Laptop safety questions
- 13 June, 2008 10:45
Let me say thanks to the Women's Business Council of the Southwest for inviting me to teach them about laptop safety. The business backgrounds of the members ranged from huge company manager to sole proprietor to corporate lawyer and everything in between. That's what made their questions so interesting, because they came from all directions.
Wi-Fi security issues got plenty of time during my presentation and plenty of follow-up questions from the audience. It's hard for many people to think a free Wi-Fi provider, like a local coffee shop, would lead them into a security sinkhole.
Don't focus on the Wi-Fi provider, because they are not the ones violating your security. You must worry about the other patrons sitting in the coffee shop with their laptops open. Every Wi-Fi chip set, whether added on with a PC Card or built into newer laptops, automatically operates in what we call "promiscuous" mode. In other words, it will connect to any other Wi-Fi device it can. This makes security difficult, because all the other promiscuous laptops can see your laptop, just as you can see them with a little bit of effort. While the vast majority of other laptops are discrete in their connections, one hacker can ruin the love-in for everyone. Hence the constant need for caution and protection.
One way to avoid falling into the clutches of a Wi-Fi hacker is to avoid Wi-Fi and use a cellular data service instead. All the major cell phone carriers offer data networking, often called Mobile Broadband or Data Networking or Wireless LAN (WLAN) or Wireless Wide Area Network (WWAN) or some other catchy phrase the marketing department devised. These services require a card you plug into your laptop, just like Wi-Fi once did. And just like Wi-Fi, some new laptops have mobile broadband support built in, but since each carrier uses a different protocol, unlike Wi-Fi service providers, buying a built in model will lock you into one service.
While the encryption isn't great on these mobile broadband systems, according to this newsletter's official security consultant, Jesper Jurcinoks of NetVigilance, it's way better than unencrypted Wi-Fi and even low-end Wired Equivalent Privacy (WEP) Wi-Fi. Forcing a cellular data card into promiscuous mode would require great effort and hardware modifications by the hacker.
With mobile broadband, you can surf with relative freedom on your laptop and can usually do so wherever you can get a cell phone signal. That beats looking for a Wi-Fi hot spot, just like having a cell phone beats looking for a phone booth.
One person in the audience, excited by the security improvement and convenience over typical Wi-Fi, asked how much mobile data service costs. When told between US$60 and $100 per month, depending on carrier and usage variables, she despaired, saying her boss would never pay that much. Endorsements from a few others in the group who already have WLAN support didn't make a dent, and neither did my explanation of how travelers save money with a WLAN by avoiding the need to pay the $15 per day Internet access fee in most business hotels.
What's more, with Wi-Fi, everyone in that company will be a security risk when using their laptops out of the office, all in the name of fiscal responsibility. Business is about making decisions, but trading security for a little bit of savings ends up costing far more when a breach happens.
At least everyone in the group has moved beyond using tapes for their data backup storage media, or at least wouldn't admit otherwise. Are you still using tapes, and leaving them in the trunk of your car as an offsite storage option? Do yourself a favor and go test the restore on those tapes. If you get a success rate over 50 per cent, count yourself lucky.
Speaking of backup, I'm always surprised how few non-technical people know about online backup services, especially for laptop users. I thought Carbonite and Mozy had penetrated the consumer consciousness, but evidently not. It seems only about 10 per cent of consumer groups I speak to can name either one, or any other online backup service. That's a shame, because for about $50 per year, laptop owners can protect all their data easily and automatically.
I didn't have time to get into how the new security rules for companies taking credit cards might apply to laptops: if you use your laptop for a mobile cash register at events and take credit cards, the disk on that laptop must be encrypted. Well, technically, the credit card information must be encrypted. If the laptop only connects to another location, such as the accounting program back at the office, then the laptop disk doesn't have to be encrypted according to the payment card industry. But since almost everyone with a laptop tells their browser to "save this password" that means anyone finding or stealing that laptop has easy access to the company accounting program. Maybe full disk encryption for laptops carrying such information is a good idea after all.
Laptops remain one of the biggest security problems for companies, because they travel and can therefore get lost or stolen. Try to keep your laptop under control, secure, and avoid hackers in coffee shops.