It is often said that the weakest link in the IT security chain is the human being. In our technological age it is inconceivable to travel without network tethers such as a laptop PC, mobile telephone or e-mail PDA. The road warrior is connected 24/7 to his home, corporate office/clients/partners and the Internet. What has occurred in the 21st century is that all of this technology is taken for granted, and security is never a primary issue or concern.
Over the past few months, I have heard one horror story after another about the most obvious and blatant form of security issue - reading a neighbor's laptop screen. Think about how many times on a plane, at an airport or in a restaurant, you look over and happen to read the display of someone next to you. It's only natural that our eyes wander. Most of the time the images and text are mundane, but every once in a while you recognize something that relates to your personal interest, occupation or company. In all probability, the other person doesn't know who you are or that he is committing a grave security breach.
Stories abound of mergers and acquisitions, leveraged buyout deals, real estate purchases, sales opportunities or job interviews that were successful because the competition's presentation or instant message conversation was viewed on a flight or in a coffee shop. This is not a network problem but a human problem that can be fixed by mandating corporate use on all corporate laptops of a privacy filter/privacy screen/security screen/screen guard that prevents anyone looking over your shoulder at the laptop display. Simple yet elegant.
Remember the old adage: Good fences make good neighbours. This becomes even more of a mantra when we look at road-warrior network security. That earpiece networked to your mobile phone is part of another problem. No only do we tend to talk in public at a volume that brings the entire room into our conversation, but we forget wireless technologies such as Bluetooth can be open to access unless device/user-specific identification is used for connectivity. It is possible to listen to both sides of a conversation in this manner unless the corporate user is mandated to invoke simple Bluetooth security options.
Remember the old adage: Loose lips sink ships. It is a constant source of humour to network-savvy industry analysts how PCs and other devices are open and accessible in a briefing room full of industry analysts. Using off-the-shelf software, one can not only share the connection but also record keystrokes and screen images from a laptop. This type of security issue is becoming more relevant with the proliferation of Wi-Fi public/semi-public hot spots and Wi-Fi telephones. The agreement between the start-up FON and Time Warner Cable will let home and corporate broadband customers turn their connections into public/semi-public Wi-Fi hot spots. Although popular in Europe, connection-sharing is shunned by most other US ISPs.
Connection-sharing is accomplished using a FON router (La Fonera) that splits a Wi-Fi connection into two channels: a secure, encrypted path for the FON user (Fonero) and an open public path for neighbours or passersby.
Nothing is wrong with the road warrior using public/semi-public hot spots for personal purposes. But from a corporate security standpoint, "public" anything is a problem. Personal firewall, antivirus, antispyware and VPN software should not be options for the road-warrior laptop. Use of encryption and identity verification are mandatory. Open, shared-use access should be forbidden, and any non-encrypted VoIP call over the Internet should be banned from corporate use. Draconian as this sounds, the corporate damage that could occur is even worse.
If you thought the Internet gave you some degree of freedom from security paranoia, that false sense of security came to an end on May 14, when all US broadband and VoIP providers were required by the Federal Communication Commission (FCC) to facilitate court-authorized wiretaps by intelligence and law enforcement authorities.
Remember this new adage: Security should never be an afterthought and must always be first and foremost on the mind of the road warrior.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.