Per The Non-Supported Countries Policy, Connor Group does not permit working from non-supported countries, but personal travel should include the following considerations:


Know your opponent: The Chinese, Russian, Iranian, and North Korean governments all sponsor cyber espionage campaigns against western interests for both political and economic interests. If a hostile agency suspects your device has valuable data, it will be targeted. In addition, cybercrime in general is a large problem in these locations, particularly for individuals on foreign travel. With these items in mind you should do what you can to limit your vulnerabilities:

  • Any personal devices (including cell phones) should be fully patched and up to date by running manual update checks. 
  • Delete any files you consider sensitive from your travel device or transfer them to another device that you leave at home. 
  • While in a hostile country, do not update your apps or system as update servers can be spoofed and maligned to install malicious content.
  • Unless actively in use, make sure your Bluetooth and WiFi connections are off. This will give potential attackers fewer weak points to exploit. 


If authorities request you power on and log in to your device:

Your individual privacy rights do not follow you into oppressive countries. For example, the Chinese and Russian governments claim authority to require you to power on and log in to your device. If you refuse they can confiscate your device, detain you for an indeterminate amount of time, or both. Do not refuse to comply with official requests. Your freedom is worth more than the data on your system. You should do what you can to mitigate the risk present to a compromised device. 


Use a VPN

Warning: Unsanctioned VPNs can be considered contraband and grounds for confiscation or detainment; the risk might not be worth the access.

Many oppressive governments closely monitor and curate Internet activity of everyone within the country. For example, China controls global Internet access with the Great Firewall of China to limit access to information incongruent with government propaganda or information. Google, Twitter, YouTube, and many other popular sites are completely blocked. Commercial and private VPNs (Virtual Private Networks) can bypass these blocks and help protect internet activities from surveillance. This also means restrictive countries also work to detect, block, and compromise VPN software and servers. To access these sites or to avoid the government’s surveillance, you will need to use a trustworthy VPN known to security work in the hostile country.


Do Not Access Sensitive Accounts

Even if you are using a VPN and you have a strong, unique password, you should avoid accessing accounts that contain sensitive information. Examples of these accounts include your work email, your bank account, or any account that is linked to a credit card. 


Use Strong, Unique Passwords & Change Them After Visiting

While you should always use strong, unique passwords (with 2 factor authentication) to secure all of your accounts, once you are home you should change the password to any account you accessed while in China. China records all internet traffic and this content could be used to divine passwords over time.


Be Mindful of Your Devices at All Times

The steps listed so far will increase your cybersecurity, but these measures can be bypassed if an attacker gets access to your device. Always ensure your device’s physical security by keeping it with you or at least in your sight at all times. You should not plug your smartphone into a public charging station, nor should you use any USB drives you receive. These actions can let attackers bypass your security measures and directly access your device. 


Leave Unnecessary Devices at Home

These steps will improve your security. Nevertheless, if you have very sensitive information that you do not want the Chinese government or cybercriminals to access, they still may not be enough. The best way to guarantee that your laptop or smartphone is not compromised in China is to leave it at home. You can buy a simple, pre-paid phone before your trip to use while in China, then throw the phone away before you head back home.


By following these steps, you can travel through restrictive countries with the best chance of protecting your sensitive data. Enjoy your trip!