With the start of the summer travel season looming, the Department of Homeland Security is considering extending a ban on laptops and tablets in carry-on luggage to all U.S.-bound flights from Europe. That would mean that business travelers and vacationers would have to check their laptops at the airport, raising concerns for anyone whose computer contains sensitive information.

“My laptop does not leave my sight during a trip, not for an instant,” says Joe Biron, the chief technology officer for IoT at a software company called PTC, who takes up to ten business trips to Europe each year. “To be frank, I am even uneasy with the prospect of placing my laptop in an overhead bin.”

Biron says that a colleague at another company once lost the Social Security numbers and complete work and salary history of an entire Fortune 100 company when her laptop disappeared from her checked luggage. "My coworker was fired, restitution had to be paid to the client, and nearly 100,000 employees were notified that their data was breached.”

The new rules would expand a ban on laptops put in place in March, which applies to nonstop flights to the United States from 10 airports in the Middle East and North Africa. The agency says that intelligence reports suggest terrorists may try to conceal a bomb in such a device. According to a DHS statement, “expanding the restriction on large electronic devices in airport cabins … is under consideration.”

Checking laptops is considered safer because checked baggage goes through more intensive screening than carry-ons do. Still, safety experts have raised concerns about flying with potentially hundreds of laptops in the hold of a plane, given that the Li-ion battery packs in computers carry some risk of fire.

Individuals, however, may be more interested in how they can prevent sensitive data, whether it's a human resources file or simply photos of their children, from getting accessed by a hacker if a laptop is lost or stolen. 

Security experts recommend that business travelers consult their company’s IT department well before they have to check their laptops. “Many large organizations have policies regarding traveling with corporate equipment, and those policies are likely going to need to be revisited,” says Jeremiah Grossman, chief of security strategy at SentinelOne, a security firm.

“But you won’t have enough time to adapt to the policy the evening before your flight” if the ban does go into effect, Grossman says. “The road warriors among us are going to have to be a little proactive.”

How to Keep Your Data Safe

One tactic an international traveler can use is to buy a cheap second laptop, store the data they need in the cloud, and then access it once they get to the destination. They can then wipe the data before getting back on the plane for the return flight.

If that sounds too expensive or inconvenient, you can instead encrypt your laptop's hard drive. Full-disk encryption renders all of your device’s software and data unreadable unless you enter a passphrase, which activates a key that unscrambles your files and gets your laptop up and running.

Simply setting a screen lock on your laptop offers a much weaker level of protection, one that can be circumvented by hackers. They can bypass the password by restarting the device with a different operating system on a USB stick, or simply by removing the hard drive from the device.

Once set, full-disk encryption works automatically, and any new data you save on your laptop will also be protected. And if someone physically removes the hard drive, it will be unreadable.

“Full disk encryption is a sound practice, and not just for airline travel,” Grossman says. “It helps with any circumstance where the laptop is not physically well-protected, like in hotel rooms or in the trunk of a vehicle while you’re at dinner after work."

Directions for encrypting both MacBook and Windows laptops are below. With either kind of computer, security pros warn users to use strong passwords. They say it’s best to take the human element out of choosing a passphrase as much as possible.

“It's critical that the encryption password be randomly generated and not chosen by a human,” says Joseph Bonneau, a post-doctoral researcher in the Applied Cryptography Group at Stanford University. He recommends that you use a minimum of six random words from a list such as one of several developed by the Electronic Frontier Foundation. That organization has directions for a low-tech, random way to generate your passphrase. Essentially, though, the more words you use, the better.

Be sure to plan ahead. Depending on how much data you have stored, encrypting a laptop could take a few hours. So this isn't something you can do while waiting on the TSA line at the airport.

And finally, before checking your laptop with your luggage, you’ll want to power it down completely. Any time you work on your laptop, the hard drive is decrypted—otherwise, you wouldn't be able to do anything. Simply putting your device in “sleep mode” will leave the hard drive decrypted. Shut it down properly and the hard drive will be protected again.

How to Encrypt a Mac Laptop

Since the release of OS X 10.3 in 2003, all Mac users have been able encrypt their laptop’s hard drive with FileVault. To activate it, go to System Preferences, which can be found under the Apple menu, and choose Security & Privacy.

When you turn on FileVault, you may be prompted with a few choices on where to store your password—with Apple in your iCloud account, or locally only, on your laptop. Note, keeping it out of the cloud leaves you without a safety net: Lose your password and recovery keys and you lose all your data.

How to Encrypt a Windows Laptop

If your laptop is running Windows 10 Pro or Enterprise, you should be able to encrypt your hard drive with BitLocker.

Unfortunately, the Windows 10 Home operating system does not include BitLocker. Depending on what laptop you own, you may be able upgrade to a version of Windows that has it for $99. That seems like a good deal to us, but if you hate the idea of paying, you could try a free third-party application for encryption. 

Deploying Bitlocker takes several steps. To start, open Windows Explorer and right-click on C: Drive to see if BitLocker is loaded on your laptop. You can also search for BitLocker using the Start menu.

To start the process, you’ll want to activate Turn On BitLocker. After a system check is completed, you can choose to enter your BitLocker password manually.

A few things to keep in mind during setup: Should you forget your password, you’ll be able to decrypt your hard drive with a recovery key that you can save to a file (on a USB drive or separate, trusted computer) or print out. You can also choose to store the recovery key with Microsoft in the cloud. 

Unless your laptop is brand new, you’ll want to choose “Encrypt entire drive.” Microsoft offers a detailed setup guide; start reading under the heading “Using BitLocker to Encrypt Volumes.”