WASHINGTON - Some tips to help business travellers protect their laptops and mobile devices from spying — or at least limit the damage of hacking — while in China or other nations that may want to steal company information:
—Don't take your work or personal laptop. That's the best advice and a precaution used by major companies and agencies of the federal government, said Anup Ghosh, chief financial officer of Invincea, a software security company in Fairfax, Va. Instead, some employers issue travelling laptops that are clean of proprietary corporate or government information and are scrubbed clean after the employee returns from the trip.
—Don't think you can just keep your eye on your equipment. Data can be captured while the laptop is in customs or if you step away from your hotel room briefly. "It takes five minutes or less to capture information from the laptop," Ghosh said. Lock it in a hotel safe. Use an encrypted drive.
—Get a travelling phone as well, such as a pay-per-use phone. If you take your phone, it should be reimaged on return. Use your screen password on your mobile device so if you lose it, no one can pick it up and read your email or other data.
—Be aware of the risk, once in-country, of connecting to public networks. Wireless networks in hotels and coffee shops, for instance, are often compromised and malicious codes can be downloaded into your machine, Ghosh said. Even if you leave home with a clean laptop and it's wiped clean after the trip, someone can still capture what you're typing in emails or your credentials when you're entering them during the trip. Not much can be done about that — it's just a risk you have to be aware of so you are careful to avoid activities such as logging into your bank to do financial transactions, he said.
—Travel aside, your company should also routinely take steps to limit the types of applications that can run on their systems, regularly update computer programs, and tightly control the number of people who have broad access privileges to the company networks, said Alan Paller, director of research at SANS Institute, a computer-security organization.
