You wouldn’t dream of keeping your company safe open. You would certainly never think of permanently leaving your office door on the latch. But nowadays business people never truly leave their office – it travels with them in the shape of mobile phones, personal digital assistants and laptop computers.
Laptops may be increasingly indispensable but they are also vulnerable, and not simply to loss or theft.
The truth is that thousands of responsible company executives unknowingly leave confidential data and documents wide open for snoopers, criminals and cybervandals to intercept or interrupt. And an even more alarming truth is that out-of-office meetings and conferences are especially vulnerable.
Today’s conference delegate not only expects to access the occasional email on the road but to read and draft confidential documents, and perhaps even remotely connect to their server back at corporate headquarters.
Technology makes these links easy and relatively cheap but also risky.
Take a conference of 5,000 delegates attending a two-day event in a major conference centre, shuttling between their hotels, seminar rooms and plenary sessions.
You can be sure that each of them will check their emails at least once or twice a day in the course of the proceedings. When the meeting is over, they will want to get back to their hotel room and log on, respond to email queries, and pass on their sales leads, contacts and notes to head office. If their hotel is one that doesn’t offer in-room broadband they might nip down to the business centre and use one of the machines there, or find a local coffee shop or wireless hotspot in the lobby to connect.
Unfortunately, each of these activities contains a risk of information-theft or data-snooping.
An increasingly common means of electronic communication at major conference venues and hotel spaces is through wireless communication or wifi.
Many hotels and convention centres are establishing wifi broadband systems as added-value services for their clients, both in guestrooms and public spaces.
The fundamental danger is that wifi is a vulnerable open-air system. Hackers with the right software can monitor, record and interfere with wifi traffic, much as pre-digital radio hams could tune in to shipping, police and other frequencies.
Once logged on to the wifi connection, it’s even possible for a hacker to view, copy, delete or interfere with files and folders on an unprotected hard drive.
Added to this is the danger that your corporate delegates might use third-party hardware, such as a PC in the hotel business centre or an internet kiosk specially set up at the convention centre.
What too few users realise or simply forget is that not only are uploaded or downloaded files capable of interception, they can also be left behind on other computers, easily accessible to a moderately sophisticated PC user.
Freddie Lam, managing director of iBahn Asia Pacific, says: “I heard from one leading executive of how he had come across a US$5 million business proposal on a PC he was using at a hotel business centre.”
His company has often been called in to advise hotels, conference centres and corporate clients on how they can combat cyber-snooping. Clients have included such corporate giants as Intel, McDonalds and Bank of America.
One form of protection offered by iBahn is to set up a virtual command centre at a major conference site. This not only offers a secure network but also operates like a radar system, scanning the network for incoming intruders and blocking them. Lam says: ”The hackers don’t even need to be in the same building, simply within range. Sophisticated gangs have even been known to set up their own fake access points within the network radius and users unknowingly log into them exposing all their data.”
Another iBahn service is PC rental for public areas at conferences, where delegates can be reassured that not only is the network secure but special software automatically clears user data after logging off.
Lam says there is an urgent need to alert and educate the events industry on the dangers of cyber-fraud.
“The biggest problem is one of ignorance. Even regular computer users are often unaware of the dangers. It’s a matter of convincing venues, event organisers and users that they really must act immediately to protect themselves.”
iBahn Asia Pacific
Turn off filesharing. Many new computers have filesharing automatically switched on as their default factory setting
Use a firewall
Most new laptops will come bundled with one but you can upgrade to more sophisticated software, usually for less than US$100
Install an anti-virus programme
Many are free or inexpensive but the secret is to keep them updated
Upgrade your system software
System upgrades often include the latest security patches
Log out, clear up
If you have to use a business centre or a public computer, always remember to log out of your password-protected area and ensure that you clear the machine’s cache and temporary document files, where your top-secret memo may have been copied and which others could retrieve.
Who’s after your data?
It’s an old joke that business ethics is a contradiction in terms. If you represent a major corporation, how likely is it that an employee of a rival firm might, even by coincidence, share the same hotel, convention hall or business centre? If your system is unprotected, your secret sales strategy or new product blueprint could end up a topic at someone else’s meeting. Commercial espionage is as old as business itself.
These cybercrooks may not be interested in your business plans but they do want your credit-card details, passport numbers, email passwords and all manner of information you hold on your hard drive or key in when you shop on the internet or check your frequent flyer mileage, flight or hotel reservations.
While thankfully rare, some companies find themselves at the mercy of criminals or disgruntled employees who will seek to discredit or damage a firm and demand payments for the return or destruction of stolen data.
Possibly the most unpredictable of cybercriminals, these hackers don’t discriminate. They may delete or wipe data or introduce viruses simply out of a malicious sense of fun.
What’s it mean?
This software collects personal information with different techniques, including recording keystrokes, web-browsing history, and scanning documents on the computer’s
Data is scrambled and coded before it is sent, so only the designated receiver will be able to decode it. Even if the data is intercepted, it will appear as meaningless gobbledegook.
Wired Equivalent Privacy – this is the first and most basic level of protecting your wifi network. While it will deter casual snoopers, WEP systems can be cracked fairly easily by determined hackers.
WPA and WPA2
Wifi Protected Access is a more modern encryption system involving more elaborate protection.
Access points are the electronic transmission and reception points where users connect to the internet.
Virtual Private Networks can be set up allowing users a great deal of security from outside interference. However, VPNs take considerable technical know-how to set up.
The Cairns Convention Centre was put to a tough test when it hosted an annual wireless convention for IT specialists about 18 months ago.
Rochelle Uechtritz, director of sales and marketing at the Cairns Convention Centre, says: “The Institute of Electrical and Electronics Engineers’ annual wireless convention at the Cairns Convention Centre was attended by the experts who develop and approve the protocol, policies and standards for wireless technology worldwide. Our IT team was able to meet all their technical requirements.
“During other major conventions, our IT team can provide a variety of options to ensure maximum security levels are achieved. These include key-card access which adjusts security levels and system access to the conference organisers’ requirements.”