Tuesday, April 20, 2010

Extending Controls to Public Hot Spots

With an increasing reliance on portable devices to obtain information, along with the large numbers of business travelers, the exposure of companies to data loss at public access sites is looming as a growing exposure.

Some say its just a matter of time until some spectacular events make the news. Security officers have long been concerned about Wi-Fi and other wireless devices, and some have banned them for a time, but the inexorable growth of wireless has overwhelmed these hopeless attempts to preserve secure systems, and so companies have had to address the issue. So far, however, they have not managed to get a real grip on the situation.

Here are some things they can do, from a recent article in Computerworld:

Steps IT can take to protect data from hot-spot dangers

  • Establish and enforce strong authentication policies for devices trying to access corporate networks.
  • Require employees to use a corporate VPN (virtual private network) and encryption when making a connection and exchanging data; better still, set up employee computers so that devices automatically connect to the VPN and encrypt data after making sure the computer or device hasn't been lost or stolen.
  • Make sure all devices and software applications are configured properly and have the latest patches.
  • Ensure that corporate security policies prevent workers from transferring sensitive data to mobile devices or unauthorized computers.
  • Use air cards, which require a service plan, instead of hot spots for wireless connections.
Strong, well-enforced policies are key to making these things happen.

No comments: