Risks
Hardly a week goes by without news of how the phone calls or emails of some high-profile company have been intercepted. Leaked data can be embarrassing but, more importantly, can damage a company's reputation. Company Executives and Managers are frequent travellers, both as private individuals and as representatives of their company at home and abroad and generally they use laptops and mobile phones as a communication tool. The default status of such devices means they are often insecure and unless the ‘holes’ are plugged, it is relatively easy for someone to intercept a phone call, text message, email or even steal a laptop and/or a memory stick and extract sensitive company data.
The media are constantly on the lookout for businessmen/women, high-profile or otherwise, who inadvertently lose their data and in so-doing put their company at risk. These days laptops, USB sticks and mobile phones are part and parcel of travelling and usually they are not adequately protected. Unprotected company calls, text messages and emails contain all sorts of confidential information which, once leaked publicly or to a rival, can have a devastating to both a personal reputation and a company's standing. If, for example an accountant, lawyer or store manager loses his or her accounts or customer records, what will they do? Customers may be lost with a resulting loss of income and a tarnished reputation ... it's an alarming statistic but 80 percent of businesses affected by a major data loss either never re-open or close within 18 months
Data Recovery:
Companies routinely shred unwanted paper documents but do nothing about data (which is, after all, invisible) ... it just sits there on CDs, DVDs, tapes, floppies, USB flash drives, USB hard drives and inside laptop and desktop hard drives. Out of sight, out of mind. Unwanted data, perhaps comprising thousands of confidential files, should be 'shred' just like paper.
Data often 'leaks' from old equipment, mainly laptop and desktop hard. In 2011 it was reported that child protection data from the United States was found in a Nigerian dump site; Kessler International reported that over 40 percent of hard drives listed for sale on eBay contained confidential data. The problem is when you sell a laptop, desktop or hard drive all data needs to be removed. It is a common myth that formatting a hard drive before selling or disposal is sufficient ... it is not! All hard drives should be erased professionally to ensure that no data is present before disposal, donation or resale.
Email Communication:
In the news we frequently hear about email hacking. Two problems exist: someone can hack into company email accounts to access all received and sent mail or an email can be intercepted as it travels. Email is the main communication tool of the 21st century however, with the ease and popularity of this form of technology, it also exposes users to hacking or interception. Recently, a UK Government Minister claimed that emails were “... as secure as a postcard”; somebody else observed that nothing should be included in an email “... that you wouldn’t want to see on the evening news”.
It is no surprise therefore that businesses are confused about whether or not emails provide a safe and secure form of communication, internally and externally.
Generally, emails are transmitted in clear text with no encryption. An email travels through thousands of miles of cables and across many networks before it reaches the server and its intended recipient ... and all within the space of a few seconds. Those with criminal intent are able to install a so-called ‘sniffer’ at any location, such as an ISP, an internet café or a company’s network, thus making it possible to intercept or record emails and any other data passing through.
Mobile Phone Communication:
Everyone has a mobile phone these days, many businessmen/women have more than one.
Day-to-day Businesses use the mobile for everything from routine calls to discussing highly sensitive business information, deals and contracts. How do we know if someone is listening in? We don't! Governments around the world have the facility to eavesdrop on mobile phone calls and text messages; in addition, legally or not, some individuals also own gsm interception devices.
It is disturbing that a first-world, stable Western nation has admitted to listening in on mobile calls. And how do we know this practice isn’t still on-going?. The more unethical, corrupt, authoritarian or unstable a country is, the more chance of interception … you could be discussing a large deal with your board of management and a rival finds out and wins the race to the contract. Of course you don’t know if someone has or will ever intercept a call, but you should assume it's happening and protect yourself. Similar problems also exist around VOIP and landline communication.
Laptops and Removable Media:
When people are considering laptop security, the solution is generally to add in a firewall and antivirus suite. These days, however, there are far more threats than just hackers and viruses. The one threat that usually grabs the headlines more than online hacking is the physical threat. Why try to hack into a laptop when it can be lost or stolen from a hotel room, car boot or house? This also applies to removable media with data such as USB drives, USB hard drives, memory cards, CDs and DVDs.
The problem is not the laptop itself, a laptop can be bought for £300 to £1000, the data on it is the problem. You may have a back-up but no one wants their confidential and sensitive business information leaking out. Many people assume that a laptop’s password delivers security – this is a myth. A password can be bypassed in several different ways.
There is also a financial risk when companies lose data ... they can be fined if data leaks from a poorly secured laptop or removable media.
Staff:
Many companies spend on the digital equivalent of ten-foot security fences; including biometrics, firewalls, antivirus scanners and encryption, but fail where it matters most – human error.
Paradoxically, advanced security software can often lead to a lax attitude towards security among staff, but as the old maxim goes, 'security is only as strong as its weakest link'.
Companies regularly receive phishing emails and emails with viruses, but how often are staff trained to delete these and not to be curious? Social engineering is also a problem when an outsider uses his social skills to manipulate staff by, for example, pretending to be a manager or an IT technician to gain details of passwords or files. In such cases only sound education and training can offer proper protection. In fact, a recent survey of 700 UK workers revealed that 64 percent of them had received no training on IT security issues.
Integrity:
In the non-cyber world we verify contracts and cheques with hand-written signatures; only the signatory can tell if he or she signed it or if anyone has tried tamper with or even forge the signature. Every day companies send and/or receive emails and documents (Word, Excel, PowerPoint etc). How do we know the email has not been forged or a company contract worth millions has not been tampered with? The simple answer is that the average person would not know whether or not the email or document was authentic or had been edited in some way.
Imagine if someone emailed you a contract worth, say, £5 million and a few weeks later you opened up the email attachment and the figures had changed. It would be difficult to tell if it had been edited, still harder to prove. Fabricating emails to look like someone else’s is relatively simple and it can be hard to tell whether or not the source is genuine.
Data Loss:
In the 21st century companies and individuals alike rely heavily on computers for business and personal life. Photos, letters, customer records are no longer entirely printed and stored in a cabinet. Ten plus years ago documents were stored throughout offices, homes and within files. This meant documents were spread out and not stored in one location.
If a home-user loses all of his or her photos or videos, life will probably go on. If an accountant, lawyer or shop owner loses their accounts or customer records what will they do? Customers may be lost or your income may drop dramatically. Eighty percent of businesses affected by a major data loss either never re-open or close within 18 months.
The media are constantly on the lookout for businessmen/women, high-profile or otherwise, who inadvertently lose their data and in so-doing put their company at risk. These days laptops, USB sticks and mobile phones are part and parcel of travelling and usually they are not adequately protected. Unprotected company calls, text messages and emails contain all sorts of confidential information which, once leaked publicly or to a rival, can have a devastating to both a personal reputation and a company's standing. If, for example an accountant, lawyer or store manager loses his or her accounts or customer records, what will they do? Customers may be lost with a resulting loss of income and a tarnished reputation ... it's an alarming statistic but 80 percent of businesses affected by a major data loss either never re-open or close within 18 months
Data Recovery:
Companies routinely shred unwanted paper documents but do nothing about data (which is, after all, invisible) ... it just sits there on CDs, DVDs, tapes, floppies, USB flash drives, USB hard drives and inside laptop and desktop hard drives. Out of sight, out of mind. Unwanted data, perhaps comprising thousands of confidential files, should be 'shred' just like paper.
Data often 'leaks' from old equipment, mainly laptop and desktop hard. In 2011 it was reported that child protection data from the United States was found in a Nigerian dump site; Kessler International reported that over 40 percent of hard drives listed for sale on eBay contained confidential data. The problem is when you sell a laptop, desktop or hard drive all data needs to be removed. It is a common myth that formatting a hard drive before selling or disposal is sufficient ... it is not! All hard drives should be erased professionally to ensure that no data is present before disposal, donation or resale.
Email Communication:
In the news we frequently hear about email hacking. Two problems exist: someone can hack into company email accounts to access all received and sent mail or an email can be intercepted as it travels. Email is the main communication tool of the 21st century however, with the ease and popularity of this form of technology, it also exposes users to hacking or interception. Recently, a UK Government Minister claimed that emails were “... as secure as a postcard”; somebody else observed that nothing should be included in an email “... that you wouldn’t want to see on the evening news”.
It is no surprise therefore that businesses are confused about whether or not emails provide a safe and secure form of communication, internally and externally.
Generally, emails are transmitted in clear text with no encryption. An email travels through thousands of miles of cables and across many networks before it reaches the server and its intended recipient ... and all within the space of a few seconds. Those with criminal intent are able to install a so-called ‘sniffer’ at any location, such as an ISP, an internet café or a company’s network, thus making it possible to intercept or record emails and any other data passing through.
Mobile Phone Communication:
Everyone has a mobile phone these days, many businessmen/women have more than one.
Day-to-day Businesses use the mobile for everything from routine calls to discussing highly sensitive business information, deals and contracts. How do we know if someone is listening in? We don't! Governments around the world have the facility to eavesdrop on mobile phone calls and text messages; in addition, legally or not, some individuals also own gsm interception devices. It is disturbing that a first-world, stable Western nation has admitted to listening in on mobile calls. And how do we know this practice isn’t still on-going?. The more unethical, corrupt, authoritarian or unstable a country is, the more chance of interception … you could be discussing a large deal with your board of management and a rival finds out and wins the race to the contract. Of course you don’t know if someone has or will ever intercept a call, but you should assume it's happening and protect yourself. Similar problems also exist around VOIP and landline communication.
Laptops and Removable Media:
When people are considering laptop security, the solution is generally to add in a firewall and antivirus suite. These days, however, there are far more threats than just hackers and viruses. The one threat that usually grabs the headlines more than online hacking is the physical threat. Why try to hack into a laptop when it can be lost or stolen from a hotel room, car boot or house? This also applies to removable media with data such as USB drives, USB hard drives, memory cards, CDs and DVDs.
The problem is not the laptop itself, a laptop can be bought for £300 to £1000, the data on it is the problem. You may have a back-up but no one wants their confidential and sensitive business information leaking out. Many people assume that a laptop’s password delivers security – this is a myth. A password can be bypassed in several different ways.
There is also a financial risk when companies lose data ... they can be fined if data leaks from a poorly secured laptop or removable media.
Staff:
Many companies spend on the digital equivalent of ten-foot security fences; including biometrics, firewalls, antivirus scanners and encryption, but fail where it matters most – human error.
Paradoxically, advanced security software can often lead to a lax attitude towards security among staff, but as the old maxim goes, 'security is only as strong as its weakest link'.
Companies regularly receive phishing emails and emails with viruses, but how often are staff trained to delete these and not to be curious? Social engineering is also a problem when an outsider uses his social skills to manipulate staff by, for example, pretending to be a manager or an IT technician to gain details of passwords or files. In such cases only sound education and training can offer proper protection. In fact, a recent survey of 700 UK workers revealed that 64 percent of them had received no training on IT security issues.
Integrity:
In the non-cyber world we verify contracts and cheques with hand-written signatures; only the signatory can tell if he or she signed it or if anyone has tried tamper with or even forge the signature. Every day companies send and/or receive emails and documents (Word, Excel, PowerPoint etc). How do we know the email has not been forged or a company contract worth millions has not been tampered with? The simple answer is that the average person would not know whether or not the email or document was authentic or had been edited in some way.
Imagine if someone emailed you a contract worth, say, £5 million and a few weeks later you opened up the email attachment and the figures had changed. It would be difficult to tell if it had been edited, still harder to prove. Fabricating emails to look like someone else’s is relatively simple and it can be hard to tell whether or not the source is genuine.
Data Loss:
In the 21st century companies and individuals alike rely heavily on computers for business and personal life. Photos, letters, customer records are no longer entirely printed and stored in a cabinet. Ten plus years ago documents were stored throughout offices, homes and within files. This meant documents were spread out and not stored in one location.
If a home-user loses all of his or her photos or videos, life will probably go on. If an accountant, lawyer or shop owner loses their accounts or customer records what will they do? Customers may be lost or your income may drop dramatically. Eighty percent of businesses affected by a major data loss either never re-open or close within 18 months.