Keeping secrets safe on the road

Jan. 31, 2013
How to ensure your company’s sensitive information stays secure in potentially hostile territory

Planning to visit China soon? Whether it’s for business or pleasure, American executives must keep their guard up and their corporate secrets secure. Here’s what the U.S. State Department warns:

“Security personnel carefully watch foreign visitors and may place you under surveillance. Hotel rooms (including meeting rooms), offices, cars, taxis, telephones, Internet usage, and fax machines may be monitored onsite or remotely, and personal possessions in hotel rooms, including computers, may be searched without your consent or knowledge. Business travelers should be particularly mindful that trade secrets, negotiating positions, and other business-sensitive information may be taken and shared with local interests.”

For many executives, traveling to China is just part of the job. As a corporate security executive, you must make sure your C-Suite is prepared to make the journey. The Chinese government and many of the country’s business are waging war on American companies; in fact, our cover story in Security Technology Executive’s February issue (available next week) outlines the threat and offers several tips for corporate security executives here at home.

For those planning to travel overseas, I recently came across an article from The American Lawyer outlining tips to keep secrets safe on trips to China. While these tips are directed at lawyers, they serve as a good playbook for all executive travel to China and other countries where data may come under attack.

According to article author Alan Cohen, here are five security steps that any executive can take before, during and after a trip to China (please check out the full article for more detailed explanations of these tips):

1. Take a “clean” laptop: Never bring your usual, day-in, day-out computer with you to China — or any other foreign country, for that matter. The computers inevitably contain some important, and often secret, information about your company. As the State Department says, any of these devices may be searched without your consent. “Make loaner laptops as bare-bones as possible, stripping them of Web browsers, word processing software and email programs, and ensure that no data is ever stored on them,” Cohen writes.

2. Use desktop virtualization: The cloud has become a popular tool to keep information from falling into the wrong hands. Once you have a clean laptop, desktop virtualization enables your executive to access applications like email and the web from the company data center. “What desktop virtualization does is turn a laptop into, in effect, a keyboard and screen,” Cohen writes. Your executive should be using multi-factor authentication to access any of the programs and information — such as a password and a biometric. All work done on the road should be saved to the cloud, NOT to the hard drive.

3. Keep the laptop in your possession: Never leave your laptop in your hotel. The Chinese government, which reportedly works with the hotels, has been known to install keystroke tracking and other malware onto computers without the user’s knowledge or consent. Further, Cohen notes, Chinese Customs officials at airports may take a laptop into another room for “examination.” Your executive should report this incident to the company IT department immediately.

4. Wipe the laptop upon return: “The safe play is to erase the entire laptop upon return,” Cohen writes. “That doesn't mean simply wiping data, but also erasing the system's BIOS (the software that boots up a computer and controls its basic functions), which is the only way to get rid of some of the more advanced forms of malware.”

5. Forget about personal smartphones and tablets: Executives should leave their iPhones and tablets at home with their personal laptops. “A low-frills handset (that is, something that doesn't surf the Web or run apps), devoid of all contact and calendar information, should be taken,” Cohen writes. “It, too, should be clean when entering China and wiped upon return.”

6. Change all passwords upon return: Any Facebook, LinkedIn and email accounts that were accessed in the foreign country should have their passwords changed when the executive returns home. Even when taking stringent security measures, you never know if the computer used at a hotel business center or even your clean laptop somehow fell victim to a keystroke logging program.

Remember, your company’s critical information is the lifeblood of the organization, and protecting it from prying eyes is paramount to the success of any business. Again — be sure to check out the Jan/Feb issue of STE at for trade secret theft prevention strategies and policies that security executives should employ at their home offices.