When in China, don't leave your laptop alone

If you travel to China or Russia, assume government or industry spooks will steal your data and install spyware. Here's how to thwart them

1 2 3 4 Page 4
Page 4 of 4

5. Limit remote access to devices and wireless communications when overseas. You should disable access to and from Bluetooth and Wi-Fi devices while traveling, Irvine says.

"All Bluetooth devices have some vulnerabilities inherent to them," Irvine says. Older versions of Bluetooth are more susceptible to hacking and eavesdropping, he notes, so "if your device is older than a year or so, it's time to upgrade.".

"Wi-Fi hotspots and even hard-cable-based Internet access at untrusted locations should not be used," Irvine says. While cellular still may be suspect in foreign countries, he says, it remains the safer alternative.

Do not work in Internet cafés and other public hotspots. In countries like China, "these are not places where employees should be working on sensitive information or connecting and sending private or company restricted information via email or other forms of social media," says Akibia's McDonald.

If possible, work on networks that you trust, such as those in your own facilities or those operated by trusted business partners.

In addition, if you're planning to travel internationally, you should change all passwords on systems before leaving, to make sure that passwords on devices are not the same as any other passwords you have on personal or corporate systems back home. Also, use totally different passwords than normal, so a password stolen overseas doesn't help the cyber thief figure out your everyday passwords.

"If possible, IT departments should disable access to systems while they are abroad, so if [identity] or passwords are compromised, nothing can be accessed," Irvine says.

If wireless communication is necessary, all communications via mobile devices should use strong encryption and be limited where there is a concern that any potential adversary has significant cryptologic capabilities, says Timothy Ryan, a managing director at Kroll Advisory Solutions. Consider using VPNs with two-factor authentication. "If sensitive matters must be discussed, blend out-of-band communications such as voice and chat to increase the difficulty of your adversary monitoring your communications," he says.

6. Make sure your systems are up to date with antivirus software. Failing to keep antivirus definitions current is virtually a guaranteed path to system compromise.

"Individuals engaging in the theft of proprietary information use malware, and morphed attacks via ports and services that cannot be blocked from the Internet," McDonald says. "These types of attacks take advantage of systems that are unpatched and behind on antivirus" updates.

Don't assume that antivirus tools are the only defense you need, says the National Cyber Security Council's Martinez says. They are a first line of defense, but not a complete defense. To combat the hidden malware increasingly inserted into apps, websites, and other venues, he expects that companies will soon routinely collect intelligence about compromised assets containing malware that now regularly slip through networks and their traditional defenses.

7. Don't broadcast your whereabouts. Location-based tools are rapidly growing in popularity, thanks in part to the pinpoint accuracy of geolocation technology in today's mobile devices.

These services can provide useful information on places to eat or other local services, but keep in mind that there are downsides to this technology. When users check in on a location-savvy social network, they effectively broadcast to the world vital information about their whereabouts, which might provide useful information to a competitor.

A seemingly harmless check-in at an airport near a customer's headquarters could be all a savvy competitor or intelligence agency needs to plan its spying strategy, Ryan says.

When you travel overseas, you're a target
Clearly, if you're a business executive planning to travel overseas, you're a potential target for corporate and government spies. Take every precaution you can to protect corporate systems and data.

That's a discomfiting reality you may be tempted to laugh off as paranoia or "it won't happen to me." Really, you shouldn't.

This story, "When in China, don't leave your laptop alone," was originally published at InfoWorld.com. Follow the latest developments in security at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.

Copyright © 2012 IDG Communications, Inc.

1 2 3 4 Page 4
Page 4 of 4