Steps to secure your devices and data before traveling to China
China presents many risks for foreign executives in contrast with how most countries view the internet.
With a population of almost 1.4 billion and a middle class expected to include 550 million by 2022, China presents an enticing market for US companies. However, business travel in China presents many risks for foreign executives. Notwithstanding an escalating trade war between the United States, in contrast with how most countries view the internet, the Great Firewall of China, which is a partnership between the government and Chinese companies limits access to specific sites and technology as well as restricting the exchange of internet traffic across its borders. To complicate matters further, US law enforcement officials frequently issue warnings regarding China’s espionage efforts, targeted at businesses and universities. With these risks in mind, here are some tips to help protect your data, devices, and digital identities while on a business trip to China.
Leave your regular laptop, phone, and tablet at home
If possible, use a laptop designated by your company for foreign travel. Using a designated device for overseas travel limits how much information could fall into the wrong hands. It also allows the IT department to harden the devices’ defenses as well as pay particular attention to anomalies and intrusion attempts via a traveler’s laptop. Regardless of which device you take, don’t place any of them in the seat pockets on an airplane as thousands go missing that way every year.
Limit the data you take overseas
If you must take your primary devices with you, backup the files to the cloud, remove the documents you do not need to access during the trip and ask the IT department to encrypt every device. Remember to delete old emails from your laptop as well as your phone and tablet as they often include vast amounts of proprietary data. Resist the temptation to carry USB drives as they are easy to lose.
Leave your devices at home
Instead of taking your devices to China, identify the documents you plan to use while overseas well in advance of the trip. If possible, email those documents to your overseas counterparts, therefore removing the need to take a laptop entirely, or at least minimizing the sensitive files stored on your device’s hard drive. Leaving devices at home may also speed your transit through airport security. Alternatively, bring a low-cost device that provides sufficient functionality and limited data storage capabilities, but wouldn’t create a significant problem if lost or stolen.
Limit the impact of compromised passwords
Before you leave, change the passwords you use to access the device as well as the software you plan to use while in China. Always use complex passwords – especially as they relate to software and applications of value to third parties. Once back in the States, change your passwords again. This step prevents an intruder from compromising your passwords with a keylogger, for example, and maintaining their access long after you’ve left the country.
Keep your devices within an arm’s length
While it’s certainly possible to compromise a device remotely, an attacker may choose to access or steal the actual device. Keep your devices near you at all times. And bear in mind that most hotel safes offer limited protection against intruders, especially if targeted by a skilled professional with years of espionage experience.
Don’t use public charging outlets
To avoid connecting your device to a third-party computer inadvertently, do not charge your phone or tablet via public kiosks, such as those in airports. In addition, in public settings, pay attention to those around you, especially if you access any sensitive documents or input passwords to grant access to apps, servers, or cloud-based platforms. With that said, ideally, while out of the country, do not handle sensitive data or emails.
Limit public connections to the Internet
Limit your use of public Wi-Fi and avoid computers located in the hotel’s business center as they contain malicious software. Instead, use a virtual private network to accessing your employer’s server. Keep in mind that the Chinese government maintains strict control over internet usage via its “Great Firewall.” Therefore, make sure you have access to more than one service as China’s Great Firewall may prevent access to specific sites. When not using it, disable your phone’s Bluetooth and Wi-Fi capabilities. And remember to sign out of browsers and apps once done.
Know who to call
Despite your best efforts, a device may become lost or stolen. Before you leave, ask IT/corporate security what to do in the event a device is lost or stolen. If you lose control of a device, contact the IT department quickly as they may possess the ability to lock or wipe the device remotely.
Assume the trip compromised your devices
As a rule, assume any devices you take overseas end up being compromised. Upon your return, ask the IT department to conduct an in-depth analysis of your devices to uncover malicious software such as keyloggers. Once clean, reinstall the data you copied to the cloud before you left. If your computer operates slowly, or exhibits unusual behavior, immediately stop using it and contact your company’s IT department for assistance.