Update December 25th 2019: the German secret service, Bundesamt für Verfassungsschutz (BfV), advises tourists and business people alike to buy a new phone before travelling to China (source: Handelsblatt).
Me and my colleagues were meeting up over lunch with another global brand team, discussing everything from corporate culture, how digital changes buying behaviour to kids and travel. At some point I mentioned that I would be visiting China for 2 weeks.
“So” one of them replied “what is your China policy?”
“So, what is your China policy?”
I was a bit confused as the discussion had not ventured towards politics or complex discussions about working with Chinese government organisations and/or expansion strategies. Let alone that I have anything to say that remotely makes any sense. I am, after all, just a simple marketeer that by coincidence can send tweets without making too many spelling errors.
She must have got the clue from my baffles face, so she elaborated on her question.
“No … no, I mean, what is your company policy towards digital data carriers and spyware when traveling to China?”
I do have some simple security rules I live by. I always use a screen protector to prevent people reading my documents when I am in a public space (library, coffee bar, plane or train). I always connect through VPN, especially on open networks. I use strong passwords consisting numbers, lower and uppercase letters and symbols and change these passwords every two months. My harddisks and home networks are encrypted and I have separate business and private networks. I don’t store important information in The Cloud.
It’s not Fort Knox, but I do the best I can and I probably have a better system in place than 95% of corporate employees.
But no, I had no China policy.
As it turned out, the other company had very clear guidelines. Every single time an employee would travel to or from China, his or her laptop had to be checked by a special internal security department. And more often than not they would find some sort of spyware.
It was a wake-up call for me, to be even more aware of digital evesdroppers.
Several weeks later, I ended up in a discussion on digital security in the internet of things with some other speakers at a conference. I was halfway telling my anecdote about the China policy when one of the other speakers, the CTO of a global internet company, interrupted me.
“Yeah, throw-away laptops”
Turned out his company had so many issues with spyware that every time one of their team went to China, they would take a new laptop, use it in China and get rid of it when they returned.
Clearly, I need a China policy.
Or at least ramp up my security.