His false sense of security was compromised on March 9th, following a
visit to a local coffee house. During his visit there, he logged in with
their free WiFi service, and conducted his business in true teleworking
fashion. He sent several emails, updated his company payroll data, sent
several instant messages, and distributed previously prepared reports to
three different clients. Little did he know, a prankster had placed a "sniffer"
on the WiFi network, and had compromised all of his typed communications for
that hour, along with sent files, and email addresses.
By 10:00AM in the next day, his business was in tatters. The prankster
had posted all three reports online, and notified the business contacts of
that fact. Two of them had cancelled their contract with him citing gross
negligence and a breech of confidentiality. The prankster had also sent a
copy of his payroll report to the entire company, causing 2 of his
consultants to quit over the recently discovered pay descrepancies. Sadly,
it could have even been worse, had his financial institution log-ons also
been compromised.
Many small businesses are finding out this lesson the hard way, and very
few are guarding against it. This is especially critical for companies who
deal in personnel records, financial data, health records, technology IP,
planning, consulting, and anything else that is sensitive or jeapardizes
their companies reputation. Many companies who lose data also find
themselves receiving fines so large that it single-handedly forces
bankruptcy.
HOW TO PROTECT YOURSELF:
If you never share files over the internet (email, IM attachments, etc..)
you have to focus on "hardening" your laptop, with one of the known vendors
in the industry. The key, is finding a solution that has 128-bit AES level
security built in, so that if your laptop is compromised, all data stored on
the harddrive is scrambled and encrypted. At that level of security, there
isnt a single document which can be deciphered by a snooping thief. (www.PGP.com,
www.guardianedge.com, www.safebit.com, and www.mcafee.com are some of the
many vendors who sell this type of product)
If you share some files over the internet but do not send very many
communications, you can compliment your disk protection with the use of a
VPN solution to "harden" your pipes. Some VPN solutions for small business
are (www.smallbusinessvpn.com, www.strongvpn.com, and www.openvpn.com)
If you share files over the internet, and send communications as well,
you can use VIA3 from www.viack.com to protect everything you send from
point to point. VIA3's AES level 128 bit security can protect your instant
messages, online presentations, online demos, online training, group chat,
workspaces for document sharing, and removes the need for a VPN.
WHAT IS AES?
According to the Web Conferencing Council
www.webconferencingcouncil.com , Encryption is the process of changing
data into a form that can be read only by the intended receiver. To decipher
the message, the receiver of the encrypted data must have the proper
decryption key (password). AES stands for Advanced Encryption Standard. AES
is a symmetric key encryption technique which will replace the commonly used
Data Encryption Standard (DES).
It was the result of a worldwide call for submissions of encryption
algorithms issued by the US Government’s National Institute of Standards and
Technology (NIST) in 1997 and completed in 2000. The winning algorithm,
Rijndael, was developed by two Belgian cryptologists, Vincent Rijmen and
Joan Daemen. AES provides strong encryption and has been selected by NIST as
a Federal Information Processing Standard in November 2001 (FIPS-197), and
in June 2003 the U.S. Government (NSA) announced that AES is secure enough
to protect classified information up to the TOP SECRET level, which is the
highest security level and defined as information which would cause
“exceptionally grave damage” to national security if disclosed to the
public.
======
Brian Back
