How to improve the cybersecurity of your China business

How does cybersecurity affect your China business?

Setting up or improving the cybersecurity of your China business goes a long way to respect the rules in China and harden your company network from cyber attacks.

The issue with this topic is that a lot of business owners or managers operating in China have already their hands full with the business landscape and they don’t want IT to slow them down.

With this article we want to help decision makers operating in China to improve the cybersecurity of their China business.

One of their struggles is not being aware of the risks related to Cybersecurity, so we would like to share some points:

1. 91.5 Billion = losses of internet users in China due to personal information leagage, fraud, junk email, etc.

2. The China Cybersecurity law is being implemented around China and it is requiring stronger attention from businesses operating in China (from data localization, data safety, and liability)

3. Cyber crime in China is growing every year.

But…what is Cybersecurity?

According to Kaspersky, it is “the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks”.

A good cybersecurity can help your China business to:

1. Prevent cyber attacks, and

2. Make sure your China business can keep running smoothly.

If you’re the China IT manager or IT is under your control for the China business of your global team, you want to make sure you’re setting up a strong cyber security for the business.

But, where can you start?

What do you need to know?

What can you do?

How can you audit your cybersecurity in China?

Let’s start from

3 basic questions:

1. Have you adjusted the security settings of your China Cloud solution and your business internal network?
2. Have you setup and made remote users have their security settings on?
3. Is your team ready to prevent or identify security threats or do they need help?

Have a chat with your IT team or your IT vendor to have a clear overview and understand the right priorities to protect your China business moving forward.

Ok, now you’ve talked with your IT team or with your IT vendor and you’re waiting for a report from their side, but you’re not sure what kind of terms or issues they may bring.

To help you understand better, we have prepared a list of the main steps to prepare a solid setup for your China business cybersecurity.

Cybersecurity foundations

NIST Framework

We recommend to follow the US Government’s NIST framework to build a strong foundation for your China business.

There are 5 main pillars:

1. IDENTIFY

“Develop an organizational understanding to manage cybersecurity risk to systems, people, assets, data, and capabilities”

2. PROTECT

“Develop and implement appropriate safeguards to ensure delivery of critical services.”

3. DETECT

“Develop and implement appropriate activities to identify the occurrence of a cybersecurity event.”

4. RESPOND

“Develop and implement appropriate activities to take action regarding a
detected cybersecurity incident.”

5. RECOVER

“Develop and implement appropriate activities to maintain plans for resilience and to restore any capabilities or services that were impaired due to a cybersecurity incident.”

Now that you’ve created the right foundation according to the NIST framework, you want to make sure technology is following up and supporting the work.

Tech foundation for a solid cybersecurity setup

For this, we would recommend to talk with your IT team and have the following bases covered:

1. IT Audit of your China business

2. Setup a firewall

3. Use MFA – Multi Factor Authentification

4. Data backup

5. Create a cybersecurity policy and enact it

6. Employees training (on-going) on cybersecurity and phishing

7. Password management and password security

8. Install Antivirus software and anti-malware software

9. Update all your software and patches

10. Penetration testing

11. Email filtering

12. Restrict users right

For a detailed analysis and further recommendations, please have a read of the Essentials 8.

Cybersecurity terms for your China business

Cloud – a technology that enables you to access files and services through the internet from anywhere in China or across the world

Domain – a group of devices (user devices or network devices) connected and controlled together

IP Address – internet protocol address and it identifies through a number a specific computer or network; the purpose of the IP address is to allow the device to send and receive information

Exploit – it is a malicious application or software used to take advantage of a computer or network device and take control of it

Breach – when a software or a hacker exploits a computer or a network device and can access their files and / or network

Firewall – a set of solutions (hardware and / or software) to protect a computer or network from unauthorized access

Malware – a group of nefarious software with the purpose to destroy or take control of a computer or network device or a whole network; the most famous categories are viruses, ransomware, trojans, spyware, DDoS, phishing

Virus – a category of malware that aims to corrupt, edit or delete information on a computer or network device before moving to other connected devices

Ransomware – a category of malware that aims to prevent you from accessing your files on your personal or network device; the objective is to hold your data and information until the payment of a ransom (i.e. Wannacry)

Trojan horse – a category of malware that allows a hacker to get access to a user device or network device

Spyware – a category of malicious software that allows someone to spy on a user device or network device without the device owner knowing it; the objectives vary from monitoring, collecting data and logins

DDoS – “Distributed denial of service” – a form of cyber attack that tries to make a website or network not usable by sending floods of traffic or data from other sources. As per Cloudflaer, the target devices can be computers or network devices, but recently there has been a surge on IoT devices.

Phishing – it is fraudulent practice that aims to obtain sensitive information and trick users to share confidential information; the information will then be used to access computers or network devices. The criminals will try to get your passwords, credit card number or personal ID (think 身份证 / shen fen zheng in China)

Encryption – it is a process to encode data to prevent adulteration of any sort from third parties; it will add a key without which you cannot access the information contained in the file

BYOD – “Bring your own device” – a company policy that allows employees to bring their personal devices and have them used at work; discuss with your IT team about the right application of this policy

Pen-testing – “penetration-testing” – it is a process to analyse the security of a computer or network device by using hacker tools or hacking techniques; it aims to find potential flaws in the security setup of a computer or network

Social engineering – it’s a technique to deceive users with the aim to access their confidential information; it looks for the behaviours of users and uses these patterns against them to get logins and IDs

White hat / Black hat – white hat refers to a cybersecurity expert trying to breach a computer or network with the company’s consent (aim to find and solve potential vulnerabilities); black hat refers to a hacker that wants to breach a computer or network device for illegal purposes

There are many more terms to be aware and we will cover them in future articles. Stay tuned.

We hope you’ve learned more about how to improve the cybersecurity of your China business and you’re prepared to take steps.

If you have any questions, or feedback, reach out to us

IT Support + BACKUP

Always make sure your IT support team (whether in-house or outsourced), has prepared contingencies for to improve the cybersecurity of your China business.

Fundamental tip:

Multiple backups.

Setup various backups based on the importance of your data:

Cloud backup
USB Backup
Tape backup
NAS backup

You can consider applying for CISSP certifications. Read here.

Do you want to apply for your ICP license? Read here

Are you looking to identify and prevent phishing emails? Read here.

How can you identify the security of your information systems in China? Read here.

Do you want to run your China business from remote? Read here.

If you want to:

Audit the IT of your Business in China
Upgrade or move your business tools to these cloud solutions in China
Setup a business continuity plan
Upgrade your IT infrastructure
Setup backup plans
Improve connectivity within your China offices or with your global offices