90 likes | 198 Views
Lack of Security in Hotspots/Wi Fi Areas. Yin Wai ISM 158 4/27/10. Hot Spot Dangers?. Increased dependence on laptops, smart phones, and other portable devices Personal and professional information are exposed when an employee logs onto Wi-Fi hotspots
E N D
Lack of Security in Hotspots/Wi Fi Areas Yin Wai ISM 158 4/27/10
Hot Spot Dangers? Increased dependence on laptops, smart phones, and other portable devices Personal and professional information are exposed when an employee logs onto Wi-Fi hotspots Public access point - on someone else's network with no control of who else is using it People who know how to look for unencrypted information can gain access to all your data Threat of a hacker
How easy is information attained? "Ryan Crumb, director of information security for PricewaterhouseCoopers Advisory Services, has seen all sorts of information gleaned from hot spots -- including Social Security numbers, corporate financial data and information about M&A deals -- that was never meant for him to see. Sometimes Crumb deliberately looks to see what unprotected data is traveling over the network in public spaces."
Create and enforce strong verification policies for devices trying to access the corporate network Require employees to use a corporate VPN (virtual private network) and encryption when making a connection and exchanging data What can IT do?
What can IT do? cont. • Make sure all devices and software applications are configured properly and have the latest patches. • Ensure that corporate security policies prevent workers from transferring sensitive data to mobile devices or unauthorized computers. • Use air cards, which require a service plan, instead of hot spots for wireless connections.
Difficulties • Consumertization of IT - High demand to work from personal laptops and smart phones • Not enough protection to prevent employees from e-mailing data back to a home office through Wi-Fi hotspots • Cost - Needing VPN (virtual private network)
Statistics • Through a 2009 study, the average cost of a data breech was $6.75 mill • 42% of data breeches were the cause of the third-party • 36% of these were due to lost/stolen devices • 24% were due to a criminal attack that resulted in theft of data
Statistics cont. • 67% of these 45 organizations started to use training and awareness programs • 58% used manual procedures and controls • 58% expanded their use of encryption
Sources http://www.computerworld.com/s/article/9175780/Hot_spot_dangers_That_Internet_cafe_could_cost_ you_way_more_than_a_cup_of_coffee_ http://en.wikipedia.org/wiki/PricewaterhouseCoopers http://www.pwc.com/us/en/it-risk-security/index.jhtml