http://www.imakenews.com/signal/e_article000727692.cfm?x=b11,0,w By Maryann Lawlor AFCEA Signal Connections January 16, 2007 Securing valuables while traveling is about more than suitcase locks, money belts, travelers checks and hotel safes. These days, information is one of the most precious commodities that people carry with them everywhere. Whether on the road for pleasure or on military, government or commercial business, professionals are laden with laptops, cell phones and personal digital assistants filled with data just ripe for the picking by information thieves. But according to Robert J. Bagnall, chairman and chief executive officer, Maverick-Security LLC, 80 percent of the information security breaches that people face every day can be averted by using common sense, employing information security products and being aware of their cyber surroundings. Threats to information differ depending on the region of the world, Bagnall states. China, for example, has an open hacking policy; however, citizens go to jail if they are hacking in an attempt to overthrow the government, he explains. Because the Chinese military trains personnel to hack into computer systems, travelers may be targeted if they are carrying military information. Russian hackers are motivated by a different desire: greed. In the past, Russian hackers specialized in identification theft. They would steal credit card information then sell it in bulk. But Bagnall says there is a new specialty in Russia of selling boutique data. If someone wants access to specific data in the military, for example, they can go to the guys who have it and buy just what they want. Pricing is based on the quality and reliability of the data, he explains. In Israel and France, Bagnall notes, hacking is all about economic espionage. The thieves aim to steal corporate secrets or to access corporate networks. By staying informed about the type of data hackers in the destination country are most interested in grabbing, travelers can take appropriate precautions to protect particular information. On its Web site, Maverick-Security has published its top 10 security tips [1] for protecting data while traveling. The list is divided into three categories: mild, medium and paranoid. Travelers should choose the security level they need for their specific travel plans. By employing as many of these tips as practically possible, the vast majority of security risks can be alleviated, Bagnall says. Four of the recommendations fall in the mild category. First, travelers should use removable storage media to store critical data. Second, all dataincluding the information on the removable mediashould be backed up. Third, before leaving on a trip, firewalls, intrusion detection systems and antivirus applications should be updated. Fourth, any equipment that is not needed or not in use should be turned off. The safest computer is the one thats not on and not connected, Bagnall points out. The first recommendation in the medium security category is to trim down the information that will be taken on a trip to the bare minimum. Documents should be duplicates, not originals. When you travel, you must assume that your data is at risk, Bagnall says. To minimize the risk, bring only the data necessary to accomplish your goals while you travel. Using encryption to protect critical data is the second suggestion in the medium category. Because wireless capabilities enable hackers to burrow into hard drives, travelers can no longer assume that data is safe even if it is on a hard drive that is in their possession. Encryption will help ensure that data is not lost, compromised or corrupted. In addition, like all other valuables, digital devices should never be left unattended in hotel rooms. Removable media should be carried; laptops or other hardware should be locked in a hotel or room safe. The paranoid category includes three suggestions. First, travelers should not use free connections without employing encryption and should never perform work-related tasks using public Internet kiosks. Second, upon returning from a trip, all passwords should be changed. Finally, when traveling, a more restricted user account should be established on a laptop, and the regular user account should be suspended until returning home. The temporary account should be wiped clean before plugging a laptop into a home or office network. Maverick-Security plans to update its list of travel tips this year. We just want to tell people to look at themselves from the standpoint of what they bring with them. Also, look at the information about yourself that youre putting out on the Internet in places like MySpace.com. This information could lead to identity theft or stalking, Bagnall says. Some security problems can be solved with technology; others have to be solved by working with people, he adds. For example, users must update software programs and apply security patches in a timely manner, and information security personnel need to be included at the beginning of the planning process of information system projects. The bad guys are no less lazy than the rest of us. Thats why computer system break-ins are 80 percent preventable, he explains. Copyright 2007 AFCEA International. All rights reserved. [1] http://www.maverick-security.com/static_content/maverick_tips.pdf _____________________________ Subscribe to InfoSec News http://www.infosecnews.org/mailman/listinfo/isn
This archive was generated by hypermail 2.1.3 : Thu Jan 18 2007 - 22:48:52 PST