My Travel Incident Response Kit (Digital + Physical)

In March I was in Oaxaca when a friend’s backpack vanished during a colectivo ride. Laptop, passport, camera, everything gone. Watching her scramble made me audit my own contingency plans. Now I carry a travel incident response kit that lives in my backpack next to the Aeropress. It isn’t glamorous, but it has saved projects as far apart as Cape Town and Tallinn.

Photo: Unsplash / Matt Chesin

The Kit at a Glance

| Category | Item | Purpose | | --- | --- | --- | | Identity | Laminated passport + visa copies, notarized POA | Prove identity, authorize local friend to act | | Connectivity | GL.iNet Slate AX router, Airalo eSIM, spare SIM adapter | Restore secure network fast | | Data | Kingston IronKey D300 (64 GB), Samsung T7 SSD | Offline backups + secure transfer | | Tools | YubiKey 5C NFC, USB-C to USB-A adapter, mini screwdriver, 9V battery | Recover accounts, open smart locks | | Docs | Incident runbooks printed + in Standard Notes | Step-by-step instructions when brain fails |

Digital Runbooks I Keep Updated

1. Device theft (laptop/phone)

• Immediate steps, remote lock commands, police report template.

1. Account compromise

• Contacts for each provider, how to revoke OAuth tokens, 1Password travel vault rehydration.

1. Data breach notice

• Draft emails to clients, timeline logging sheet, law enforcement contacts.

1. Medical emergency

• Insurance numbers, consent forms, encrypted medical history accessible via QR code.

These live in Standard Notes under Runbooks, encrypted with a strong passphrase. I also keep printed copies in a red folder inside my tech pouch—because when adrenaline spikes, screens are hard to read.

Daily Snapshot Backups

• MacBook: restic backup --repo rclone:b2:sr-backups-macbook ~ --exclude (large directories). Runs 02:00 local via launchd job. Backups go to Backblaze B2 + physical Samsung T7.
• iPad/iPhone: Nightly iCloud backups + weekly iMazing encrypted backups to the T7.
• Obsidian vault: Syncthing replicates to a Raspberry Pi at home (via Tailscale) and to the IronKey for offline copy.

Rapid Response Flow: Device Theft

1. Secure space. If theft happened in a cafe, leave immediately—thieves often operate in pairs.
2. Trigger Firewalla Gold (at home) to block IP addresses of stolen device via smartphone app.
3. Remote wipe:

• macOS: https://icloud.com/find > mark as Lost.
• iOS: same. If offline, the command queues.
• If I expect a border seizure, I queue wipe but also rotate all account passwords manually.

1. Update incident log. I keep a Google Sheet—with offline copy—that logs time, location, device, actions taken, police report number.
2. Notify stakeholders. Prewritten message in Signal Broadcast: “Laptop lost in . No data exposure expected. Remote wipe initiated. Will confirm replacement ETA in 1 hour.”
3. Restore environment using backup Mac mini at home via Tailscale + Remote Desktop, or rent a Shadow PC instance until hardware replacement arrives.

Rapid Response Flow: Account Compromise

Last year Social Blade credential stuffing hit one of my social accounts. Process:

• Immediately enable 1Password Travel Mode? No, that hides vaults. Instead I isolate the account.
• Run haveibeenpwned.com API check for account email.
• Rotate password using password manager; generate 24-character random strings.
• Check OAuth connections (Google, Slack, GitHub) and revoke tokens.
• Audit 1Password Watchtower for reused credentials. None should exist, but watch anyway.
• Document timeline for clients: when first alert came, actions taken, current status.

Communications Toolkit

• Signal broadcast group (“Ops Broadcast”) with close collaborators. Template messages for device loss, delay, security incident.
• Proton Mail alias dedicated to incident reports (sends to legal counsel + business partner).
• Twilio Verify account for sending mass SMS to clients if email down.

Physical Redundancies

• Spare phone (iPhone SE) with eSIM profile cloned but disabled. Lives powered off in sling pocket. If main phone dies, I boot this, activate Mullvad VPN, and carry on.
• Cash stash: $300 split between backpack false bottom and jacket inner pocket.
• Photocopies of passport/ID sealed in waterproof pouch taped under suitcase lining.

Practice Drills (Quarterly)

1. Laptop loss simulation: I power down MacBook, pretend it’s gone, and attempt to restore environment on iPad + remote Mac mini in under 60 minutes.
2. Account compromise drill: I create a dummy account, simulate credential leak, and run response flow.
3. Medical emergency drill: I hand incident card to a travel partner, have them call insurance, and practice transferring power of attorney using the notarized documents.

Each drill gets logged in Notion with “What worked / What failed.” Last drill flagged that my tresorit backups hadn’t synced in six days—fixed by re-authenticating.

Gear Placement Map

Backpack main compartment:
  - Laptop sleeve: Framework + T7 SSD
  - Tech pouch (left): IronKey, screwdriver, YubiKeys, USB adapters
  - Red folder: printed runbooks, notarized POA, emergency cash
Sling bag:
  - Spare phone (powered down)
  - Passport + laminated copies
  - Router + power bank

Knowing where things live saves seconds when adrenaline hits.

Contacts Cheat Sheet (Laminate This)

• Insurance: SafetyWing +1-855-884-0123
• Attorney: Laura Mendez (global mobility) +1-206-555-0187
• Managed service provider (for clients): PagerDuty on-call bridge +1-415-555-9921 PIN 7371
• Hardware replacements: Framework support email, Apple premium resellers in current city

TL;DR Packing List

[ ] IronKey + Samsung T7 with encrypted backups
[ ] Printed incident runbooks + consent forms
[ ] Spare unlocked phone + preloaded eSIM
[ ] Travel router + VPN configs
[ ] Hardware keys + spare batteries
[ ] Photocopies of ID, cash, notarized POA

Incidents will happen—it’s travel math. When they do, the person who rehearsed wins. Toss this kit next to your passport, run the drills quarterly, and you’ll recover from the kind of mishaps that strand other travelers in digital purgatory.