KEY POINTS:
To Pass the time in airport lounges, Paul Lancaster sometimes goes ferreting for interesting electronic trash.
Checking out the contents of the deleted documents folder on public PCs could be considered work-related research for Lancaster, who is Pacific director of systems engineering for IT security company Symantec.
On one occasion he found a highly sensitive strategy document authored by management of a public company.
One of Lancaster's colleagues says he helped out recently when a high-profile New Zealand executive fell victim to a potentially damaging cyber-spying attack.
A keystroke-logging virus had infected the executive's laptop and was attempting to export a 40MB file containing all his recent communications back to its shadowy creators when IT staff at his company noticed the problem.
Symantec suspects the perpetrators were teenagers randomly trawling for online gaming login codes and had no idea of the identity of the person they had stumbled across. But if the data file had reached the company's competitors, it could have seriously damaged the business.
These examples of IT security lapses illustrate a wider problem facing businesses: their vulnerability to losing sensitive data through a combination of increased staff use of mobile computing, more off-site working and tempting access to unsecured internet connections.
A global study by internet technology company Cisco found that while the number of teleworkers continues to grow by more than 4 per cent year-on-year, technology managers believe these remote staff are becoming more lax about IT security.
Many remote workers polled in the survey admitted opening email attachments from unknown or suspicious sources - a prime cause of virus infections.
Many said they used their work-supplied computer for personal use or shared it with friends or family. Twelve per cent said they hijacked their neighbour's wireless internet connection to go online.
"This research stresses the point that managing corporate security is part technology, part process, part awareness, education and communication," said Cisco's chief security officer, John Stewart.
"It's often more of a human challenge than a technical one."
Eric Krieger, New Zealand manager for web security company Secure Computing, describes the remote working trend as every chief information officer's nightmare.
"It can pose substantial security risks by introducing an exponential number of security backdoors," he says.
"If even one of these goes `unlocked', the fallout from a security breach could represent anything from the theft of sensitive data to millions of dollars worth of damage.
"Unfortunately, most companies are so focused on the implementation of remote access that they forget to secure such a massive infrastructure."
Corporate IT security is big business. IT research firm IDC estimates New Zealand and Australian businesses spent $1 billion last year on security solutions, and that the figure will double to $2 billion by 2012.
Vendors never hold back from passing around dire predictions about the fate of the unprotected, but
they are not being overly dramatic when they predict it is just a matter of time before a New Zealand company suffers a major instance of data loss significant enough to hurt it financially or even put it out of business.
"With popular gadgets like iPhones, iPods and Blackberries becoming commonplace and Web 2.0 technology like Wikis, RSS feeds, blogs, social networking and other interactive technologies infiltrating the workplace, the risk of security breaches and data leakage are now greater than ever before," says IDC security analyst Patrik Bihammar.
