HONG KONG — China is one of the world’s most dangerous Internet environments, with risks including government-sponsored online attacks, piracy and malware. Thomas Parenty, a former National Security Agency official who runs a security consulting firm, offered his views on how to ensure that devices and personal information stay safe in China. Here are excerpts.
What’s the biggest threat for foreign firms in China?
The biggest danger for companies comes from insiders: local staff, suppliers or partners. What really makes the biggest impact on Western companies is they share key information with local partners with whom they cooperate without taking adequate precautions regarding digital control over that information.
What kind of mistakes do you see people making in trying to be secure in China?
During sensitive meetings, organizers will sometimes insist that participants remove the SIM cards or batteries from their mobile phones because they have heard that hackers can use mobile phones to spy on meetings. But then everyone has a laptop in front of them, and the laptops are probably more susceptible. So people address the smaller risk while neglecting the bigger risk.
If you’re going on a business trip to China, what kind of precautions should be taken?
Update all your software before you leave home. Then when you’re in China, don’t update any of your software.
You should also enable whole disk encryption on all your devices. IOS and Android have it for smartphones, and Windows and Mac have it built in for computers.
If you want to be extra paranoid, you can set a firmware or BIOS password. That makes it more difficult for someone who has access to your computer, for example, in your hotel room, to boot your computer from a USB drive and bypass the encryption.
Switching gears, you also want to make sure you have a VPN service that will protect you from anyone snooping on you in an airport lounge or hotel hot spot. A helpful list of personal VPNs currently working in China is at greycoder.com.