Maybe the problem of Internet security isn’t educating users to be more vigilant, it’s about persuading companies that there is a problem.
A survey (PDF file) released today by California-based Secure Computing Corporation found that that “only 25 percent of businesses recognized spyware as a major problem”. This despite studies that show spyware is a problem: A study by EarthLink, for example, showed that the average PC has 28 spyware programs, while a report by Dell found that spyware accounts for 12 percent of all PC desktop support calls. Today’s survey, meanwhile, reported that 70 percent of respondents saw spyware as either no problem or a minor problem.
The same with file-sharing: 90 percent of businesses saw file-sharing software as not a major problem, and a surprising 40 percent saw it as “no problem.” Same results with instant messaging and personal e-mail accounts 90 percent saw IM as no problem or a minor problem, and 80 percent felt personal e-mail accounts were no problem or a minor problem.
(I tend to see IM and personal email as not so much a security problem as a productivity one, and even then it depends what they’re doing on it. IM can be an excellent way to share information that benefits the user professionally, as can email. But there do need to be security safeguards in place.)
Anyways, it does seem pretty shocking that companies still don’t understand the dangers of spyware. Maybe when more targeted spyware brings a rival company to its knees through massive corporate data loss, espionage or draining its accounts they’ll take more notice.
Forget phishing for your passwords via dodgy emails. Just use Wi-Fi.
Internet security company Secure Computing Corporation have today released a report prepared by security consultants Canola/Jones Internet Investigations which “documents the serious risks of password theft that business travelers encounter when using the Internet in hotels, cafes, airports, and trade show kiosks.” The full report is available (in PDF format) here.
Posing as a business traveler, the author “found multiple methods available to cyber-criminals that could be used to steal passwords and corporate information”. Wireless access points are especially vulnerable: “Tests conducted at an airport Internet cafe and at a popular chain of coffee shops showed that unencrypted streams of data from the laptops of patrons could easily be seen in many instances by another patron sitting nearby with wireless ‘sniffer’ software.”
Even hotel broadband is risky. Canola/Jones shows “how a hotel guest can use widely available snooping software with a laptop logged onto the hotel network. The guest can successfully snoop on the hard drives of fellow guests who have file sharing” enabled on their PCs. Corporate data and passwords can easily be stolen.” Gulp. Other holes: keyboard logging software secretly installed on public terminals, and the hardy perennial, shoulder surfing, where a ne’er-do-well passes your terminal just as you happen to be entering a banking password.
Needless to say, this is all pretty scary. And Secure Computing would like to offer you a solution: their “two-factor authentication SafeWord line of tokens” which generate one-time-only passcodes for each user session. But there are other ways of foiling most of these exploits: Firewalls on your computer, common sense (don’t go to important websites like Internet banking on a public computer), and only using public Wi-Fi when you a) know it’s encrypted and b) you’re not dealing in sensitive data. Have I forgotten anything?