3 Reasons to Be Insecure About Business Security

TheStreet.com

SAN FRANCISCO (MainStreet) -- It's getting dangerous out here for business data.

Love or hate Google or Facebook, but both businesses' well-publicized struggles with security and terms of use have brought a much-needed focus to business security.

View photo

.
Trends are converging in scary ways: Anti-virus scanning tools are not what they use to be, yet everyone's taking their work on the road.

This year's premier corporate security confab, the RSA Conference 2012, was therefore all about the sea change in managing business data.

Last year chip giant Intel gobbled up antivirus firm McAfee, with the whispered intent of baking security into its core chips. There was the explosion of the "roll your own" mobile work solutions, where businesses hand employees cash to buy and manage their own devices, potentially opening up a new dimension of mobile security issues.

And then the truly world-rocking "social media in the office" phenom. Workers now work while chatting, posting and texting around the globe, meaning company secrets are one click from being splayed all over the digital hither and yon.

All of this means there are three big reasons to be big-time nervous about your company's information.

1. Anti-virus scanning tools are not what they use to be.
Just like with the digital democratization -- and devaluation -- of music, print and movie content, the software that scans for bad software is itself under intense value pressure. Major software firms such as Symantec, Trend Micro and others continue to add services to hold on to margins. There was plenty of new backup, storage and complex Web security tools here. But the fact also is the core software that scans for malware and viruses is now free online. Want to write some malicious code? Just keep writing away until that code passes these free online test tools, and your world-conquering evil program will do just that.
 

2. Mobile devices are now a business-risk animal.
As productive -- and cool -- as accessing your company data on Ultrabooks, iPads or iPhones is, clearly the security of the information on these tools is not well understood. The scuttlebutt here is Android-based platforms are particularly vulnerable. Android is an open architecture with a more loosely managed App market. There was a big exploit called GeoFeeBot -- an Android malware app that, once installed on a phone, quietly sends billable SMS messages -- running up massive expenses.

But my read here is Apple, Microsoft's Windows Mobile and other devices are probably if not just as vulnerable as Android, plenty attackable. If you are moving around and doing work, your work data are much more at risk than you think.

3. The rise of the International security bureaucrat
Get ready for this: Businesses are no longer merely sweating the independent kid hacker looking for street cred or the organized criminal looking for a payout. There is a new generation of government-hired digital data collector whose job it is to get information anywhere they can.

Here's the logic: For better or worse, pretty much every nation on earth maintains some sort of internal intelligence bureaucracies. These state-sponsored information-gathering services were traditionally aimed at domestic citizens. What's happening is as these overseas data collection efforts grow and security tools become more widely available, even moderate-sized countries now run sophisticated data collection systems that work globally. The line between benign data collection and outfight attack is blurry. But it is a certainty that it's not just one Big Brother that's watching us; now there is whole extended family of nosey digital relatives whose goal in life is to get our stuff.

What to do
In such an environment, there is simply no excuse for not doing the basics of company security. Keep all your software on all your devices -- that means PCs, Macs, mobile phones, tablets -- up to date. If you're sitting on an old computer running old software, get rid of it. Use robust passwords and change them often. And please, don't nickel and dime on support for your business software. If something does go south, you want as many resources to call on as possible.

But this year's RSA show genuinely frightened me. And think it should frighten you too.
View Comments (0)