在中國如何確保設備和個人信息安全

HONG KONG — China is one of the world’s most dangerous Internet environments, with risks including government-sponsored online attacks, piracy and malware. Thomas Parenty, a former National Security Agency official who runs a security consulting firm, offered his views on how to ensure that devices and personal information stay safe in China. Here are excerpts.

香港——中國有着世界上最危險的互聯網環境之一，風險包括政府支持的網絡攻擊行爲、盜版和惡意軟件。前美國國家安全局(National Security Agency)官員托馬斯·帕朗蒂(Thomas Parenty)目前經營着一家安全諮詢公司，對於如何在中國確保設備和個人信息的安全，他提出了一些建議，摘錄如下。

What’s the biggest threat for foreign firms in China?

外國企業在中國遭受的最大威脅是什麼？

The biggest danger for companies comes from insiders: local staff, suppliers or partners. What really makes the biggest impact on Western companies is they share key information with local partners with whom they cooperate without taking adequate precautions regarding digital control over that information.

企業最大的危險來自於內部：本地的員工、供應商或合作夥伴。對西方企業影響最大的因素，就是與當地合作伙伴分享關鍵信息，卻沒有采取充分的防範措施，管控這些數字信息。

What kind of mistakes do you see people making in trying to be secure in China?

你覺得人們在中國試圖保護信息安全時，會犯下怎樣的錯誤？

During sensitive meetings, organizers will sometimes insist that participants remove the SIM cards or batteries from their mobile phones because they have heard that hackers can use mobile phones to spy on meetings. But then everyone has a laptop in front of them, and the laptops are probably more susceptible. So people address the smaller risk while neglecting the bigger risk.

在內容敏感的會議中，主辦方有時會要求與會者將手機中的SIM卡或電池取出，因爲他們聽說黑客可以通過手機來監聽會議。但同時，每個人都拿着筆記本電腦來開會，這種設備反而可能更容易泄密。人們防範了較小風險，卻忽視了更大的風險。

If you’re going on a business trip to China, what kind of precautions should be taken?

如果你到中國出差，會採取什麼樣的預防措施呢？

Update all your software before you leave home. Then when you’re in China, don’t update any of your software.

在離家之前更新所有軟件。當你在中國時，就不要再更新任何軟件了。

You should also enable whole disk encryption on all your devices. IOS and Android have it for smartphones, and Windows and Mac have it built in for computers.

你也應該在所有設備上開啓全盤加密。 iOS和Android智能手機上有這個功能，Windows和Mac電腦裏也內置了這個功能。

If you want to be extra paranoid, you can set a firmware or BIOS password. That makes it more difficult for someone who has access to your computer, for example, in your hotel room, to boot your computer from a USB drive and bypass the encryption.

如果你仍不放心，還可以設置一個固件或BIOS密碼。這樣一來，如果有人可以接觸到你的電腦，例如在你的酒店房間裏，那麼他要利用USB驅動器啓動你的電腦，繞過加密層才行，那樣就會更困難

Switching gears, you also want to make sure you have a VPN service that will protect you from anyone snooping on you in an airport lounge or hotel hot spot. A helpful list of personal VPNs currently working in China is at .

此外，你還需要一個VPN服務。打開VPN之後，別人就無法在機場貴賓室或通過酒店熱點，來窺探你的信息了。你可以在上找到目前在中國可以使用的個人VPN列表。