Browse archive

Latest news

Oracle releases critical security updates for Java

Failed backups endanger revenue and productivity

The security of WordPress plugins

How to detect hidden administrator apps on Android

Key obstacles to effective IT security strategies

CyanogenMod founder aims to thwart data-grabbing apps

Businesses not fully implementing infosec programs

Is accessing work apps on the move destructive?

Microsoft releases Enhanced Mitigation Experience Toolkit 4.0

New regulation for ENISA, the EU cybersecurity agency

Hacking charge stations for electric cars

Trust No One

by Nick Lowe - Check Point’s MD for Northern Europe - Tuesday, 11 November 2008.

Terminal case

Internet kiosks and terminals in departure lounges are a sore temptation for many business travellers. It’s a last chance to check emails before that long flight, or make last-minute changes to an important presentation. After all, it’s just making best use of down time. What happens to that sensitive data after the person’s finished with the computer? Is the data really permanently wiped from memory? Did they leave a USB stick behind? What are the implications for the company’s security policies if such data is being processed on an unsecured PC? Sometimes, it’s a company’s top guns that take the biggest risks with data.

Cold shoulder

Don’t forget that people can steal data by simply looking and reading, even when you’ve locked down the electronic routes for data theft. A senior executive that I know was flying to the UK, and had to tell the person next to him that 1) he could read the high-level presentation on his neighbor's screen and 2) that their two companies were in fact deadly rivals. This sparked a lively conversation. And while the chances of this happening are small, it shows you can’t be too sure who’s looking over your shoulder.

The big fix

What do you do if your home PC or laptop goes wrong? Well, this really depends on the type of repair. If it’s a hardware repair, then consider keeping the hard drive and sending the laptop without it, to keep any personal or business data secure against malicious or well-intentioned copying. If the drive itself is faulty, be very careful who you choose to try and fix it – the data is still likely to be salvageable. It may be safer to destroy the drive and get a new one fitted – which is why regular back-ups not only keep you running if a PC is faulty: they’re also important for security.

Trust, but verify

These examples make the point that your data is only a couple of steps away from misuse, and the intentions behind that misuse actually do not matter. Of course you need to have trust in your staff. You should be selective over what you entrust to them, and also verify that security is maintained. To protect against leaks and breaches, security has to be automated, and set up so that your employees cannot tamper with the process. Don’t leave decisions on what to secure, and when, to your staff. First, it’s not their job to decide this, and second, nor should they have to worry about it. It means thinking about what data you allow your staff – at all levels – to carry with them. It means automatic encryption of disks on laptops, and the same for any data, which is copied to portable storage devices. By taking the potential for human error out of the loop, you make a giant stride in security.