NEW YORK – Any business traveler who has logged on to a wireless network at the airport, printed a document at a hotel business center or checked e-mail at a public terminal has probably wondered, at least fleetingly, «Is this safe?»
Although obsessing about computer security is a bit like worrying about a toddler – potential hazards lurk everywhere, and you can drive yourself crazy trying to avoid them – the fact is, business travelers take certain risks with the things they do on most trips.
«If you go into the average hotel and sit down in the business center and have a look at their computer, I’m sure you’ll find some interesting things that people shouldn’t have left behind,» said Paul Stamp, a security analyst with Forrester Research.
«The first step companies need to do is to educate people about how valuable the data is, and also how small the circles are in which they travel,» he said, noting how loudly many people discuss business on cellphones, without a thought to who may be nearby.
Or what may be in the air. Robert Vamosi, a senior editor with the online technology publisher CNET, said wireless networks at airports – or for that matter, hotels or cafés – were not as secure as most people think.
«Someone may have some software on their computer that allows them to look at all the wireless transactions going on around them and capture packets that are floating between the laptop and the wireless access point,» he said.
These software programs are called «packet sniffers» and many can be downloaded for free online. They’re typically set up to capture passwords, credit card numbers and bank account information – which is why Vamosi says shopping on the Web is not a great way to kill time during a flight delay.
«Where I’d draw the line is putting in your bank account information or credit card number,» he said, adding that checking e-mail probably isn’t that risky, but if you want to be cautious, change your password once you’re on a secure connection again.
That said, if you access your corporate network through a VPN – a virtual private network – you are safer using public hotspots, since your data is encrypted as it travels between Gate 17 and your office’s server, where it gets decoded before heading on to its destination.
In other words, your communications automatically get encoded by software on your computer so the data look like gibberish to anyone trying to intercept it. If your company does not offer a VPN for employees working away from the office, there are services you can subscribe to for about $10 a month that do the same thing.
Michael Sellitto, a graduate student studying international security at Harvard University, said that even though he encrypts any sensitive data on his laptop, he plans to sign up for a service like HotSpotVPN to add another level of security when he is traveling, especially with poorly protected networks at cafés and hotels.
«The problem is, the really good people have written sniffer programs so that the less sophisticated people have access to the same technology,» Sellitto said. «Say a Microsoft Word document gets transmitted. The sniffer program will collect that, and someone could open it up on their computer.»
While it is tough to say how likely it is that someone is lurking on a public network, many public networks do not have adequate security.
Last fall, InfoWorld magazine published an article about a security researcher who managed to collect more than 100 passwords, per stay, at hotels with lax security (about half the hotels she tested).
While gathering reliable statistics about security breaches is notoriously difficult, since companies are reluctant to reveal this information, the most recent computer crime and security survey, conducted annually by the Computer Security Institute with the Federal Bureau of Investigation, found that the average loss from computer security incidents in the United States in 2005 was $167,713 per respondent (based on 313 companies and organizations that answered the question).
As Jim Louderback, editor in chief of PC Magazine, noted, the statistics may not matter given the problems one data breach can cause.
«Even if it’s 1 or 2 percent,» he said, «you don’t want to run that risk.»
Using a public computer can also mean courting trouble, since data viewed while surfing the Web, printing a document or opening an e-mail attachment are generally stored on the computer – meaning it could be accessible to the next person who sits down. (To remove traces of your work, delete any documents you have viewed, clear the browser cache and the history file, and empty the trash before you walk away.)
«You also run the risk that somebody has loaded a program on there that can capture your log-ins and passwords,» Louderback said, recalling an incident a few years ago when a Queens resident was caught installing this type of «key logger» software on computers at several Kinko’s locations in New York.
One way to foil these programs, which record what you type and can send the transcript to a hacker, is to use a password manager like Roboform. This $30 software encrypts all your user names and passwords for various Web sites, then enters the data at the click of a mouse when you are prompted to log in.
There is a mobile version that can be stored on a flash drive that plugs into a USB port – making your passwords secure and portable.
There are also simple measures you can take to protect your hardware, like using a cable lock to secure your laptop in a hotel room or even a café (in case you leave the table for any reason) and making sure you lock your computer bag in the trunk rather than leaving it on the back seat.
For travelers who do carry around sensitive data, it is worth looking into programs like Absolute Software’s «LoJack For Laptops,» which can help recover a missing computer. The software reports its location when connected to the Internet – and some versions can even be programmed to destroy data if a computer is reported lost or stolen.
But perhaps the most common snoop road warriors encounter are fellow travelers «shoulder surfing» to see what is on a nearby laptop, out of curiosity or mere boredom.
To foil those prying eyes, 3M sells a Notebook Privacy Filter, a plastic film that makes it impossible to view a laptop screen from an angle.
Trevor Stromquist, a sales analyst for a manufacturing company in Minneapolis, has been using one for the past two years to dissuade nosy neighbors on the road, but noticed it has an added benefit back at the office.
«To be honest, it’s kind of a nice thing when you’re sitting in one of those long drawn-out meetings,» he said. «You can do what you need to do, and no one will notice.»
Fuente: International Herald Tribune, Susan Stellin
