在中國如何確保裝置和個人資訊保安

HONG KONG — China is one of the world’s most dangerous Internet environments, with risks including government-sponsored online attacks, piracy and malware. Thomas Parenty, a former National Security Agency official who runs a security consulting firm, offered his views on how to ensure that devices and personal information stay safe in China. Here are excerpts.

香港——中國有著世界上最危險的網際網路環境之一，風險包括政府支援的網路攻擊行為、盜版和惡意軟體。前美國國家安全域性(National Security Agency)官員托馬斯·帕朗蒂(Thomas Parenty)目前經營著一家安全諮詢公司，對於如何在中國確保裝置和個人資訊的安全，他提出了一些建議，摘錄如下。

What’s the biggest threat for foreign firms in China?

外國企業在中國遭受的最大威脅是什麼？

The biggest danger for companies comes from insiders: local staff, suppliers or partners. What really makes the biggest impact on Western companies is they share key information with local partners with whom they cooperate without taking adequate precautions regarding digital control over that information.

企業最大的危險來自於內部：本地的員工、供應商或合作夥伴。對西方企業影響最大的因素，就是與當地合作伙伴分享關鍵資訊，卻沒有采取充分的防範措施，管控這些數字資訊。

What kind of mistakes do you see people making in trying to be secure in China?

你覺得人們在中國試圖保護資訊保安時，會犯下怎樣的錯誤？

During sensitive meetings, organizers will sometimes insist that participants remove the SIM cards or batteries from their mobile phones because they have heard that hackers can use mobile phones to spy on meetings. But then everyone has a laptop in front of them, and the laptops are probably more susceptible. So people address the smaller risk while neglecting the bigger risk.

在內容敏感的會議中，主辦方有時會要求與會者將手機中的SIM卡或電池取出，因為他們聽說黑客可以通過手機來監聽會議。但同時，每個人都拿著膝上型電腦來開會，這種裝置反而可能更容易洩密。人們防範了較小風險，卻忽視了更大的風險。

If you’re going on a business trip to China, what kind of precautions should be taken?

如果你到中國出差，會採取什麼樣的預防措施呢？

Update all your software before you leave home. Then when you’re in China, don’t update any of your software.

在離家之前更新所有軟體。當你在中國時，就不要再更新任何軟體了。

You should also enable whole disk encryption on all your devices. IOS and Android have it for smartphones, and Windows and Mac have it built in for computers.

你也應該在所有裝置上開啟全盤加密。 iOS和Android智慧手機上有這個功能，Windows和Mac電腦裡也內建了這個功能。

If you want to be extra paranoid, you can set a firmware or BIOS password. That makes it more difficult for someone who has access to your computer, for example, in your hotel room, to boot your computer from a USB drive and bypass the encryption.

如果你仍不放心，還可以設定一個韌體或BIOS密碼。這樣一來，如果有人可以接觸到你的電腦，例如在你的酒店房間裡，那麼他要利用USB驅動器啟動你的電腦，繞過加密層才行，那樣就會更困難

Switching gears, you also want to make sure you have a VPN service that will protect you from anyone snooping on you in an airport lounge or hotel hot spot. A helpful list of personal VPNs currently working in China is at .

此外，你還需要一個VPN服務。開啟VPN之後，別人就無法在機場貴賓室或通過酒店熱點，來窺探你的資訊了。你可以在上找到目前在中國可以使用的個人VPN列表。