KEY POINTS:
Droning on about the importance of data security may seem dull, but businesses that don't address the risks posed by wireless technologies and devices will find things soon get exciting. It only takes one lost or stolen device, one intercepted business conversation, or one major network failure to
kick-start a drama.
A small business director says: "I was sitting at a conference and had my laptop set up in front of me to take notes.
"On the hard drive there were also confidential pricing pitches to potential customers. At morning tea, I stepped out for a coffee and when I came back my laptop was still there, but the hard drive wasn't.
"Competitors were in and out of the room, but I could hardly start grilling them."
Another describes how a wireless security breach cost his business thousands in telecommunications fees.
"Our broadband bill shot through the roof. It something like quadrupled in two months.
"When we called a network consultant he told us the reason was our wireless network was wide open; people were just sitting in their cars outside and using laptops to download data over our bandwidth," says the director.
Dr Keith White, director of security services for network communications company Alcatel-Lucent, says criminals are constantly developing new ways to exploit data security weaknesses in businesses, and wireless networks and devices are particularly vulnerable.
"Their goals include crippling phone and data networks as an act of business sabotage, obtaining personal or business information that can be on-sold, and accessing information like business banking passwords and customer accounts with an eye to identity theft or financial theft.
"We are even starting to see [data security issues] occur across IP telephony networks and SMS and other messaging platforms," says White.
However, researchers say the most common data security breach occurs when a small business employee buys a retail wireless access point and plugs it into an Ethernet jack on the business network to establish an instant wireless local-area network (WLAN).
The unsecured "rogue" access point can then be accessed by a hacker and bandwidth stolen, or business data copied and viewed.
Robert Pregnell, regional product marketing manager for Symantec End Point Security Solutions, says it's vital businesses learn how to secure their wireless networks and handheld devices and smart phones should be considered just another PC when it comes to data security.
There's a need to protect wireless devices against viruses and against software which enables eavesdropping of connections and [unauthorised] passing of documents.
"So far we know of at least 235 mobile phone viruses; while there are around 150,000 known PC viruses, it's a ratio thats closing fast," says Pregnell.
Pregnell says operating systems such as Windows Mobile which run mini versions of applications such as Word and Excel on smart phones create new vulnerabilities as there are malicious programmes that specifically attack office applications. If such malware is transferred to a core business network because security technologies have not been configured on the network to query and check the mobile device, the network can be quickly compromised.
This might mean a total network or internet access failure that takes up to a week to repair and causes permanent loss of business data, or installation of a hard-to-detect gateway that lets criminals subtly steal information over time.
Considering most New Zealand businesses are not large enough to sustain king hits of this nature, taking the time to peruse a wireless security checklist not only makes business sense its common sense.
