Hot Spot Dangers

 

By Mary K. Pratt

Security experts say that employees are increasingly exposing personal and professional information unknowingly as they log in at Wi-Fi hot spots. Although these breaches haven’t yet made big headlines, given the increasing reliance on smartphones, laptops and other portable devices, it’s only a matter of time, experts say.

Ryan Crumb, director of information security for PricewaterhouseCoopers Advisory Services, has seen all sorts of information gleaned from hot spots — including Social Security numbers, corporate financial data and information about M&A deals — that was never meant for him to see. Sometimes Crumb deliberately looks to see what unprotected data is traveling over the network in public spaces.

“It’s an inherent problem with being on a public space,” he says.

Steps IT can take to protect data from hot-spot dangers

* Establish and enforce strong authentication policies for devices trying to access corporate networks.

* Require employees to use a corporate VPN (virtual private network) and encryption when making a connection and exchanging data; better still, set up employee computers so that devices automatically connect to the VPN and encrypt data after making sure the computer or device hasn’t been lost or stolen.

* Make sure all devices and software applications are configured properly and have the latest patches.

* Ensure that corporate security policies prevent workers from transferring sensitive data to mobile devices or unauthorized computers.

* Use air cards, which require a service plan, instead of hot spots for wireless connections.

* Crumb, who works with clients to find and fix security weaknesses, says it’s not hard to find such data, as it’s often heading in and out of hot spots via e-mail.

“Hot spots are great for the coffee shops, but people conducting business have to understand it’s their responsibility to protect themselves. They might as well be putting it on a billboard and run down the street,” says CISSP Marc Noble, director of government affairs at (ISC)2, a nonprofit organization that educates and certifies information security professionals.

What IT can do

Companies can counter the dangers of a dirty hot spot with strong authentication, an automatic connection to a VPN and automatic encryption, Crumb says. They also need to be vigilant on patch management for all devices used for work, and institute policies and procedures that guarantee IT keeps all workers’ devices properly configured.

Another possibility: Air cards, which are “just direct broadband connections,” consultant Johnson explains. In other words, an air card is a USB card that makes a connection to your carrier. “So they are an alternative to a hot spot because you can use your air card anyplace your carrier offers service.” They are also called mobile broadband cards.

If going this route, your carrier coverage area is a really important factor: it could be either an advantage or disadvantage based on where you normally work and live and the carrier’s coverage area. Over time, though, “this is becoming less of an issue as the carriers are converging/merging so there are a smaller set but larger coverage,” Johnson says.

Most broadband carriers have fixed-price packages, so this is an added cost over what is generally free Wi-Fi. It may be worth it, though; as Johnson says, “I would say a broadband air card would be more secure than a hot spot because it’s under your control and you make direct connections to the carrier instead of [going] through the hot spot infrastructure.”

Another tack is that IT groups “can take the proactive stance that whenever these devices are plugged into the network, that every time there’s a touch point within the corporate network, that they can check to make sure it’s configured properly,” Johnson says.

Setting end-user machines and devices to be scanned each time they connect to the corporate network does cause a delay for employees who are hoping to get right to work, Johnson acknowledges, but says it is a delay of only “seconds” and adds that this is part of the education IT must engage in with users. Still, he adds, “it’s the price that a company is willing to pay — or have their employees pay — to ensure a safer networked environment.”

The key to guaranteeing that hot spots won’t suck away crucial data and lead to the kind of breach that makes the nightly news is to automate security measures as much as possible, Crumb adds.

Possibly Related Posts:


  • Multiply
  • MySpace
  • Digg
  • Delicious
  • Facebook
  • Squidoo
  • Twitter
  • Yahoo Buzz
  • LiveJournal
  • Google Bookmarks
  • StumbleUpon
  • AOL Mail
  • DZone
  • Ask.com MyStuff
  • AIM
  • Share/Save/Bookmark
 
 

Tagged as: , , , , ,

 

Comments

No Responses to “Hot Spot Dangers”

Write a Comment