Dave Fisher argues that all organisations – not just government departments – must consider the costs of espionage
Allegations over the Chinese government’s involvement in cybercrime have recently reared their ugly head again, with new reports suggesting that officials may have copied the contents of a US government laptop computer, during a visit by American trade secretary Carlos Gutierrez. There have been several accusations levelled at China over the past months, all involving data breaches for the purposes of espionage.
For many organisations, these reports, while interesting, are unlikely to cause great concern. The events detailed sound like they belong to the world of James Bond rather than the world of commerce – as an IT director within your average UK company, you’d be forgiven for thinking, ‘Why on earth would the Chinese be interested in spying on me?’
However, this attitude understates the threat. The technology required to copy hard drive data, or to remotely and secretly access corporate networks, is available to a far wider pool of potential users than just government departments. No one is suggesting that a random company laptop might be of interest to the Chinese authorities – but it would certainly be of interest to the company’s competitors.
This isn’t to say that everyone in business is illegally spying on everyone else, but simply that there are rogue organisations – as well as rogue individuals within legitimate organisations – that would be prepared to use underhand methods to gain a competitive advantage. One example is London-based Israeli couple Michael and Ruth Haephrati, convicted in 2005 of creating software that was used by some of Israel 's largest firms to infiltrate their rivals' computer systems. Equally, there are thousands of computer hackers worldwide making a handsome living trading in illegally-acquired information, and it would be foolish to think that, just because you might not work for an international brand name, you’re immune to the threat.
Most companies have in recent years stepped up their efforts to protect the corporate network, yet laptops remain a spanner in the works. It’s too easy to download sensitive information onto them; they’re easy to steal or lose; they don’t always receive regular system patch updates; and, if left unattended, even for just a few minutes, it’s possible to copy data from them. Yet at the same time, given their obvious business value and the growing convenience of remote working, downgrading them to second-class device status (i.e. removing anything remotely sensitive before they’re allowed to leave the office) surely isn’t the most effective means of mitigating against espionage.
A solution is to look at ways to remotely lock-down laptop data, so that if stolen, the perpetrator cannot access the sensitive information within. Equally, it may be possible to provide employees with an ‘ignition key’ which when removed, prevents the laptop from booting-up in the first place. It’s never advisable to leave devices containing company data lying around, but at least solutions like this provide additional layers of protection, as well as wrest control back from the individual employee to the IT department.
Ultimately, corporate espionage is on the rise and solutions such as these mean that you can give your employees laptops without too much fear that competitors, computer hackers or the Chinese will be able to spy on your business.
Dave Fisher is business development manager at Alcatel-Lucent