Imagine this: You have just bought a new - very expensive - house, complete with new
and very expensive furnishings. Of course, you also bought the most sophisticated
intrusion and theft alarms as well as the best locks that money could buy. After all that
- you put the master key under the outside welcome mat. Ridiculous, right?
How about your network system? You installed the most sophisticated state of the art firewalls, expert systems that can tell "friend from foe" and you enforce strict password controls on all access points. You may have dozens if not hundreds of notebook computers that are regularly linked to your systems for uploads and downloads. Each one of those can be the master key for a hacker to use.
Imagine that - after paying many hundred of thousand of dollars to secure your main system, it can be brought down by any one of thousands of unsecured portable clients. If you protect one domain - you must protect them all. Notebook computers are seven times more likely to be stolen than desktop models. Eighty percent of all corporate notebooks have no security access restrictions at all. When finding (read that stealing) such a notebook, a destructive hacker doesn't need to be intelligent - just lucky.
Remote access to a company's main computers is an everyday fact of life. Telecommuters, business partners, the so-called "road-warriors" - employees who are mostly on the road and must keep in contact - all have access to your system.
Just a few years ago, specialized thieves were being paid $10,000 for each major corporations notebook computer they took. Who in their right mind would pay $10,000 for a $3,000 item? Someone who could care less about the computer but the information inside it.
Why are notebook's so vulnerable? Besides that fact just mentioned - that 80% of them have no access controls whatsoever - inside those small electronic marvels are stored the phone numbers, passwords and access information to the host computer. And let's face it - people are people. Most of us just store that information permanently, so that when connecting "back home" all it takes is a keystroke or two. Why try and remember all those numbers and codes when your obedient electronic slave does it for you? However - your notebook doesn't recognize friend from foe. Like the Genie in the bottle, whoever turns on the switch is it's master.
Does this mean that you should pull the switch - or at least the modem - on all your company's notebooks? Not at all - that would not only be foolish - but quite unfeasible as well.
In our next installment, we'll let you know what can and should be done. (Click here for Part Two.)
© 1999 - 2004 Enterprise Information Management, Inc.
Email : email@example.com
Revised: February 28, 2004.