This policy covers Connor Group Policy when travelling to foreign countries that do not respect intellectual property, protection of proprietary data, or individual's right to privacy. This policy applies specifically to the following countries but is intended to include countries with active civil unrest:

  • Afghanistan
  • Belarus
  • China
  • Cuba
  • Hong Kong (SAR)
  • Iran
  • Iraq
  • Macau (SAR)
  • North Korea
  • Russia
  • Syria
  • Taiwan (SAR)
  • Turkmenistan
  • Venezuela
  • Yemen


Connor Group's policy does not permit working from these countries with CG equipment or with CG clients for the following reasons:

  • Many of the countries on this list ban or heavily restrict access to global information. For example, China's Great Firewall prohibits unsanctioned VPN use, with 'unsanctioned' meaning any VPN the country cannot intercept and monitor. Countries on this list have particular issue with connectivity to sites or information contrary to the ruling party's official narrative. As such our corporate VPN's ability to route internet traffic can be considered a tool for sewing unrest. Even if a professional never visited Youtube, bbc.com, or any sites on this list (the list itself is hosted on Wikipedia, a prohibited website by many of these countries), they could be detained for contraband, inciting insurrection, or other erroneous yet plausible charges. 
  • There is no little to no expectation of digital privacy for any electronic device in these countries. For example, China maintains the right to require any individual within the country to provide access to their electronic device, including logging in and surrendering the device to allow inspection of programs and data. This is a privacy violation for all our clients and a potential data breach for any Connor Group information stored or accessible from the laptop.
  • Connor Group has many contractual obligations with its clients regarding where client data can reside or be processed. Restrictions and declarations on where client data may be stored or processed are now routine for compliance requirements. Allowing Connor Group devices or professionals to process client data within a non-supported country would be in breach of these contracts. 
  • As these countries maintain the right to confiscate and inspect laptops, Connor Group can no longer trust the laptop has not been compromised with a hardware attack. Hardware attacks are a group of compromises known to circumvent security controls by directly modifying the internal circuitry, BIOS, or boot code on your computer (remember how people say 'keep your laptop in your possession' when travelling?). While it is unlikely Connor Group would be the planned target of this attack, it is much more likely Connor Group would be targeted as a 3rd party and leveraged for gaining access to one of our clients' data or systems.


Unless we have a critical requirement to have Connor Group employees or ICs to perform work while in these countries, Connor Group maintains the position that we do not permit Connor Group devices to travel to these locations, nor have professionals perform work for Connor Group clients while residing there. 


Note, VPNs are not a workaround for working from non-supported countries.


If a client requires professionals to work from these locations as continued and essential need, the managing partner must sponsor a project with HR, IT, and Legal to explore costs, security controls, and risks of overseeing staff and data in such an environment. If you feel you have an exception case please fill out this service request via the IT Support Helpdesk portal.