You wouldn't dream of keeping your company safe open. You would certainly never think of permanently leaving your office door on the latch. But nowadays business people never truly leave their office – it travels with them to meetings and conferences in the shape of mobile phones, personal digital assistants and laptop computers, and each of these invaluable devices represents a door through which intruders can access sensitive data.
Andrew Pearson, executive vice-president of data protection software specialists Workshare, says: "Executives move around the world doing their jobs and don't know that they're at risk of losing very sensitive information, either through very simple mechanisms such as losing their laptop or through more sophisticated means."
The truth is that thousands of responsible company executives unwittingly leave confidential data and documents wide open for snoopers, criminals and cyber-vandals to intercept or interrupt. And an even more alarming truth is that out-of-office meetings and conferences are especially vulnerable.
Today's conference delegate not only expects to access the occasional email on the road but to read and draft confidential documents, and perhaps even remotely connect to their PC back at corporate headquarters. Technology makes these links easy and relatively cheap but also risky.
Take a conference of 5,000 delegates attending a two-day event in a major conference centre, shuttling between their hotels, seminar rooms and plenary sessions. Each of them will log on to their emails at least once or twice a day in the course of the proceedings.
When the meeting is over, they will to get back to their hotel room and log on, respond to email queries, and pass on their sales leads, contacts and notes to head office. If their hotel is one that doesn't offer in-room broadband they might nip down to the business centre and use one of the machines there, or find a local coffee shop or wireless hotspot to connect. Unfortunately, each of these activities contains a risk of information-theft or data-snooping.
The proliferation of wifi internet access is a particular concern for security-conscious companies. Many hotels and convention centres are establishing wifi broadband systems as added-value services for their clients, both in guest rooms and public spaces, but the fundamental danger is that wifi is a vulnerable open-air system. Hackers with the right software can monitor, record and interfere with wifi traffic, much as pre-digital radio hams could tune in to shipping, police and other frequencies.
Once logged on to the wifi connection, it's even possible for a hacker to view, copy, delete or interfere with files and folders on an unprotected hard drive. Pearson says: "If you hook up to an unsecured wifi network at a conference and you don't use any technology to protect yourself, someone else at the conference or physically in the location could get across to your machine and steal things."
Freddie Lam, managing director in Asia Pacific for broadband provider iBahn Asia Pacific, is well aware of the dangers of data theft. "The hackers don't even need to be in the same building, simply within range," he says. "Sophisticated gangs have been known to set up their own fake access points within the network radius and users unknowingly log into them, exposing all their data."
To prevent network theft, iBahn can now set up a virtual command centre at major conference sites. This not only offers a secure network but also operates like a radar system, scanning the network for incoming intruders and blocking them.
But although wifi penetration is a growing risk, a bigger danger for most companies comes from the provision of shared PCs or internet kiosks at conferences. Unfortunately, few corporate delegates who make use of such third-party hardware have an understanding of the risks this can involve.
Not only are uploaded or downloaded files capable of interception, they can also be left behind on other computers, easily accessible to a moderately sophisticated PC user. Lam says: "I heard from one leading executive of how he had come across a US$5 million business proposal on a PC he was using at a hotel business centre."
This risk has been exacerbated by recent advances in storage capabilities. Tiny memory sticks can now be loaded with up to 6GB of data, while other apparently harmless devices can store a lot more. Workshare's Pearson explains: "Someone with a 60GB iPod could potentially download almost any company's database and just walk out with it with their headphones in their ears."
IBahn's solution is PC rental for public areas at conferences, where delegates can be reassured that not only is the network secure but special software automatically clears user data after logging off. Where this is not provided, the onus is on companies to ensure that their sensitive information can't be accessed by unauthorised users. This can be achieved through the use of software applications which intervene to prevent data being put at risk. "We have a set of applications, some of which sit on the user's machine and interact with them in real time," says Pearson. "For example, if someone wants to download a file to a portable device they could be alerted or prevented from doing so."
The most urgent need, however, is to alert the events industry and delegates to the possibilities of cyber-fraud. "The biggest problem is one of ignorance," says Lam. "Even regular computer users are often unaware of the dangers. It's a matter of convincing venues, event organisers and users that they must act immediately to protect themselves."
For more details, visit ibahn.com, workshare.com.
WHO'S AFTER YOUR DATA?
CORPORATE RIVALS
It's an old joke that business ethics is a contradiction in terms. If you represent a major corporation, how likely is it that an employee of a rival firm might, even by coincidence, share the same hotel, convention hall or business centre? If your system is unprotected your secret sales strategy or new product blueprint could end up a topic at someone else's meeting. Commercial espionage is as old as business itself, but now it has a modern mask.
IDENTITY THIEVES
These cybercrooks may not be interested in your business plans but they do want your credit-card details, passport numbers, email passwords and all manner of information you hold on your hard drive or key in when you shop on the internet, check your frequent-flyer mileage or make hotel reservations.
EXTORTIONISTS
While thankfully rare, some companies find themselves at the mercy of criminals or disgruntled employees who will seek to discredit or damage a firm and seek payments for the return or destruction of stolen data.
CYBERVANDALS
Possibly the most unpredictable of cybercriminals, these hackers don't discriminate. They may delete or wipe data or introduce viruses simply out of a malicious sense of fun.
WHAT DOES IT MEAN?
SPYWARE
This software collects personal information with different techniques, including recording keystrokes, web-browsing history, and scanning documents on the computer's hard disk.
ENCRYPTION
Data is scrambled and coded before it is sent, so only the designated receiver will be able to decode it. Even if the data is intercepted, it will appear as meaningless gobbledegook.
WEP
Wired Equivalent Privacy: this is the first and most basic level of protecting your wifi network. While it will deter casual snoopers, WEP systems can be cracked fairly easily by determined hackers.
WPA AND WPA2
Wifi Protected Access is a more modern encryption system involving more elaborate protection.
AP
Access points are the electronic transmission and reception points where users connect to the internet.
VPN
Virtual Private Networks can be set up which will provide users with a great deal of security from any outside interference. However, setting up VPNs is not easy and requires considerable technical know-how.
PROTECT YOURSELF
1) Turn off filesharing
Many new computers have this switched on as their default setting
2) Use a firewall
Most new laptops will come bundled with a firewall, but you can easily upgrade to more sophisticated software, usually for less than £50
3) Install an anti-virus programme
Many are free and inexpensive but the secret is to keep it regularly updated
4) Upgrade your system software
System upgrades often include patches and security
5) Log out, clear up
If you have to use a business centre, remember to log out of your password-protected area and ensure that you clear the machine's cache and temporary document files, where your memo may have been copied and where others could retrieve it
