During the 1990s hackers were often perceived as geeks using a scrambler box to hide themselves and break into remote networks. Mainly depicted in the X-files as Fox Mulder's associates, they broke into foreign government networks or banks to expose conspiracy theories. The aim was simply to expose rather than for monetary gain.
Fast-forward 20 years and things have progressed. The geeky college student, sitting alone in his basement, has now become part of an well-organised group or a member of a cyber gang whose intent is to commit identity theft, to steal or extort money. With most data being stored on computers it is more profitable than before – data contains bank details, addresses, phone numbers, passport details, credit card numbers and other valuable information.
Most people think of data security as a firewall guarding them from an evil hacker trying to penetrate a company’s network to cause havoc or smuggle out data. This is, of course, still the case but most people do not think about the physical threat. Why would someone want to remotely hack into a computer when they can steal the physical item easily?
Companies often put a lot of time and money into protecting themselves against cyber attacks: high-tech firewalls, antivirus, intrusion detection and intrusion prevention systems, up-to-date operating systems, high fences, barbed wire, biometrics or more. Millions of pounds can be spent in this way on securing a company from outside threats but a lost USB stick, worth no more than £5, can render all this money and effort useless … it can all be for nothing if a laptop or portable device goes AWOL.
Cleaners, workmen, disgruntled employees, home, office, car break-ins and portable devices left on trains and in taxis can be a problem. So often this physical threat is overlooked and only a few companies take the possibility seriously. And yet it is a clear and present danger – by default laptop user-logins can be bypassed and in most cases memory sticks have no security to prevent data being viewed or copied.
USB devices and laptops are now so common and cheap that anyone, individual or company, can afford them. Such devices are convenient but they are also small and light and, as such. they are easy to lose, easy to steal and their data is easy to access and broadcast. True, some companies have a policy that forbids the use of memory sticks but, as we all know, rules are meant to be broken. Unless all such portable devices are blocked, or companies implement mandatory encryption on removable, data losses may occur.
Laptops should preferably have full-disc encryption enabled to stop login credentials being hacked or bypassed. This also stops hard drives being viewed on other machines because all data is saved in an encrypted format. Removable media encryption systems are now available that allow transparent and mandatory encryption of all data stored onto a USB stick, USB hard drive or memory card thus ensuring that all data is encrypted and therefore protected.