You are on the plane, settled into your seat, waiting for takeoff, and the flight crew start their dialog about flight safety. Now, if you are traveling on selected Air Canada, Air Tran, Alaska, American Airlines, Delta, Frontier, United, US Airways or Virgin America flights, the crew ends with the notification that, for a nominal fee, you too can join in the fun of surfing the web or checking your work e-mails at 30,000 feet. I don’t know about you, but my first inclination wasn’t “How wonderful!” It was more like “Oh, thanks. Now I have to worry about another avenue for entry into the network and employees having the information on their laptops snooped.”
Employee productivity is very important, and most of us security professionals work smart to get the executives to provide the example for our employees on mobile security and heed our advice about the growing threats to the business posed by the explosion of mobile applications and wireless interaction. Now, we are being invited to turn on the wireless device and plug into the network to do more work as we travel coast to coast.
For the majority of us, being mobile and having the technology available to keep us connected and enhance our productivity is a part of day-to-day life. As information technology professionals who deal with audit, information security, traditional security or that converged enterprise role of providing enterprise security risk management, we strive to balance our use of that technology to stay connected without adding risk to the enterprise due to our access rights. We have spent a lot of time putting the pieces in place to protect our road warriors by doing things like:
· Requesting that employees turn off the wireless device on the laptop before shutting down each time so that it isn’t up and running when the laptop is booted up again
· Ensuring that the enterprise-level personal firewall is always up and running
· Maintaining up-to-date virus definitions
· Encrypting the drive
· Providing laptop screen filters to ensure that people next to you don’t shoulder surf
· Asking employees to not deal with the really sensitive stuff while flying
Yes, there are other things, but I’m starting a discussion here, so please weigh in!
For those who want some good examples of what a hacker can do, take a look at “Hacking the Mobile Workforce.” It contains a number of videos created by Daniel V. Hoffman, a senior systems engineer with Fiberlink, that show a series of hacks that take advantage of vulnerabilities that may expose a mobile worker and put personal information and the corporate network at risk. This is not an endorsement—just really good information that should be shared and may also convince those who are skeptical that they need to pay attention. You will have to register to get to the demo, but it is well worth it.
Rick Withers, CISM, CPP, CAS, CHS-III
Chief Security Officer, TRC
We welcome your comments! Please log in using the Sign In button at the top right of this page and then leave your comment in the box at the end of the post.
To view all blog posts, please click the ISACA Now button in the blue box on the left.