Mobility increases security risk

By VIKKI BLAND


The biggest data security threat to the majority of New Zealand businesses is probably the CEO or another senior manager.

Richard Bachelor, country manager for security software company Symantec, says growth in wireless internet services, wireless hot spots and a trend towards working from home is resulting in mobile users connecting to a business network before checking their mobile device is free of viruses and hacker programmes.

They walk past all the security set-ups in their business, plug in their mobile device and a security breach occurs in what was previously a secure system, says Bachelor.

So is this carelessness or just ignorance? It's probably a bit of both. There are more than 250,000 registered businesses in New Zealand, only a few hundred of which employ dedicated information technology managers.

Without an IT specialist on board, many CEOs are only vaguely aware of the importance of data security and even less adept at how it actually works. So while a CEO might insist on standard security measures for PCs on the company network and even have employees follow data security policies, a surprising number don't realise that plugging a mobile device directly into a business network can compromise data security.

Norm Kohlberger, senior regional product manager Asia Pacific for Symantec Corporation, says research shows only 70 per cent of people regularly update the antivirus software on their mobile PCs.

He says Symantec is constantly trying to raise awareness of the importance of data security and to help people understand the concept of digital wealth.

Over time, security breaches erode consumer confidence in the online model. Yet online is exactly where businesses and governments are trying to encourage people to transact and communicate, he says.

Security breaches do not always mean the introduction of a virus or hacker back door from an external source, business users and consumers often give away sensitive information unwittingly to people like phishers - criminals that extract credit card details and online passwords by pretending to be a legitimate contact like an online banking site or charity.

At least it takes a few days to empty one account into another in New Zealand. In Australia it takes seven minutes, says Kohlberger.

Brett Roberts, platform strategy manager for Microsoft New Zealand, says keeping mobile devices secure is one of the biggest data security challenges New Zealand businesses face.

The price of wireless hardware is plummeting and wireless devices are getting easier to configure. But while it is easy to get up and running, it is not easy to secure them, he says.

Roberts says keystroke loggers are possibly the most dangerous kind of spyware because they monitor each keystroke users make in the hope of picking up online passwords.

He says data security comes down to personal responsibility and no technology is 100 per cent secure.

You can't make a machine and network 100 per cent secure unless you cut the [network] cable and power cable. The person who really wants to download those fancy cursors from the internet should first realise all downloads from the net are a security risk.

Kohlberger wonders why people don't protect their data when they lock their houses.

This is digital wealth. It is intellectual property, digital photographs, financial information, competitive strategy, databases, he says.

Roberts says businesses just need to follow the three Ps - people, policy and process.

Businesses need to understand they are in the business of creating intellectual property and digital wealth and pass that message on to their people. Then they let staff know what is against the rules - their policies. Process follows - they install security software and technologies and keep them up to date.

It is all food for thought for business workers connecting to the net over a Starbucks coffee.

Be security savvy


* Understand that a wireless network doesn't stop at a building's walls - not your walls, not Starbucks walls, not the walls of Auckland Airport. Investigate a virtual private network (VPN) with your mobile communications provider.

* Realise few if any major security breaches are revealed or discussed. This lack of case studies leads many businesses into a false sense of security. Don't be one of them.

* Make someone in the business responsible for understanding and researching IT security.

* Create staff policies around using the internet and email. Learn which file extensions and downloads are a risk and make sure staff know them, too.

* and to prevent people from loading personal software on to work PCs.



Protect My PC