Hot spot dangers: That Internet cafe could cost you way more than a cup of coffee
Computerworld - Security experts say that employees are increasingly exposing personal and professional information unknowingly as they log in at Wi-Fi hot spots. Although these breaches haven't yet made big headlines, given corporate America's increasing reliance on smartphones, laptops and other portable devices, it's only a matter of time, experts say.
Ryan Crum, director of information security for PricewaterhouseCoopers Advisory Services, has seen all sorts of information gleaned from hot spots -- including Social Security numbers, corporate financial data and information about M&A deals -- that was never meant for him to see. Sometimes Crum deliberately looks to see what unprotected data is traveling over the network in public spaces.
"It's an inherent problem with being on a public space," he says.
Crum, who works with clients to find and fix security weaknesses, says it's not hard to find such data, as it's often heading in and out of hot spots via e-mail.
"Hot spots are great for the coffee shops, but people conducting business have to understand it's their responsibility to protect themselves. They might as well be putting it on a billboard and run down the street," says CISSP Marc Noble, director of government affairs at (ISC)2, a nonprofit organization that educates and certifies information security professionals.
Most employees 'uninformed'
While many techies are aware of the risks of these so-called black holes and what it takes to minimize them, security leaders say the average worker isn't as well informed, leaving valuable data vulnerable.
"It's a hard challenge to fix, because users want to be mobile. They want to use any device to get to their spreadsheets or their presentations at these hot spots," Crum says. "But all it takes is one vulnerable laptop to tarnish a whole company. All it takes is one misconfigured machine."
Crum, like others, says it's not any particular computing device that presents the problem. Rather, he says, it's a combination of factors that makes hot spots problematic for data protection.
One problem is the hot spot itself, and Crum says it's not just the wireless ones but even wired Internet connections that can be danger zones.
"The danger is the public access point. The risk is being on someone's network that you don't control," he explains. "When you're on a public network, it's like being on the Internet without being protected. You don't know who your neighbor is."
- Assessing ROI for Mobile Acceleration Clients This EMA® paper examines the business case for deploying mobile WAN optimization client software and builds a ROI model based on the experiences...
- The Apple-ization of the Enterprise: Understanding IT's New World Read this paper for how to tackle Apple-ization (and the related consumerization of IT and Bring Your Own Device/BYOD).
- A Practical Introduction to Enterprise Mobility Management Read the white paper to better understand the basic concepts within mobility management and to learn how you can apply EMM technology to...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy...
- Mobile Security: Containerizing Enterprise Data In this on-demand webinar, Fixmo's Lee Cocking, VP of corporate strategy, explains why Apple-ization trends like mobility and "bring-your-own-device" (BYOD) are driving the... All Mobile/Wireless White Papers | Webcasts
Our new weekly Consumerization of IT newsletter covers a wide range of trends including BYOD, smartphones, tablets, MDM, cloud, social and what it all means for IT. Subscribe now and stay up to date!