Wednesday, August 29, 2012

Wonder Wednesdays: Securing Corporate Secrets on Hotel Computers

In this day and age, most travelers come equipped with laptops, tablets and/or smart phones to stay connected while away from the office. Even still, most hotels offer the added convenience of complimentary computers to check email and print a few key documents on your way into your meeting.  Sure, you know to sign out once you’re done with the computer, but do you really know what data you might be leaving behind?

An article written for computerworld.com takes a look at the corporate secrets these hotel computers hold.  The author, a corporate security manager whose identity has been withheld, explains that email is ‘the most vulnerable repository of documents’ in a company- while traveling or not.  The ability to access email from anywhere in the world is essential to today’s business traveler, but downloaded information (emails, attachments, contacts and calendar items) remain on the device, even once the application is closed.
The security manager tells a story about a phone call he received from a hotel with which his company does a great deal of business.  The hotel manager wanted to alert the article’s author that 1GB of sensitive corporate information was found on the hotel’s public computer left behind from a sales representative’s email.  The data left behind included information about pending deals, copies of contracts and internal memos, plus some of the rep’s personal financial data.  The company immediately sent one of their IT staffers to the hotel to remove the data.  The hotel also re-imaged the computer
This is some scary stuff! So how can we better protect our data while we travel? The most obvious tips are: bring a company laptop and avoid wireless networks you don’t trust (and even the ones you do trust!).  But sometimes you just can’t avoid that public computer, so here are a few additional tips:
1.      Always connect to your computer using the https connection.  It is likely that your email client is available over both http and https and generally when you type in the short version of the link you are directed to the unsecured site.  You can also check your remote access settings as most email client’s offer an ‘always use https’ option.

2.      If you have to download documents, encrypt your files with password protection.  It is best if you do this ahead of time so there is no chance of the file being downloaded and then resaved after encryption, leaving the unsecured file behind and available.

3.      When downloading files, make sure you know exactly where they are being saved so you can delete them afterwards.
And of course, only open essential emails and download essential documents.  And ALWAYS log off when you’re done, clear the cashé and erase the history.

1 comment:

Anonymous said...

Great blog, Jose! Social Media is changing how we do meetings. Thanks for sharing.