Successfully reported this slideshow.

Business Travel Executive, Rough Edges

1

Share

Upcoming SlideShare
Nox september
Nox september
Loading in …3
×
1 of 3
1 of 3

Business Travel Executive, Rough Edges

1

Share

Download to read offline

Article: "Rough Edges" from the July 2010 issue of Business Travel Executive Featuring Philip Farina

Article: "Rough Edges" from the July 2010 issue of Business Travel Executive Featuring Philip Farina

More Related Content

Related Audiobooks

Free with a 14 day trial from Scribd

See all

Business Travel Executive, Rough Edges

  1. 1. COVER STORY CORPORATE POLICY CONTACTS CELL DATA By Z. Kelly Queijo Rough Edges Policy pointers that smooth risk of travelers’ cell phones. You’ve heard it before: “My cell phone is According to David Schofield, direc- conference bridges are immediately my life!” The speaker could be a drama- tor of wireless mobility at AlsbridgeTAG, changed. queen teenager whose cell phone privileges “Security is a growing concern as regula- Contact notes, personal numbers and have just been revoked. But when spoken tion mostly looks to paper trails. Now IT account information could be revealed by a business traveler, these words more has to follow the vapor trail. The ability to should the person want to probe into the carry weight and represent a deep level of replicate deleted data from handheld memory of the device. “Internal damage is responsibility. devices and forensic reconstruction are one thing,” says Schofield, “negligent A typical business traveler’s mobile becoming a big part of corporate protec- release of client information becomes Business Travel Executive JULY 2010 phone stores contacts, appointments, tion against espionage internally and something completely different.” email, and perhaps even other sensitive externally.” information such bank account numbers, Or imagine this scenario: a sales man- Triple Locked social security numbers and corporate ager loses his handheld device and the per- For serial business traveler Peter data. Loss of any of this information can son who finds it now has access to the Shankman, founder of Help-A-Reporter- present risks that not only compromise sales manager’s calendar. In that calendar Out, who claims to sleep in hotel beds traveler’s personal identity, but are also are internal strategy, pricing or client meet- more often than in his bed at home, his security risks for his employer. ings. The person who found the phone mobile phone and laptop are critically Just how bad is it if a traveler’s cell could potentially attend any of those calls important to his day-to-day work. Given phone falls into the wrong hands? undiscovered unless the sales manager that, Shankman takes protecting his data Probably worse than you imagine. notifies corporate and all the standing and devices seriously. “All devices, lap- 24
  2. 2. tops, and iPads have passwords. In addi- tion, I do a physical check of where my stuff is as often as is possible.” You Are Here Checking-in - it’s what business travelers do when they finally make it to their desti- One backup is not enough for nation whether it be a hotel, conference, or trade show. They check in to let some- Shankman. Three is better. He routinely one know they have arrived. Usually that person is whoever happens to be working copies his data to a backup drive, a hard the reservation desk at that particular moment. However, in March 2009, “checking-in” drive at home, and a cloud drive some- took on a entirely new meaning with the arrival of the location-based social networking where in “said” cloud — and yet, even this (LBS) tool known as “Foursquare.” is not entirely sufficient. Shankman also stores his most important documents on an Unveiled at the South by South West (SXSW) technology conference, Foursquare encrypted web site separate from his per- was one of the first companies to build upon the status messaging tool where users answer the question “What are you doing?” that Twitter launched in 2006. Upon the It’s easy to break into a arrival of Foursquare, the question became “What are you doing and where are you doing it?” cell phone using parental Other similar tools such as Gowalla, Brightkite and WeReward have emerged, each control software. ‘A hacker with a slightly different twist regarding the “what.” But they kept the “where.” need only know the model This concept of geolocation updates, allows any smartphone user to post a mes- sage through Foursquare (or similar tool) to any or all designated social networks or of your phone, your phone friends groups stating they have just “checked-in” to a particular establishment or number, and carrier to location. Check-ins seems innocent enough given their game-like environment — users earn gain access.’ badges or points as rewards for checking in to the same place repeatedly. The user who checks in often enough earns the status of “mayor” of that establishment, only to be sonal and corporate sites. “If I’m trapped ousted by the next person who checks-in more frequently. in a foreign country, I can login, download my passport, and hopefully get home.” For businesses, the opportunities to take advantage of geolocation marketing and To the corporate security officer tracking are unlimited. In fact, LBS messages are the ultimate in word-of-mouth market- (CSO), the threat to data integrity on cor- ing tools and are a terrific way to bring people together in public settings such as con- porate systems is the same whether the ference. A tweeted text message inviting attendees to the hospitality suite sure beats threat originates from a computer used by the printed invitation stuck somewhere in the bottom of the conference goody bag left a hacker or from a smartphone: someone in the hotel room. from the outside wants in. According to Think before you tweet Randy Marchany, information technology According to Ann Handley, chief content officer for MarketingProfs, event produc- security officer for Virginia Tech, the two biggest risks he sees are sensitive data ers are definitely looking at Foursquare and other location-based networking these LBS breaches and password compromises. tools as yet another way to connect and engage with attendees. “It’s is a no-brainer for “Corporate execs love to read their email in-person events because of ... well, the location-specific nature of the shared experi- on their smartphones and these emails ence of an event. Foursquare is a great way for attendees to connect with others and may contain sensitive information. In ‘see’ who else is present. The connections make for some immediate networking oppor- addition, people tend to create password tunities and audience participation.” files on their smartphones and these But when it comes to personal security and privacy, is telling the world through devices are, in effect, becoming the equiva- your smartphone that you are not home or not in the office really all that smart? When lent of ‘sticky notes.’” “Smartphones are effectively really Angela Daffron, stalker victim, says “be careful what you share online,” she means it. highly portable computers with Wi-Fi and Over-sharing, a form of TMI (too-much-information), can provide the “bad guys” all the cellular data network access,” says Colin info needed to track down a person who may be walking alone to the parking garage, or Grant, managing director for Nomad has left house, office or property unattended. Recently, the web site PleaseRobMe.com Business Travel Executive JULY 2010 Mobile Guides. “In terms of security they flashed onto the media’s radar due to the attention they drew by streaming posts from are no different than laptops or USB flash the status-obsessed public who are compelled to imply no one is home in the form of drives that have advantages and security messages that either state where they are going - “off to LAX” - or where they have weaknesses.” The obvious difference, of arrived-”just checked in at Starbucks on Main Street.” course, is that smartphones are small, highly portable, easy to share and, more Just as a password is code to protect against unwanted entry into a cell phone or often than not, easy to hack. computer, the code that protects a business traveler compelled to “check-in” comes in Some problems are specific to certain the form of cryptic words, delivered in 140-chareacters or less, at the right time, at the mobile devices. Greg Lee, president of right place. Software Specialists, points out that on a — ZKQ Blackberry, the browser can be configured, 25
  3. 3. COVER STORY | Rough Edges and often is configured by default, to phone numbers on-hand (but not in the call from your phone. appear to be inside the corporate firewall. cell phone) for quick access: the cell phone Hand someone your phone to take a pic- “For example, from my Blackberry, I can carrier’s, so service can be suspended until ture of you. access all of my corporate intranet sites. the lost phone is found; and the CSO’s, so Don’t click on links in emails or messages This is a Blackberry feature and it means any possible data breaches can be reported from people you don’t know. that an application I decide to load on my and the necessary action taken as quickly The security risk can get very person- as possible. al. Angela Daffron, founder of Jodi’s The ability to replicate Corporate policies in place for Voice, knows from her own experience domestic travel may need to be beefed up what it’s like to have someone break into deleted data from when traveling in outside the US. Philip a cell phone and gain access to data stored handheld devices and Farina, a travel and hotel security expert there. Daffron’s cell phone was hacked by and CEO of Farina and Associates Ltd., a stalker who used off-the-shelf parental forensic reconstruction stresses that in addition to the various lev- control software to invade and monitor els of risks travelers are exposed to when her public and private life. “Had I known are a big part of traveling internationally (fire, food poison- not to leave my phone laying my desk, ing, fraud, theft, kidnapping/abduction unattended, or had I protected it with a protection against and of course, the terrorism element), data corporate espionage. protection also makes the list. “One only ‘It will be stupid has to view the latest news to see where things, like storing phone could also access those same sites. trade secrets, products and identities have This presents, at the very least, an infor- been stolen from individuals who are trav- confidential files on your mation access issue. Of course, the risk is eling for both business and pleasure.” the same for me installing software in my To circumvent risks when traveling in phone and then leaving it company laptop as well.” foreign countries, Farina suggests travelers “It will be stupid things,” Grant says, take the following precautions: in a bar or on the back “like storing confidential files on your Leave your data-sensitive cell phone seat of a taxi, that present phone and then leaving it in a bar or on at home. Consider obtaining a local the back seat of a taxi for someone else to mobile/cell phone at your destination. the greatest risk.’ find — that present the greatest risk. This Consider purchasing a “shield” for is where end-user training comes in.” your devices. password, some intrusions could have Schofield agrees: “Corporate policy is a If you require internet access, ensure been avoided.” first defense.” that you have appropriate levels of encryp- She recommends the following steps tion and firewalls for secure communica- regardless whether a phone is for business Elements Of Corporate Policy tions. or, more commonly, for both business and The goal of a corporate cell phone policy In your vehicle, keep your valuables personal use: is to protect the enterprise from loss of out of sight and hidden, preferably in the Always be aware of your surround- intellectual property. Establishing a policy trunk areas. ings. and getting employees to follow all of the If staying at a hotel, always lock up Be aware of what information you rules all of the time is another thing entire- your computers, data devices and cell are sharing about yourself. ly. Given that human behavior is often the phones, when not needed, in the in-room Hide the name of your carrier. nemesis of any policy, having a strategy in safes or in the safe deposit boxes located Never let your phone out of your place for when security is compromised is at the front desk. sight. mission-critical. Know the warning signs and act on Policy points often include: requiring Personal Precautions them — if your phone lights up, even passwords on smartphones, no texting From corporate use to personal use, if briefly, or you notice anything strange or while driving and limiting the type of data your travelers’ cell phones truly are “their new on your phone, take it to your carri- that is stored or accessed remotely. John life,” tell them to give that phone the same er’s store and have a technical support per- Hering, CEO of Lookout, a mobile secu- level of attention and consideration they son take a look at it. rity company, recommends the following would just as if their lives, and the lives of Spend the money for security soft- Business Travel Executive JULY 2010 be added to any corporation’s cell phone those they care about or work with, ware and install it. $40 can buy peace of policy: depended on it. mind. Never leave your phone unattended. Do: Install mobile security software. During her ordeal, Daffron learned When traveling, always lock your Backup your phone’s data regularly. how easy it is to break into a person’s phone in a hotel safe when it is not in use. Password protect your phone. phone using parental control software. “A Download mobile security software Read reviews before downloading any hacker need only know the model of your that will protect against malware, data apps and download them only from rep- phone, your phone number, and carrier to loss, and against physically losing your utable sources. gain access to your phone’s sensitive phone. Don’t: Ever let your phone out of your data.” In addition to mobile security soft- A corporate policy should also sight. ware, she now uses a Sharpie to block out include that the user keep two specific Share your phone or let anyone make a the name of her cell phone carrier. BTE 26

×