The short answer: I back up my data. I encrypt all sensitive data on my laptop and don't access it in uncontrolled environments. I tunnel everything (usually with OpenSSH Dynamic Proxy) and then I run a firewall ruleset on my laptop that: 1) Permits tunneling to my server, 2) Permits anything on localhost, 3) Blocks all other incoming or outgoing traffic. Meaning if some program (Pidgin for example) isn't going through the tunnel, it can't even connect out.
It's worth mentioning that I usually operate this way all the time, whether I'm in a risky environment like DefCon or HOPE conferences, or my favorite small coffee shop. Tools like ProxySwitcher, small shell scripts, network locations and stuff that others have mentioned can be used by moderately-savvy folks to make the tunnel setup as painless as possible.