Q&A: While in China, Protect Your Devices and Data
By Paul Mozur

HONG KONG — China is one of the world’s most dangerous Internet environments, with risks including government-sponsored on­line attacks, piracy and malware. Thomas Parenty, a former National Security Agency official who runs a security consulting firm, offered his views on how to ensure that devices and personal information stay safe in China. Here are excerpts.

Q. What’s the biggest threat for foreign firms in China?

A. The biggest danger for companies comes from insiders: local staff, suppliers or partners. What really makes the biggest impact on Western companies is they share key information with local partners with whom they cooperate without taking adequate precautions regarding digital control over that information.

Q. What kind of mistakes do you see people making in trying to be secure in China?

A. During sensitive meetings, organizers will sometimes insist that participants remove the SIM cards or batteries from their mobile phones because they have heard that hackers can use mobile phones to spy on meetings. But then everyone has a laptop in front of them, and the laptops are probably more susceptible. So people address the smaller risk while neglecting the bigger risk.

Q. If you’re going on a business trip to China, what kind of precautions should be taken?

A. Update all your software before you leave home. Then when you’re in China, don’t update any of your software.

You should also enable whole disk encryption on all your devices. IOS and Android have it for smartphones, and Windows and Mac have it built in for computers.

If you want to be extra paranoid, you can set a firmware or BIOS password. That makes it more difficult for someone who has access to your computer, for example, in your hotel room, to boot your computer from a USB drive and bypass the encryption.

Switching gears, you also want to make sure you have a VPN service that will protect you from anyone snooping on you in an airport lounge or hotel hot spot. A helpful list of personal VPNs currently working in China is at greycoder.com.

紐時：到中國 手機記得關閉更新

中國官方嚴控網路環境，不少人都有被迫安裝「中國版」手機軟體的經驗，不僅導致資料消失，還可能有資安風險，前美國國家安全局官員建議，前往中國記得關閉手機自動更新。

紐約時報報導，中國有著世界上最危險的網路環境之一，風險來自於政府支持網路攻擊行為、盜版和惡意軟體。美國國家安全局前官員湯瑪斯‧帕朗蒂給予前往中國民眾的一些資安諮詢建議，對低頭族來說，去中國前務必更新完成所有軟體，到了當地就不要再更新。

一名曾到中國工作的民眾表示，去年7月在北京時，某天通訊軟體LINE突然無法登錄，一度懷疑自己被盜帳號，由於中國不能用Google Play，只好到中國的手機軟體平台「碗豆莢」重新下載LINE。

該民眾說，當時覺得那個LINE的版本怪怪的，雖然Icon長得一樣，卻用簡體字寫著「連我」，沒想到一安裝後，聯絡人全部不見，買的貼圖也都消失，最慘的是在中國那個網路環境，無法安裝回原版的LINE。

另外，也有民眾到中國工作，忘了關閉自動更新，使用的小米手機深夜自動更新作業系統，一覺醒來後，所有的內建軟體都變成中國版，出現了高德地圖、百度搜索等，而Google Play裡的東西全變成空的。

紐約時報指出，除了不要隨意更新軟體，也應該在所有設備上開啟全盤加密。iOS和Android智慧型手機上都有這個功能，Windows和Mac電腦裡也內建這個功能。

此外，還需要安裝VPN，打開VPN之後，別人就無法透過公開的WiFi熱點窺探私人訊息。報導建議，民眾可到「greycoder.com」網站上找到目前可以在中國使用的個人VPN列表。

原文參照：
http://bits.blogs.nytimes.com/2015/10/14/qa-while-in-china-protect-your-devices-and-data/

2015-10-19 世界日報 中國新聞組