Security Measures After Overseas Travel with Mobile Devices
Reset credentials and watch for suspicious account activity after travel to high-risk areas.
Plain language
When you travel overseas, especially to countries where cybersecurity risks are high, you might unknowingly expose your devices and accounts to threats. Upon returning, it's important to change your passwords and keep an eye on your accounts for any unusual activity. This helps prevent hackers from using your information to access your organisation's systems or personal data, protecting both your business and personal life from potential harm.
Framework
ASD Information Security Manual (ISM)
Control effect
Preventative
Classifications
NC, OS, P, S, TS
ISM last updated
Nov 2024
Control Stack last updated
19 Mar 2026
E8 maturity levels
N/A
Guideline
Guidelines for enterprise mobilitySection
Mobile device usageOfficial control statement
If returning from travelling overseas with mobile devices to high or extreme risk countries, personnel take the following additional actions: - reset credentials used with mobile devices, including those used for remote access to their organisation's systems - monitor user accounts for any indicators of compromise, such as failed logon attempts.
Why it matters
If credentials aren’t reset after travel to high/extreme-risk countries, attackers may reuse them for remote access and compromise accounts.
Operational notes
After returning from high/extreme-risk travel, reset all mobile/remote-access credentials and monitor accounts for failed logons or other compromise signs.
Implementation tips
- IT team should organise a post-travel security session for returning employees. Schedule a quick briefing to explain the importance of resetting passwords and monitoring accounts for suspicious activity. Provide a step-by-step guide on how to reset passwords securely and what signs of account compromise look like.
- Managers should ensure employees have access to resources for secure password management. Offer tools or password manager software that help personnel reset and store their passwords safely. Provide training on creating strong, unique passwords that are not easily guessed.
- HR should update travel policies to include post-travel cybersecurity steps. Add a checklist to travel documents outlining that employees should reset their passwords and monitor account logins upon return, emphasising how this protects not just one person but the entire organisation.
- Security officers should facilitate automated alerts for account monitoring. Work with the IT team to set up alerts that notify both employees and security personnel of unusual login attempts on organisational accounts. Use simple email or SMS alerts so that non-technical staff can easily understand and act on them.
- The IT team should review and update remote access systems regularly. Evaluate the existing security measures in place for accessing organisational systems remotely. Ensure that all employees are aware of and can access the most secure, up-to-date practices for logging in, especially after returning from high-risk countries.
Audit / evidence tips
-
Aska list of recent overseas travellers within the organisation
Goodwould be a record showing that all returning travellers have updated their passwords and followed the necessary security procedures
-
Goodincludes detailed reports of notification alerts and documented responses that show issues were addressed promptly
-
Askto see written post-travel security briefings. Check these briefings for clear instructions on password resets and account monitoring
Goodshould have easily understandable instructions with any necessary contact information for support if issues arise
-
Goodincludes documentation of the tools being offered to all applicable personnel and indicates active use of these tools
-
Askrecords of IT system updates related to remote access since the last overseas travel period. Check whether updates have been applied and whether staff have been notified of the changes
Goodincludes a changelog of updates and confirmation emails sent to staff indicating these updates
Cross-framework mappings
How ISM-1556 relates to controls across ISO/IEC 27001, Essential Eight, and ASD ISM.
ISO 27001
| Control | Notes | Details |
|---|---|---|
| handshake Supports (3) expand_less | ||
| Annex A 5.24 | ISM-1556 mandates credential resets and monitoring after high-risk travel | |
| Annex A 6.8 | ISM-1556 involves monitoring for compromise indicators and credential resets after high-risk travel | |
| Annex A 8.16 | ISM-1556 requires personnel returning from high-risk overseas travel with mobile devices to reset credentials and monitor user accounts f... | |
E8
| Control | Notes | Details |
|---|---|---|
| handshake Supports (1) expand_less | ||
| E8-AH-ML2.15 | ISM-1556 requires post-travel monitoring for compromise indicators | |
These mappings show relationships between controls across frameworks. They do not imply full equivalence or certification.