lack of security in hotspots/wi fi areas
DESCRIPTION
Lack of Security in Hotspots/Wi Fi Areas. Yin Wai ISM 158 4/27/10. Hot Spot Dangers?. Increased dependence on laptops, smart phones, and other portable devices Personal and professional information are exposed when an employee logs onto Wi-Fi hotspots - PowerPoint PPT PresentationTRANSCRIPT
Lack of Security in Hotspots/Wi Fi Areas
Yin WaiISM 1584/27/10
Hot Spot Dangers?
• Increased dependence on laptops, smart phones, and other portable devices
• Personal and professional information are exposed when an employee logs onto Wi-Fi hotspots
• Public access point - on someone else's network with no control of who else is using it
People who know how to look for unencrypted information can gain access to all your data
Threat of a hacker
"Ryan Crumb, director of information security for PricewaterhouseCoopers Advisory Services, has seen all sorts of information gleaned from hot spots -- including Social Security numbers, corporate financial data and information about M&A deals -- that was never meant for him to see. Sometimes Crumb deliberately looks to see what unprotected data is traveling over the network in public spaces."
How easy is information attained?
What can IT do?
• Create and enforce strong verification policies for devices trying to access the corporate network
Require employees to use a corporate VPN (virtual
private network) and encryption when making a connection and exchanging data
What can IT do? cont.
• Make sure all devices and software applications are configured properly and have the latest patches.
• Ensure that corporate security policies prevent workers from
transferring sensitive data to mobile devices or unauthorized computers.
Use air cards, which require a service plan, instead
of hot spots for wireless connections.
Difficulties
• Consumertization of IT - High demand to work from personal laptops and smart phones
• Not enough protection to prevent employees from e-mailing
data back to a home office through Wi-Fi hotspots • Cost - Needing VPN (virtual private network)
Statistics
• Through a 2009 study, the average cost of a data breech was $6.75 mill
• 42% of data breeches were the cause of the third-party • 36% of these were due to lost/stolen devices • 24% were due to a criminal attack that resulted in theft of
data
Statistics cont.
• 67% of these 45 organizations started to use training and awareness programs
• 58% used manual procedures and controls• 58% expanded their use of encryption
Sources
http://www.computerworld.com/s/article/9175780/Hot_spot_dangers_That_Internet_cafe_could_cost_you_way_more_than_a_cup_of_coffee_
http://en.wikipedia.org/wiki/PricewaterhouseCoopers
http://www.pwc.com/us/en/it-risk-security/index.jhtml