How to improve the cybersecurity of your China business
How does cybersecurity affect your China business?
Setting up or improving the cybersecurity of your China business goes a long way to respect the rules in China and harden your company network from cyber attacks.
The issue with this topic is that a lot of business owners or managers operating in China have already their hands full with the business landscape and they don’t want IT to slow them down.
With this article we want to help decision makers operating in China to improve the cybersecurity of their China business.
One of their struggles is not being aware of the risks related to Cybersecurity, so we would like to share some points:
1. 91.5 Billion = losses of internet users in China due to personal information leagage, fraud, junk email, etc.
2. The China Cybersecurity law is being implemented around China and it is requiring stronger attention from businesses operating in China (from data localization, data safety, and liability)
3. Cyber crime in China is growing every year.
But…what is Cybersecurity?
According to Kaspersky, it is “the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks”.
A good cybersecurity can help your China business to:
1. Prevent cyber attacks, and
2. Make sure your China business can keep running smoothly.
If you’re the China IT manager or IT is under your control for the China business of your global team, you want to make sure you’re setting up a strong cyber security for the business.
But, where can you start?
What do you need to know?
What can you do?
How can you audit your cybersecurity in China?
Let’s start from
3 basic questions:
2. Have you setup and made remote users have their security settings on?
3. Is your team ready to prevent or identify security threats or do they need help?
Have a chat with your IT team or your IT vendor to have a clear overview and understand the right priorities to protect your China business moving forward.
Ok, now you’ve talked with your IT team or with your IT vendor and you’re waiting for a report from their side, but you’re not sure what kind of terms or issues they may bring.
To help you understand better, we have prepared a list of the main steps to prepare a solid setup for your China business cybersecurity.
We recommend to follow the US Government’s NIST framework to build a strong foundation for your China business.
There are 5 main pillars:
“Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities”
“Develop and implement appropriate safeguards to ensure delivery of critical services.”
“Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.”
“Develop and implement appropriate activities to take action regarding a
detected cybersecurity incident.”
“Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.”
Now that you’ve created the right foundation according to the NIST framework, you want to make sure technology is following up and supporting the work.
Tech foundation for a solid cybersecurity setup
For this, we would recommend to talk with your IT team and have the following bases covered:
1. IT Audit of your China business
2. Setup a firewall
3. Use MFA – Multi Factor Authentification
4. Data backup
5. Create a cybersecurity policy and enact it
6. Employees training (on-going) on cybersecurity and phishing
7. Password management and password security
8. Install Antivirus software and anti-malware software
9. Update all your software and patches
10. Penetration testing
11. Email filtering
12. Restrict users right
For a detailed analysis and further recommendations, please have a read of the Essentials 8.
Cybersecurity terms for your China business
Cloud – a technology that enables you to access files and services through the internet from anywhere in China or across the world
Domain – a group of devices (user devices or network devices) connected and controlled together
IP Address – internet protocol address and it identifies through a number a specific computer or network; the purpose of the IP address is to allow the device to send and receive information
Exploit – it is a malicious application or software used to take advantage of a computer or network device and take control of it
Breach – when a software or a hacker exploits a computer or a network device and can access their files and / or network
Firewall – a set of solutions (hardware and / or software) to protect a computer or network from unauthorized access
Malware – a group of nefarious software with the purpose to destroy or take control of a computer or network device or a whole network; the most famous categories are viruses, ransomware, trojans, spyware, DDoS, phishing
Virus – a category of malware that aims to corrupt, edit or delete information on a computer or network device before moving to other connected devices
Ransomware – a category of malware that aims to prevent you from accessing your files on your personal or network device; the objective is to hold your data and information until the payment of a ransom (i.e. Wannacry)
Trojan horse – a category of malware that allows a hacker to get access to a user device or network device
Spyware – a category of malicious software that allows someone to spy on a user device or network device without the device owner knowing it; the objectives vary from monitoring, collecting data and logins
DDoS – “Distributed denial of service” – a form of cyber attack that tries to make a website or network not usable by sending floods of traffic or data from other sources. As per Cloudflaer, the target devices can be computers or network devices, but recently there has been a surge on IoT devices.
Phishing – it is fraudulent practice that aims to obtain sensitive information and trick users to share confidential information; the information will then be used to access computers or network devices. The criminals will try to get your passwords, credit card number or personal ID (think 身份证 / shen fen zheng in China)
Encryption – it is a process to encode data to prevent adulteration of any sort from third parties; it will add a key without which you cannot access the information contained in the file
BYOD – “Bring your own device” – a company policy that allows employees to bring their personal devices and have them used at work; discuss with your IT team about the right application of this policy
Pen-testing – “penetration-testing” – it is a process to analyse the security of a computer or network device by using hacker tools or hacking techniques; it aims to find potential flaws in the security setup of a computer or network
Social engineering – it’s a technique to deceive users with the aim to access their confidential information; it looks for the behaviours of users and uses these patterns against them to get logins and IDs
White hat / Black hat – white hat refers to a cybersecurity expert trying to breach a computer or network with the company’s consent (aim to find and solve potential vulnerabilities); black hat refers to a hacker that wants to breach a computer or network device for illegal purposes
There are many more terms to be aware and we will cover them in future articles. Stay tuned.
We hope you’ve learned more about how to improve the cybersecurity of your China business and you’re prepared to take steps.
If you have any questions, or feedback, reach out to us
IT Support + BACKUP
Always make sure your IT support team (whether in-house or outsourced), has prepared contingencies for to improve the cybersecurity of your China business.
Setup various backups based on the importance of your data:
- Cloud backup
- USB Backup
- Tape backup
- NAS backup
If you want to:
- Audit the IT of your Business in China
- Upgrade or move your business tools to these cloud solutions in China
- Setup a business continuity plan
- Upgrade your IT infrastructure
- Setup backup plans
- Improve connectivity within your China offices or with your global offices