Assuming you have a basic level of Cyber Security measures e.g. ecrypted hard drives, decent user name and password rules, encrypted VPN tunnels etc. I would say there are a number of issues to consider.
- Content on the laptops - is this commercially sensitive,
nationally sensitive, any export controls applicable. Effectively who would be interested in the data and what skills / resources do they have at their disposal?
- Your business - what it is you do and how that can be seen in
different cultures - are you at risk of industrial, national espionage or from hacktivism.
- The legality of your "standard" IT Security Solution in the country of destination - I believe some countries (especially middle east) have a big problem with encryption and prohibit any encrypted communications.
- Your level of risk acceptance based on the country of destination. E.g. do you mind if the US authorities exercise their right of search of your device and would you be happy to provide any decryption codes to the border staff before the laptop is taken away for investigation?
A multinational company I work closely with all laptops have HDDs which are high level encrypted and where remote access is authorized it is via VPN but only with RSA tokens has a list of "home" countries where standard laptops can be taken, this is essentially all the countries the company has a major presence (except USA). Outside of that the user "should" contact IT and obtain a loan laptop there are 2 levels "amber" and "red" based on Security advice on the country of destination.
"Amber" is for relatively friendly countries where for business purposes a clean laptop is taken (so a fresh internal build) with only files needed for the business trip are taken, these can connect via vpn back home and essentially work similar to the traveler's normal laptop. The issue here is to minimize risks from data loss, export offenses etc, whilst maintaining a good level of access
"Red" is for particularly risky countries where data intercept is to be expected these include China, Russia or where encrypted VPNs are banned in law. These laptops are very basic with fresh installs of base windows with basic office software, public email, internet access and only approved files may be loaded on to them (e.g. pre-cleared presentations), these "red" devices have no way of 'phoning home' and will be wiped on return and once being marked as a "red" laptop they will remain "red" until they are finally shredded (literally).
I have heard some organizations which have a process in place to counter the risk of border security searches e.g. in the US by having a process where the device is encrypted before travel and critically the user does not know the decryption code so is unable to login. That is only disclosed once the traveler gets through immigration the process is printed and the traveler can show that to immigration staff and apparently that gets round the right to search non US citizens, but not being a lawyer I'm not sure how true this is.