Imagine this: You have just bought a new - very expensive - house, complete with new
and very expensive furnishings. Of course, you also bought the most sophisticated
intrusion and theft alarms as well as the best locks that money could buy. After all that
- you put the master key under the outside welcome mat. Ridiculous, right?
How about your network system? You installed the most sophisticated state of the art
firewalls, expert systems that can tell "friend from foe" and you enforce strict
password controls on all access points. You may have dozens if not hundreds of notebook
computers that are regularly linked to your systems for uploads and downloads. Each one of
those can be the master key for a hacker to use.
Imagine that - after paying many hundred of thousand of dollars to secure your main
system, it can be brought down by any one of thousands of unsecured portable clients. If
you protect one domain - you must protect them all. Notebook computers are seven
times more likely to be stolen than desktop models. Eighty percent of all corporate
notebooks have no security access restrictions at all. When finding (read that
stealing) such a notebook, a destructive hacker doesn't need to be intelligent - just
lucky.
Remote access to a company's main computers is an everyday fact of life. Telecommuters,
business partners, the so-called "road-warriors" - employees who are mostly on
the road and must keep in contact - all have access to your system.
Just a few years ago, specialized thieves were being paid $10,000 for each major
corporations notebook computer they took. Who in their right mind would pay $10,000
for a $3,000 item? Someone who could care less about the computer but the
information inside it.
Why are notebook's so vulnerable? Besides that fact just mentioned - that 80% of them have
no access controls whatsoever - inside those small electronic marvels are stored the phone
numbers, passwords and access information to the host computer. And let's face it - people
are people. Most of us just store that information permanently, so that when connecting
"back home" all it takes is a keystroke or two. Why try and remember all those
numbers and codes when your obedient electronic slave does it for you? However - your
notebook doesn't recognize friend from foe. Like the Genie in the bottle, whoever
turns on the switch is it's master.
Does this mean that you should pull the switch - or at least the modem - on all
your company's notebooks? Not at all - that would not only be foolish - but quite
unfeasible as well.
In our next installment, we'll let you know what can and
should be done. (Click here for Part Two.)
© 1999 - 2004 Enterprise Information Management, Inc.
Email : contactus@eiminc.net
Revised: February 28, 2004.