The office on the move consists of laptops, mobile phones and a place – sometimes any place – to connect
The office on the move consists of laptops, mobile phones and tablets – and a place, sometimes any place, to stop and connect
Road warriors are used to accessing networks at the airport and in-flight, in a hotel room, lobby or business center, logging on at convention business spaces, and checking e-mails in public areas that offer WiFi hotspots. Unfortunately, the freedom afforded by greater mobility and connectivity also exposes people to an increasing array of security threats, including viruses, data breaches and industrial espionage.
The good news is heightened vigilance and simple precautions can protect business travelers from at least some of the perils of working on the road.
When leaving the office, you’re at your most vulnerable. Logging on outside of a safe work environment essentially leaves you at the mercy of the network you’re connected to, and in terms of security, it’s usually weaker than what you left behind.
“There’s an expectation that people remain connected at all times, and therefore business is conducted in these environments. Because of that, there is a huge business risk,” says Michael Ormiston, country manager, Hong Kong, for global workspace provider Regus.
Using an unsecure wireless Internet connection leaves your communication open to eavesdropping. Anything sent over such a connection, including credit card details and e-mails, could be intercepted.
To combat such dangers, only use secured networks that encrypt the data transmitted, make sure your firewall is turned on and always use an anti-virus program.
It’s not just unsecured networks that are the problem; working in public poses a different range of security risks. Ormiston points to a 2014 Regus survey of 22,000 business travelers across some 100 countries, asking their views on privacy.
Respondents ranked cafés (59 percent) as offering the least privacy, followed by hotel bars and lounges (50 percent), airplanes (46 percent) and airline lounges (44 percent).
Business travelers’ top concern was that such public places made it easy for others to sneak a peek at confidential information on laptop screens or other devices.
To avoid would-be snoopers, Regus provides private working areas in public places, including at airports, such as London’s Heathrow Airport.
“With over 3,000 locations worldwide, we operate business lounges that feature a product known as the ‘thinkpod.’ It has been designed in a way where, unless you’re standing on top of someone, you’re guaranteed privacy in the work that you do,” says Ormiston.
Many airport lounges provide similar “work cubicles.” For example Singapore Airlines’ productivity pods and the signature honeycomb-style booths at the Plaza Premium Lounge.
Another option is to consider investing in a privacy screen protector. These are filters that are stuck onto screens that effectively reduce the viewing angle, thereby preventing the screen from being viewed from the side.
The USB drive poses another big security risk. These products are popular giveaways at conventions and events. Small, cheap to produce and highly portable, it’s not surprising they’re passed around frequently. But, unfortunately, they may contain an unwelcome gift in the form of malware.
Malicious software delivered through USB flash drives could allow hackers deep inside the computer giving them access to all the data it contains.
“USBs are very well known for their ability to transfer malicious files, and these are no longer just limited to desktops and laptops, but to tablets that allow USB devices to be attached,” says Dino Soepono, director of enterprise mobility Asia-Pacific at software company Citrix.“And it is these consumer technology devices that are particularly vulnerable due to many of them being fairly new to the market.”
This was demonstrated by a USB firmware hack called BadUSB, which was unveiled at the Black Hat Briefings computer security conference in Las Vegas in August last year. BadUSB was developed to show how a USB flash drive could be reprogrammed to take control of a computer, infiltrate data or spy on the user.
The hack, created by security researchers Karsten Nohl and Jakob Lell, was capable of compromising a full system without being detected by current defenses. It acts as a wake-up call for anyone who considers USBs to be safe.
Another key problem with USB devices is that they are easily lost or stolen, sometimes with dire results.
On Feb. 18, 2014 a pharmacy staff member at Hong Kong’s Queen Elizabeth Hospital misplaced a USB drive containing the personal information of some 92 patients. The USB device was not recovered, and the embarrassed (and, perhaps, legally liable) hospital reported the case to the police and the office of the Privacy Commissioner for Personal Data.
The dangers highlighted by this case need to be mitigated given the widespread use of these devices, says Soepono. One solution is cloud-based services, which enable users to access information stored on remote servers over the Internet. But even these types of services carry risks.
In October last year, an Asia-Pacific company faced a data leak when the files it stored on a popular free file hosting service were inadvertently leaked through the service’s vulnerabilities.
“There were a lot of data from corporations that were stored in [the host], which anyone could basically get access to,”says Soepono. For this reason, he says companies and employees should be wary of the free consumer data storage/transfer services that are available, as they “don’t have the same security requirements as those specifically developed for enterprises.”
A storage service with these safeguards, such as Citrix’s Workspace Cloud, encrypts data and stores files behind the firewalls of the user company’s own servers. Soepono says it provides the efficiency of a cloud while ensuring the physical files remain onsite in a secured environment.“The beauty is that you can still manage all these files on the cloud when needed.”
Companies also don’t have to invest in a lot of infrastructure to get the service up and running.
Yet even more security risks are posed by the growing prevalence of “bring your own device”( BYOD) to work, where employees use their personal devices in the workplace, including the accessing of privileged information. This dangerous trend is particularly prominent in small and medium-sized enterprises, where resources may be more limited.
Having workers’ personal devices connected to a company’s network can pose several risks, one of the biggest being the loss or theft of business-critical information, says Tony Lee, a consultant at Trend Micro Hong Kong, an Internet content security company.
“When employees use their personal device for work-related purposes, any work-related data stored in that device could be compromised if the device is lost and/or stolen,” he says.
“A particularly malevolently inclined individual could get hold of the stolen information and either publish it online for everyone – and that includes your customers, investors and stakeholders – or sell it to the highest bidder. This could severely impact a business’ operations and finances, depending on the information lost.”
According to Robert Guice, executive vice president of Shredit EMEA, a data destruction company,“We live in an age where technological advancement and changing employee demands allow for more flexible work options. However understanding how this relates to data privacy is crucial. And it is important, now more than ever, for companies to be proactive in addressing this through clear cut policies and procedures that mitigate potential risks of data breach and ensure peace of mind.”
According to Trend Micro research, mobile threats continue to grow at an even faster pace, with the explosion in the number of mobile malware and high-risk apps. The introduction of repackaged apps – those that have been maliciously tampered with to pass Android’s’ security features – also contributed to the huge spike in mobile malware and high-risk app volume growth.
“Tapping unsecure consumer apps while using/sharing business information, employees will (often unknowingly) put their companies at risk of major data breaches, loss of valuable data and company IP, and potentially large financial losses,” says David Lavenda, VP product strategy at harmon.ie, quoted in the Enterprise Mobility Exchange report entitled The Seven Deadly Sins of Enterprise Mobility. “The business risks of unsanctioned consumer apps are real: data leakage, loss of control over corporate assets, and a general lapse in governance and compliance.”
Lee says organizations should use common sense, as well as implement policies to mitigate the risks posed by BYOD, which could include points such as: Acceptable devices or operating systems to be used by employees; Best practices for protecting company information stored/access via mobile devices;
Punitive consequences for the company if data are not properly maintained; Other corporate BYOD guidelines specific to the operations of the individual business. In addition to an office strategy, password protection and encryption are no-brainers for any smartphone, tablet or laptop. If stolen or lost, the data stored on devices would be inaccessible to some extent. Likewise new fingerprint recognition security features like the iPhone’s touch ID system are a step forward.
Other useful security features include the ability to remotely wipe mobile devices of data. Mac devices that support the“Find My iPhone”service can be tracked remotely and wiped in the event that the device is lost or stolen. Android devices and Citrix’s Workspace Cloud service have similar functionality.
Other tips are obvious but again worth mentioning, say the experts. Only use official platforms when downloading apps, and make use of mobile management solutions such as endpoint security software, which will monitor your devices around the clock for anomalous activity.
However convenient, apps, in particular those on Android, may seem innocently harmless but can easily contain malicious features. Exercise caution when downloading any app, says Lee, and pay attention to the app’s name and publisher, and carefully review the app’s permissions. BT
This page: Regus business lounge; Opposite page: Novelty USB Drives; Regus Thinkpod