Hot spot dangers: That Internet cafe could cost you way more than a cup of coffee

By Mary K. Pratt

April 20, 2010 06:00 AM ET

Computerworld - Security experts say that employees are increasingly exposing personal and professional information unknowingly as they log in at Wi-Fi hot spots. Although these breaches haven't yet made big headlines, given corporate America's increasing reliance on smartphones, laptops and other portable devices, it's only a matter of time, experts say.

Ryan Crum, director of information security for PricewaterhouseCoopers Advisory Services, has seen all sorts of information gleaned from hot spots -- including Social Security numbers, corporate financial data and information about M&A deals -- that was never meant for him to see. Sometimes Crum deliberately looks to see what unprotected data is traveling over the network in public spaces.

"It's an inherent problem with being on a public space," he says.

Steps IT can take to protect data from hot-spot dangers

Establish and enforce strong authentication policies for devices trying to access corporate networks.
Require employees to use a corporate VPN (virtual private network) and encryption when making a connection and exchanging data; better still, set up employee computers so that devices automatically connect to the VPN and encrypt data after making sure the computer or device hasn't been lost or stolen.
Make sure all devices and software applications are configured properly and have the latest patches.
Ensure that corporate security policies prevent workers from transferring sensitive data to mobile devices or unauthorized computers.
Use air cards, which require a service plan, instead of hot spots for wireless connections.

Crum, who works with clients to find and fix security weaknesses, says it's not hard to find such data, as it's often heading in and out of hot spots via e-mail.

"Hot spots are great for the coffee shops, but people conducting business have to understand it's their responsibility to protect themselves. They might as well be putting it on a billboard and run down the street," says CISSP Marc Noble, director of government affairs at (ISC)², a nonprofit organization that educates and certifies information security professionals.

Most employees 'uninformed'

While many techies are aware of the risks of these so-called black holes and what it takes to minimize them, security leaders say the average worker isn't as well informed, leaving valuable data vulnerable.

"It's a hard challenge to fix, because users want to be mobile. They want to use any device to get to their spreadsheets or their presentations at these hot spots," Crum says. "But all it takes is one vulnerable laptop to tarnish a whole company. All it takes is one misconfigured machine."

Crum, like others, says it's not any particular computing device that presents the problem. Rather, he says, it's a combination of factors that makes hot spots problematic for data protection.

One problem is the hot spot itself, and Crum says it's not just the wireless ones but even wired Internet connections that can be danger zones.

"The danger is the public access point. The risk is being on someone's network that you don't control," he explains. "When you're on a public network, it's like being on the Internet without being protected. You don't know who your neighbor is."

Comments ()

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

Additional Resources

WHITE PAPER

Enter the Security KnowledgeVault

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

WHITE PAPER

Cut Communications Costs Once and for All

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Top Stories

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Mobile and Wireless White Papers

Mobile Middleware Strategies: Learn why a mobile development platform is critical to be able to support today's complex enterprise mobility strategies. Learn what to look for...
The Evolution of Enterprise Mobile App Development: Driven by explosive growth in smartphone and tablet sales, enterprise mobility has become an essential part of business. Organizations across industries are developing...
Native & HTML5 Mobile Apps: Not an either or, but a where and when: Learn how developers are using HTML5 and native development methods to build mobile apps. Get practical insights on how these tools are being...
Enabling Remote Employees with High Quality Video: In this paper, we analyze the delivery of live and on-demand mobile video content. It focuses on specific ways in which organizations can...
What to Look For in Solutions For Mobile Device Management: Managing an increasingly mobile workforce has become one of the most challenging - and important - responsibilities for IT departments. This paper examines...

Mobile and Wireless Webcasts

The Office of Tomorrow with BlackBerry: Curious about the office of the future and how to prepare with BlackBerry solutions? This session discusses the office needs of tomorrow and...
The Changing Role of Tablets in the Enterprise: Do you understand all the capabilities and potential of the BlackBerry PlayBook tablet? BlackBerry® PlayBook™ tablet can help enterprises do business differently.

This webcast...
Security Certifications 101 - BlackBerry and all those acronyms what do they mean and why they matter?: FIPS, Common Criteria, CAPS, AISEP, NFC, NIST, Fraunhofer SIT, CESG, DSD - these are just some of the government and industry certifications which...
PlayBook Video about two Grade 6 classrooms that are using PlayBook tablets: RIM recently worked with Park Manor Public School in Elmira, ON to integrate BlackBerry PlayBook tablets in two Grade 6 classrooms. The project...
McCain Canada deployed BlackBerry PlayBook tablets with a custom application to their salesforce: McCain Foods Limited (McCain) has deployed BlackBerry® PlayBook™ tablets in order to enhance mobility within their sales force- along with a customized application...

Can prepaid smartphones save you money?

High-end smartphones without the contract headaches

Prepaid service has started to transform from a source of cheap, bottom-of-the-barrel phones into a viable outlet for compelling smartphones. Read more...

Newsletter Sign-Up

Receive the latest news test, reviews and trends on your favorite technology topics

Choose a newsletter

Mobile/Wireless Computing
Security
Operating Systems
Networking
View all newsletters | Privacy Policy

IT Jobs

See All Jobs Post a job for $295

Jobs by SimplyHired

Mobile and Wireless White Papers | All Mobile and Wireless White Papers