HONG KONG — China is one of the world’s most dangerous Internet environments, with risks including government-sponsored online attacks, piracy and malware. Thomas Parenty, a former National Security Agency official who runs a security consulting firm, offered his views on how to ensure that devices and personal information stay safe in China. Here are excerpts.
香港——中国有着世界上最危险的互联网环境之一，风险包括政府支持的网络攻击行为、盗版和恶意软件。前美国国家安全局(National Security Agency)官员托马斯·帕朗蒂(Thomas Parenty)目前经营着一家安全咨询公司，对于如何在中国确保设备和个人信息的安全，他提出了一些建议，摘录如下。
What’s the biggest threat for foreign firms in China?
外国企业在中国遭受的最大威胁是什么？
The biggest danger for companies comes from insiders: local staff, suppliers or partners. What really makes the biggest impact on Western companies is they share key information with local partners with whom they cooperate without taking adequate precautions regarding digital control over that information.
企业最大的危险来自于内部：本地的员工、供应商或合作伙伴。对西方企业影响最大的因素，就是与当地合作伙伴分享关键信息，却没有采取充分的防范措施，管控这些数字信息。
What kind of mistakes do you see people making in trying to be secure in China?
你觉得人们在中国试图保护信息安全时，会犯下怎样的错误？
During sensitive meetings, organizers will sometimes insist that participants remove the SIM cards or batteries from their mobile phones because they have heard that hackers can use mobile phones to spy on meetings. But then everyone has a laptop in front of them, and the laptops are probably more susceptible. So people address the smaller risk while neglecting the bigger risk.
在内容敏感的会议中，主办方有时会要求与会者将手机中的SIM卡或电池取出，因为他们听说黑客可以通过手机来监听会议。但同时，每个人都拿着笔记本电脑来开会，这种设备反而可能更容易泄密。人们防范了较小风险，却忽视了更大的风险。
If you’re going on a business trip to China, what kind of precautions should be taken?
如果你到中国出差，会采取什么样的预防措施呢？
Update all your software before you leave home. Then when you’re in China, don’t update any of your software.
在离家之前更新所有软件。当你在中国时，就不要再更新任何软件了。
You should also enable whole disk encryption on all your devices. IOS and Android have it for smartphones, and Windows and Mac have it built in for computers.
你也应该在所有设备上开启全盘加密。 iOS和Android智能手机上有这个功能，Windows和Mac电脑里也内置了这个功能。
If you want to be extra paranoid, you can set a firmware or BIOS password. That makes it more difficult for someone who has access to your computer, for example, in your hotel room, to boot your computer from a USB drive and bypass the encryption.
如果你仍不放心，还可以设置一个固件或BIOS密码。这样一来，如果有人可以接触到你的电脑，例如在你的酒店房间里，那么他要利用USB驱动器启动你的电脑，绕过加密层才行，那样就会更困难
Switching gears, you also want to make sure you have a VPN service that will protect you from anyone snooping on you in an airport lounge or hotel hot spot. A helpful list of personal VPNs currently working in China is at greycoder.com.
此外，你还需要一个VPN服务。打开VPN之后，别人就无法在机场贵宾室或通过酒店热点，来窥探你的信息了。你可以在greycoder.com上找到目前在中国可以使用的个人VPN列表。