We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

6 security leaks you should plug immediately

Deal with these before it's too late

Modern firms may believe they're not vulnerable to security scams. However, for every large organisation that glides through the year without any mishaps, there are many that suffer perilous incidents. Here's a look at six security holes that are often wide open, and what you can do to close them.

For every large organisation that glides through the year without any mishaps, there are many stories about perilous break-ins, Wi-Fi sniffing incidents and even a crisis involving Bluetooth sniper rifles used to steal company secrets.

Here's a look at six security holes that are often wide open, even in companies that take great pride in their security precautions. We checked with security consultants to find out what you can do about them, before they occur.

1. Unauthorised smartphones on Wi-Fi networks

Smartphones create some of the greatest risks for enterprise security, mostly because they're so common and because some employees just can't resist using personal devices in the office - even if their employers have well-established policies prohibiting their use.

"The danger is that mobile phones are tri-homed devices - Bluetooth, Wi-Fi and GSM wireless," says Robert Hansen, founder of the onternet security consulting firm SecTheory. Employees who use their personal smartphones at work "introduce a conduit that is vulnerable to potential attack points", he explains.

If you use a device like a smartphone that spans multiple wireless spectrums, "someone in a car park could use a Bluetooth sniper rifle that can read Bluetooth from a mile away, connect to a smartphone, then connect to a corporate wireless network," says Hansen, who is also known by his alias, RSnake. Bluetooth is the open portal that lets a hacker access Wi-Fi and therefore the corporate network.

A Bluetooth sniper rifle

Hansen says policies that simply disallow smartphones aren't likely to be effective - employees will be too tempted to use their gadgets at work even if they're prohibited. Instead, he says IT should allow only approved devices to access the network. And that access should be based on MAC addresses, which are unique codes that are tied to specific devices - making them more traceable.

Another tactic is to use network access control to make sure whoever is connecting is, in fact, authorised to connect. In an ideal world, companies should also separate guest access Wi-Fi networks from important corporate networks, says Hansen, even if having two wireless LANs means some redundancy and management overhead.

Another approach: Provide robust, company-sanctioned smartphones on popular platforms, such as Google's Android, and thereby dissuade employees from using nonsupported devices. By encouraging the use of approved phones, IT can focus on security precautions for a subset of devices instead of having to deal with numerous brands and platforms.

  1. Deal with these before it's too late
  2. Open ports on a network printer
  3. Social network spoofing
  4. SMS text messaging spoofs and malware infections

NEXT PAGE: Open ports on a network printer


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite