Knowing potential security loopholes will protect mobile devices from prying eyes and hands during a business trip. Gigi Onag finds out how to keep your privacy intact.
Mobile devices – laptops, cell phones, PDAs, digital cameras, MP3 players and USB drives – are so ubiquitous we don’t think twice about carrying them around and have grown careless about doing so.
Here at Business Traveller, we regularly receive letters about iPods, digital cameras and smartphones and other electronic items that have been left behind or have gone missing – in hotel rooms, at airports, on planes – and have never been recovered.
Business travellers sometimes forget that they take with them millions-worth of company assets on the road. Confidential company information – from customer and partner data, business plans to internal communication – is stored on devices small enough to fit in their pockets. Loss of these devices can hurt their company internally and expose it to costly financial liabilities.
So, caution is the order of the day. Being prepared means knowing the potential threats and moves to prevent them.
1. Theft
Theft is the most obvious security concern for road warriors. Mobile gears are eye magnets, so never leave them unattended even for a moment. If you have to leave a laptop in a room for lunch or a meeting, you must have a cable-locking device to secure it, and even then, make sure that it is in a room that can be locked.
Keeping a low profile does not only mean finding a secluded area when using your laptop in public. When choosing a carrying case, avoid picking one that screams “laptop inside”.
Other security measures include installing an audible security alarm guaranteed to keep itchy hands away, as well as installing a tracking software that allows your laptop to regularly ping a tracking centre with a signal that allows it to be traced.
2. Unauthorised access
Once a mobile device is stolen or lost, spoofers – people with malicious intent pretending to be someone else – will try to use the initial access to dive further into the system.
Today’s portable computers and mobile phones have built-in security features. Password-enabled access is now the standard among such devices.
It makes sense for business travellers to turn on this feature for their own protection. Don’t be afraid to use BIOS (a program that starts up a computer) and hard-drive passwords on your laptop. It’s your first layer of defence against spoofers. One thing to remember: don’t carry written copies of your passwords and PINs.
If your laptop runs Windows 2000 Professional, Windows XP Professional or Windows Vista, features may include secure logon, file level security, and the ability to encrypt data. Meanwhile, new laptop models from Sony, HP and Toshiba among others are fitted with fingerprint identification access. All these are great features only if you activate them.
For smartphones and handhelds, password at power on is a common feature. Research in Motion’s BlackBerry is fitted with a security feature that locks the device after several failed logons.
More importantly, it has the capability to wipe all data from the device in the event of theft or loss. In Windows-based devices, software from Kapersky Lab and Sybase enable devices to be wiped clean of all data remotely.
3. Electronic eavesdropping
Today, business travellers can connect to the internet anywhere. This ability to be on call 24/7 does come with a price. Electronic eavesdropping or “sniffing” is always a possibility with mobile devices, particularly in public wireless hotspots. As a rule of thumb, it is advised not to use wireless hotspots in open areas like cafés and airports. You just don’t know who might be sniffing through the digital traffic.
If you must go online outside the office, use a virtual public network and also encryption to protect your emails and file attachments. Turn off your Wi-Fi and Bluetooth connection when not in use while on the road to prevent your device from automatically linking to an open network, and while you are at it, disable your device’s print and file-sharing feature.
4. Virus & Trojans
Virus on PDAs and mobile devices works the same way it does on PCs. A virus infection not only damages the device but could potentially take down your entire company network when you connect to your office. Make sure to update your anti-virus software before you go on a business trip. n
USEFUL TIPS
SAFEGUARDS AGAINST CELL-PHONE THEFT AND LOSS
Installing password protection is the easiest way to stop unauthorised access of a stolen or lost mobile phone. To fortify this protection, follow these two simple steps:
- Block your account: call your mobile operator pronto when your phone is lost or stolen to stop any calls, particularly international calls and SMS, which can wreak havoc to your next month’s bill.
- Keep your phone’s serial number: some service providers can remotely block your telephone if you provide them with its serial number.
To get the serial number, type *#06# (star-pound-zero-six-pound), and it will be displayed on your screen. Write down your serial number and keep it in a safe place.
Meanwhile, back up your address book regularly by synchronising your cell phone with your computer. You can then retrieve these contacts for use on your new phone, in the event of theft or loss.
GROUP SEEKS TO STOP ARBITRARY LAPTOP SEIZURES
US visitors are accustomed to the heightened border security when entering the country. Hand-carry items, particularly electronic devices, undergo careful scrutiny.
But a group of international business travellers has finally drawn the line when a federal appellate panel recently ruled in favour of the authority of US customs officials to examine, copy and seize travellers’ laptops – without reasonable suspicion.
The Association of Corporate Travel Executives (ACTE) last month added its signature to letters from the Electronic Frontier Foundation, asking both Houses of Congress to hold hearings about the Department of Homeland Security’s practice of searching and confiscating traveller’s digital information and electronic devices at US borders.
“ACTE questions any ruling that allows the government of a free country unlimited power to read, seize, store, and use all the information on any electronic device carried by any traveller entering or leaving the country – without suspicion or due process,” said group executive director Susan Gurley. ACTE, whose members are senior travel executives from 82 countries, represents the E200 billion (US$307 billion) business travel industry through its international advocacy efforts. It has been representing the interests of travellers in the laptop seizure issue for the last two years.
Four major points were emphasised in letters sent to the Senate’s and the House’s Committee on Homeland Security: seizure of password-protected corporate laptops, the vague definition of what constitute “suspicious”, the lack of published procedures or guidelines around electronic device search and seizure, and the disposition of personal data regarding third parties named or listed in seized data such as corporate records, financial material, human resources personnel records, private email and family communication. “We are asking Congress to hold hearings regarding these arbitrary searches and to consider legislation to prevent abusive search practices,” Gurley said.
TO USB OR NOT TO USB
USB is a simple innovation that has changed the way we carry and store data. With a small device no bigger than a human finger, we can carry gigabytes of data.
Business travellers, however, must remember that a memory stick is a double-edged sword. While convenient, it is easy to misplace – losing in the process confidential data that could be worth millions. So if you must carry a USB with you, just upload the information you need for the trip and ensure that you password-protect the device.
Meanwhile, also remember that anyone with a USB can easily take out data from any of your device – laptop, mobile phone or digital camera. While on the road, consider disabling the USB feature to keep off unauthorised access of your mobile devices.
