Mac Security when Traveling to China

kaci_weirich
New Contributor

My company is increasing travel back and forth to China. I've read a lot about the PRC deploying spyware to machines. How are you mitigating this when the laptop returns to your office? I know we're not the only company dealing with this and any advice is welcome! Up to this point, we've been wiping the machine when it returns to our office (before putting it on our network).

Thanks!

1 ACCEPTED SOLUTION

rderewianko
Valued Contributor II

Before the machine even gets to china, we swap out the filevualt encryption keys, having an individual one for each machine going to china.. Then we firmware brick the machine, and tell the employee to contact us when they get settled, which we then give them the key.

Haven't gotten one back to NA yet, so can't comment on that part.

There was a great session at JNUC14 on this.Here

View solution in original post

3 REPLIES 3

rderewianko
Valued Contributor II

Before the machine even gets to china, we swap out the filevualt encryption keys, having an individual one for each machine going to china.. Then we firmware brick the machine, and tell the employee to contact us when they get settled, which we then give them the key.

Haven't gotten one back to NA yet, so can't comment on that part.

There was a great session at JNUC14 on this.Here

View solution in original post

rtrouton
Valued Contributor III

Rather than have folks take their own machines, I recommend having a stockpile of loaner machines and give them to folks travelling to China.

When they come back, keep the loaner off of your network and make sure anything they need is off of the laptop. Once that's done, wipe the loaner completely.

gachowski
Valued Contributor II

I think there is no really way to secure and be 100% sure about it with any computer. I think you have to use iPads.

I read somewhere that Apple added a verification wipe to the newer iOS devices, but I couldn't find the page.

C