If you own a business, you should be very worried for the next couple of weeks. You may not be making any large purchases, hiring entire departments of personnel, or launching new products, but your data may be at risk and here’s why: If any of your employees are traveling to Sochi with their electronic devices, they may be putting your data at risk.
On a recent broadcast of “The Evening News with Brian Williams” on NBC, international correspondent Richard Engel provided a report from Sochi about the hacking of electronics. He explained that visitors to Sochi should leave their electronic devices at home and showed why. He brought two brand new computers with him and showed how quickly hackers were able to hack into the machines once he took them out of the box and booted them up. What was once fiction has finally become reality, and no matter where the Olympics are held, hacking on a widespread level will, from this point forward, be a reality.
The reason is that, as a global community, we have reached an age where everyone from world leaders on down to John Q. Public use electronic devices to access their personal as well as business information. This data is considered as valuable as gold to hackers. World leaders can have confidential information regarding their countries as well as other countries on their smartphones, tablets, and other devices. Individuals can have confidential information including financials, contacts, and other personal data on their smartphones, tablets, and other devices. And now, with microphones built in to all devices, hackers can listen in on to confidential conversations between individuals without the parties being aware of the interlopers.
Since software evolves, it’s only natural that the software that hackers use also evolves. Some hacking software comes as a package that includes customer support. Just as our software allows us to add modules for more functionality, software for hacking allows one to add modules so that the software can be updated with other modules to create malware with new functionality.
Wireless is an extremely good attack vector for malware. One thing inherently wrong with large wireless networks for the public is that they’re open. This means that it is open to anyone, which also means it may be open or available for nefarious uses. For example, if you’re in a coffee shop, hotel lobby, hotel room, airport, train station, or any other public area with Wi-Fi, those Wi-Fi routers are probably compromised. So as soon as a wireless network senses a wireless device, that device can be attacked by the compromised network. And if you’re plugged into a network hardwired with a cable, you still might be open for compromise because switches and routers, or even the ISPs that the network runs over could be compromised. Are your employees aware of this, or do they rush to access free Wi-Fi or free wired Internet access?
One thing missing from Richard Engel’s report was the use of encrypted devices and VPNs (virtual private networks) for communications. For the average consumer, these technologies are not at the forefront of their minds. They go with what they are accustomed to. For those of us who live in the infosecurity arena, we weigh ease-of-use versus security, but most users opt for ease-of-use. No one wants to put a password on their phone, it interferes with spontaneity. No one wants to buy an encrypted phone due to price.
However, the average user can install malware protection software, such as, Avast mobile security, Kaspersky Internet Security, or Lookout Security and Antivirus. There are many other Antivirus Apps to choose from. When considering enterprise options, there’s the IBM Endpoint Manager Mobile Client, which protects organizational data. This is available on iTunes for iOS and on Google Play for Androids. The app checks to ensure that a device hasn’t been compromised. It allows a user to receive email and other services securely but must be installed by an IT department. Additionally, the app enables configuration of security settings to protect the organization’s data on a user’s device.
Installation of antivirus software does not guarantee a user will not be hacked – there is malware that cannot be caught by antivirus protection – but it can detect and block a large portion of malware that exists in the wild.
Although infrastructure is an important part of every Olympics, the computer infrastructure that consumers and guests use will not. So while the sporting events that comprise summer versus winter games change, you can be sure of the one event that will be a part of every Olympics going forward: the hacking event. And the only medal that will be given is virtual, but it’s worth GOLD to the hackers who win it.
So heed this lesson: If your employees travel to the Olympics, don’t let them take their devices with them. Buy them throwaway devices or instruct them to unplug during the Olympics!
Image Credit: Nirots via FreeDigitalPhotos.net
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.