The Olympic Games Represent A Major IT Security Headache

Flexible Working

This summer, while Olympians stretch their sinews and aim to be faster, higher and stronger, London will simply become bigger. To prevent our capital city from grinding to a halt, businesses are considering flexible working. But as soon as data roams, or is taken out of a company’s centrally controlled security system, there’s risk. How prepared are companies for this?

First, the size of the problem. Estimates suggest that London’s population will swell by some 5 million visitors over the two week Olympic period, well over 50 percent of its current population. In preparation, the Department of Transport has invested 6.5 billion pounds in upgrading and extending transport links.

But there are fears that this is not enough. Already the government is urging businesses in London to consider flexible working this summer. The message is clear: business needs to prepare, now.

The good news is that businesses are already thinking about flexible working. Research from Cisco found that one fifth of respondents were considering flexible working during the Olympics, with over half already thinking about the collaboration technologies that would be needed.

And the big players do seem to be on top of this. One major initiative has come from O2. In February of this year it let 3,000 of its staff – a quarter of its total workforce – work from home. O2 has allowed people to use their own technology, so long as it has been registered with its IT group, and intends to share its findings with other businesses.

This represents best practice. But while our blue chip companies can employ the very best staff and technology to protect themselves, companies with lesser resources might still be exposed.

For example, Computer Business Review recently found that nearly three quarters of respondents allowed flexible workers to use devices not supplied by the company. A quarter didn’t even have a security policy in place regarding flexible working. Worryingly, this tallies with the Cisco finding that nearly half of its respondents had no flexible working plan in place for the Olympics whatsoever.

Even the companies that change their procedures need to acknowledge that people will stay the same – and too often, its human error that tops the list of causes of data loss. For example, data security experts Credant Technologies recently found that over 17,000 USB flash drives had been left in over 500 laundromats and dry cleaners throughout the UK – a 400% increase over the previous year.

This much we know. But often, people don’t even own up to losing their USB drives. They simply keep quiet and hope no one notices. So the size of the risk, and therefore exposure to security compromises, remains largely unknown. In Germany, an individual would be liable to be fined, as well as the organisation that employs them, for such a cover up.

The usual answer to protection from lost USB keys is encryption. But that doesn’t go far enough. In the hands of malicious users with enough technical knowledge, encryption can be overcome, for example by using a computer with a limited user account and a specially configured local security policy.

From that point, as well as copying and exploiting any sensitive data, they can even put malware onto the keys and send them back into circulation. Security giant Sophos, in looking at 50 USB keys bought in a lost property auction, discovered that over two-thirds contained malware.

How sure can businesses be that the same people who lost their keys won’t simply acquire a replacement riddled with viruses, Trojan horses and worms? Again, there is exposure to unquantified risk.

So while the Olympic Games represent a huge opportunity to make money, they also represent a major security headache. While this summer could usher in a new age of flexible working, the transport load removed from our city’s infrastructure is simply dumped as data onto private companies’ networks, requiring a wholesale rethink of security.

Companies like O2 are showing the way, but if the scare stories are true, and our country is awash with malware-infested USB sticks, then this summer could also spawn a new age of security compromises. We await O2’s findings with keen interest.

Norman has started and managed a number of companies over the past twenty years. His career started with Sony in Australia and subsequently the UK, marketing and selling newly developed products and commercialising Sony’s IP over a period of 10 year. This was followed by employment with Entre Computer Centers, an American franchise company. Following the closure of the Entre business in both US and Europe, Norman went on to start a number of sales based companies in the IT sector. The first of these companies, SCS was subsequently sold to IBM. Norman then started a specialist sales company that sold wireless networks and laptop computers exclusively into the education sector. At the end of the 5 year license term, Absolute Software, who had become a publicly quoted company on the Toronto exchange, decided that they needed to have their own corporate presence in Europe. To facilitate this changeover, Eurotracking was wound down and subsequently closed. Since this time Norman has been developing the products and business of ExactTrak.

http://www.linkedin.com/pub/norman-shaw/a/977/a25 http://www.securityguardian.uk.com/

Our latest thought leaders