The of­fice on the move con­sists of lap­tops, mo­bile phones and a place – some­times any place – to con­nect

The of­fice on the move con­sists of lap­tops, mo­bile phones and tablets – and a place, some­times any place, to stop and con­nect

Business Traveler (USA) - - INSIDE - By Cle­ment Huang

Road war­riors are used to ac­cess­ing net­works at the air­port and in-flight, in a ho­tel room, lobby or busi­ness cen­ter, log­ging on at con­ven­tion busi­ness spa­ces, and check­ing e-mails in public ar­eas that of­fer WiFi hotspots. Un­for­tu­nately, the free­dom af­forded by greater mo­bil­ity and con­nec­tiv­ity also ex­poses peo­ple to an in­creas­ing ar­ray of se­cu­rity threats, in­clud­ing viruses, data breaches and in­dus­trial es­pi­onage.

The good news is height­ened vig­i­lance and sim­ple pre­cau­tions can pro­tect busi­ness trav­el­ers from at least some of the per­ils of work­ing on the road.

Net­work Wor­ries

When leav­ing the of­fice, you’re at your most vul­ner­a­ble. Log­ging on out­side of a safe work en­vi­ron­ment es­sen­tially leaves you at the mercy of the net­work you’re con­nected to, and in terms of se­cu­rity, it’s usu­ally weaker than what you left be­hind.

“There’s an ex­pec­ta­tion that peo­ple re­main con­nected at all times, and there­fore busi­ness is con­ducted in these en­vi­ron­ments. Be­cause of that, there is a huge busi­ness risk,” says Michael Or­mis­ton, coun­try man­ager, Hong Kong, for global workspace provider Re­gus.

Us­ing an un­se­cure wire­less In­ter­net con­nec­tion leaves your com­mu­ni­ca­tion open to eavesdropping. Any­thing sent over such a con­nec­tion, in­clud­ing credit card de­tails and e-mails, could be in­ter­cepted.

To com­bat such dan­gers, only use se­cured net­works that en­crypt the data trans­mit­ted, make sure your fire­wall is turned on and al­ways use an anti-virus pro­gram.

Pri­vacy Pro­tec­tion

It’s not just un­se­cured net­works that are the prob­lem; work­ing in public poses a dif­fer­ent range of se­cu­rity risks. Or­mis­ton points to a 2014 Re­gus sur­vey of 22,000 busi­ness trav­el­ers across some 100 coun­tries, ask­ing their views on pri­vacy.

Re­spon­dents ranked cafés (59 per­cent) as of­fer­ing the least pri­vacy, fol­lowed by ho­tel bars and lounges (50 per­cent), air­planes (46 per­cent) and air­line lounges (44 per­cent).

Busi­ness trav­el­ers’ top con­cern was that such public places made it easy for oth­ers to sneak a peek at con­fi­den­tial in­for­ma­tion on lap­top screens or other de­vices.

To avoid would-be snoop­ers, Re­gus pro­vides pri­vate work­ing ar­eas in public places, in­clud­ing at air­ports, such as Lon­don’s Heathrow Air­port.

“With over 3,000 lo­ca­tions world­wide, we op­er­ate busi­ness lounges that fea­ture a prod­uct known as the ‘think­pod.’ It has been de­signed in a way where, un­less you’re stand­ing on top of some­one, you’re guar­an­teed pri­vacy in the work that you do,” says Or­mis­ton.

Many air­port lounges pro­vide sim­i­lar “work cu­bi­cles.” For ex­am­ple Sin­ga­pore Air­lines’ pro­duc­tiv­ity pods and the sig­na­ture hon­ey­comb-style booths at the Plaza Pre­mium Lounge.

Another op­tion is to con­sider in­vest­ing in a pri­vacy screen pro­tec­tor. These are fil­ters that are stuck onto screens that ef­fec­tively re­duce the view­ing an­gle, thereby pre­vent­ing the screen from be­ing viewed from the side.

Sticky Prob­lem

The USB drive poses another big se­cu­rity risk. These prod­ucts are pop­u­lar give­aways at con­ven­tions and events. Small, cheap to pro­duce and highly por­ta­ble, it’s not sur­pris­ing they’re passed around fre­quently. But, un­for­tu­nately, they may con­tain an un­wel­come gift in the form of mal­ware.

Ma­li­cious soft­ware de­liv­ered through USB flash drives could al­low hack­ers deep in­side the com­puter giv­ing them ac­cess to all the data it con­tains.

“USBs are very well known for their abil­ity to trans­fer ma­li­cious files, and these are no longer just lim­ited to desk­tops and lap­tops, but to tablets that al­low USB de­vices to be at­tached,” says Dino Soe­pono, di­rec­tor of en­ter­prise mo­bil­ity Asia-Pa­cific at soft­ware com­pany Citrix.“And it is these con­sumer tech­nol­ogy de­vices that are par­tic­u­larly vul­ner­a­ble due to many of them be­ing fairly new to the mar­ket.”

This was demon­strated by a USB firmware hack called BadUSB, which was un­veiled at the Black Hat Brief­ings com­puter se­cu­rity con­fer­ence in Las Ve­gas in Au­gust last year. BadUSB was de­vel­oped to show how a USB flash drive could be re­pro­grammed to take con­trol of a com­puter, in­fil­trate data or spy on the user.

The hack, cre­ated by se­cu­rity re­searchers Karsten Nohl and Jakob Lell, was ca­pa­ble of com­pro­mis­ing a full sys­tem with­out be­ing de­tected by cur­rent de­fenses. It acts as a wake-up call for any­one who con­sid­ers USBs to be safe.

Another key prob­lem with USB de­vices is that they are easily lost or stolen, some­times with dire re­sults.

On Feb. 18, 2014 a phar­macy staff mem­ber at Hong Kong’s Queen El­iz­a­beth Hos­pi­tal mis­placed a USB drive con­tain­ing the per­sonal in­for­ma­tion of some 92 pa­tients. The USB de­vice was not re­cov­ered, and the em­bar­rassed (and, per­haps, legally li­able) hos­pi­tal re­ported the case to the po­lice and the of­fice of the Pri­vacy Com­mis­sioner for Per­sonal Data.

The dan­gers high­lighted by this case need to be mit­i­gated given the wide­spread use of these de­vices, says Soe­pono. One so­lu­tion is cloud-based ser­vices, which en­able users to ac­cess in­for­ma­tion stored on re­mote servers over the In­ter­net. But even these types of ser­vices carry risks.

In Oc­to­ber last year, an Asia-Pa­cific com­pany faced a data leak when the files it stored on a pop­u­lar free file host­ing ser­vice were in­ad­ver­tently leaked through the ser­vice’s vul­ner­a­bil­i­ties.

“There were a lot of data from cor­po­ra­tions that were stored in [the host], which any­one could ba­si­cally get ac­cess to,”says Soe­pono. For this rea­son, he says com­pa­nies and em­ploy­ees should be wary of the free con­sumer data stor­age/trans­fer ser­vices that are avail­able, as they “don’t have the same se­cu­rity re­quire­ments as those specif­i­cally de­vel­oped for en­ter­prises.”

A stor­age ser­vice with these safe­guards, such as Citrix’s Workspace Cloud, en­crypts data and stores files be­hind the fire­walls of the user com­pany’s own servers. Soe­pono says it pro­vides the ef­fi­ciency of a cloud while en­sur­ing the phys­i­cal files re­main on­site in a se­cured en­vi­ron­ment.“The beauty is that you can still man­age all these files on the cloud when needed.”

Com­pa­nies also don’t have to in­vest in a lot of in­fra­struc­ture to get the ser­vice up and run­ning.

Tro­jan Horses

Yet even more se­cu­rity risks are posed by the grow­ing preva­lence of “bring your own de­vice”( BYOD) to work, where em­ploy­ees use their per­sonal de­vices in the work­place, in­clud­ing the ac­cess­ing of priv­i­leged in­for­ma­tion. This dan­ger­ous trend is par­tic­u­larly prom­i­nent in small and medium-sized en­ter­prises, where re­sources may be more lim­ited.

Hav­ing work­ers’ per­sonal de­vices con­nected to a com­pany’s net­work can pose sev­eral risks, one of the big­gest be­ing the loss or theft of busi­ness-crit­i­cal in­for­ma­tion, says Tony Lee, a con­sul­tant at Trend Mi­cro Hong Kong, an In­ter­net con­tent se­cu­rity com­pany.

“When em­ploy­ees use their per­sonal de­vice for work-re­lated pur­poses, any work-re­lated data stored in that de­vice could be com­pro­mised if the de­vice is lost and/or stolen,” he says.

“A par­tic­u­larly malev­o­lently in­clined in­di­vid­ual could get hold of the stolen in­for­ma­tion and ei­ther pub­lish it online for ev­ery­one – and that in­cludes your cus­tomers, in­vestors and stake­hold­ers – or sell it to the high­est bid­der. This could se­verely im­pact a busi­ness’ oper­a­tions and fi­nances, depend­ing on the in­for­ma­tion lost.”

Ac­cord­ing to Robert Guice, ex­ec­u­tive vice pres­i­dent of Shredit EMEA, a data de­struc­tion com­pany,“We live in an age where tech­no­log­i­cal ad­vance­ment and chang­ing em­ployee de­mands al­low for more flex­i­ble work op­tions. How­ever un­der­stand­ing how this re­lates to data pri­vacy is cru­cial. And it is im­por­tant, now more than ever, for com­pa­nies to be proac­tive in ad­dress­ing this through clear cut poli­cies and pro­ce­dures that mit­i­gate po­ten­tial risks of data breach and en­sure peace of mind.”

Ac­cord­ing to Trend Mi­cro re­search, mo­bile threats con­tinue to grow at an even faster pace, with the ex­plo­sion in the num­ber of mo­bile mal­ware and high-risk apps. The in­tro­duc­tion of repack­aged apps – those that have been ma­li­ciously tam­pered with to pass An­droid’s’ se­cu­rity fea­tures – also con­trib­uted to the huge spike in mo­bile mal­ware and high-risk app vol­ume growth.

“Tap­ping un­se­cure con­sumer apps while us­ing/shar­ing busi­ness in­for­ma­tion, em­ploy­ees will (of­ten un­know­ingly) put their com­pa­nies at risk of ma­jor data breaches, loss of valu­able data and com­pany IP, and po­ten­tially large fi­nan­cial losses,” says David Lavenda, VP prod­uct strat­egy at har­mon.ie, quoted in the En­ter­prise Mo­bil­ity Ex­change re­port en­ti­tled The Seven Deadly Sins of En­ter­prise Mo­bil­ity. “The busi­ness risks of un­sanc­tioned con­sumer apps are real: data leak­age, loss of con­trol over cor­po­rate as­sets, and a gen­eral lapse in gov­er­nance and com­pli­ance.”

Lee says or­ga­ni­za­tions should use com­mon sense, as well as im­ple­ment poli­cies to mit­i­gate the risks posed by BYOD, which could in­clude points such as: Ac­cept­able de­vices or op­er­at­ing sys­tems to be used by em­ploy­ees; Best prac­tices for pro­tect­ing com­pany in­for­ma­tion stored/ac­cess via mo­bile de­vices;

Puni­tive con­se­quences for the com­pany if data are not prop­erly main­tained; Other cor­po­rate BYOD guide­lines spe­cific to the oper­a­tions of the in­di­vid­ual busi­ness. In ad­di­tion to an of­fice strat­egy, pass­word pro­tec­tion and en­cryp­tion are no-brain­ers for any smart­phone, tablet or lap­top. If stolen or lost, the data stored on de­vices would be in­ac­ces­si­ble to some ex­tent. Like­wise new fin­ger­print recog­ni­tion se­cu­rity fea­tures like the iPhone’s touch ID sys­tem are a step for­ward.

Other use­ful se­cu­rity fea­tures in­clude the abil­ity to re­motely wipe mo­bile de­vices of data. Mac de­vices that sup­port the“Find My iPhone”ser­vice can be tracked re­motely and wiped in the event that the de­vice is lost or stolen. An­droid de­vices and Citrix’s Workspace Cloud ser­vice have sim­i­lar func­tion­al­ity.

Other tips are ob­vi­ous but again worth men­tion­ing, say the ex­perts. Only use of­fi­cial plat­forms when down­load­ing apps, and make use of mo­bile man­age­ment so­lu­tions such as end­point se­cu­rity soft­ware, which will mon­i­tor your de­vices around the clock for anoma­lous ac­tiv­ity.

How­ever con­ve­nient, apps, in par­tic­u­lar those on An­droid, may seem in­no­cently harm­less but can easily con­tain ma­li­cious fea­tures. Ex­er­cise cau­tion when down­load­ing any app, says Lee, and pay at­ten­tion to the app’s name and pub­lisher, and care­fully re­view the app’s per­mis­sions. BT

This page: Re­gus busi­ness lounge; Op­po­site page: Nov­elty USB Drives; Re­gus Think­pod

Newspapers in English

Newspapers from Canada

© PressReader. All rights reserved.