Note times and locations. Don't post anything publicly.
  4. Wait for instructions before acting. Most firms have escalation procedures that work. Freelancing your own response usually makes things worse.

What good looks like

The frequent business travellers who avoid problems aren't doing anything dramatic. They're running small disciplines consistently: room on the third floor, portable door lock every night, ground transport pre-booked, sensitive calls not in the hotel, devices locked when out of sight, real-time alerts running in the background, one trusted contact who always knows where they are.

After about a year of practice, none of it requires conscious thought. In aggregate it's the difference between business travel that quietly works and business travel that occasionally produces stories no one wanted.