Recently I met with a couple of companies that assured me they didn't have any security concerns. They had a good IT guy, a firewall on every laptop, and a guard at the door. Certainly they were OK.
... not really!
Both firms I spoke with had a highly mobile workforce where they met with many clients while using their laptop as their primary computer. They'd enter in client NPI into the laptop, and then send it across the web to their corporate based application.
A couple thoughts occured to me - if there was a rootkit like infostealer on these boxes, they'd be easily compromised. Likewise if they were using non-secured hotspots for internet access. BUT the single biggest hole in the papers today is much more low tech - it's just stealing the whole laptop. Once in the hands of the badguys, they can take their time to harvest all the great NPI from files, emails etc
Here's a recent article describing options on how to secure these
New solutions to remotely secure a stolen laptop | IT Security | TechRepublic.com
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment