Thought for the day: Human factor is key to wireless security

As increasing numbers of firms allow at least some of their staff to use wireless devices, it is important to educate the...

New Asset  
As increasing numbers of firms allow at least some of their staff to use wireless devices, it is important to educate the end-users and set up stringent security policies, says Richard Harrison





Few people doubt that wireless computing is on the way to becoming pervasive, but businesses still say that security is the issue holding them back from implementing wireless technology.

With a third of all UK businesses using wireless networks and a recent surge in sales of

Wi-Fi, 3G and Bluetooth, IT professionals not only need to catch up quickly with the new security options on offer and how to implement and configure them, but to communicate the risks to users as well.

Commuter trains are awash with hard-working people trying to access their offices remotely, tapping away at their keyboards, blissfully unaware of the security risks they present to their businesses. Businesses have a right to be fearful, with 68% of UK companies claiming to have experienced at least one malicious security incident in the past year, according to Department of Trade and Industry figures. The cost of these incidents ranges between £10,000 and £120,000, so IT directors are understandably reluctant to introduce a technology with a perceived security weakness.

We have been here before, with e-mail, broadband, e-commerce and mobile. You name it, we were warned off all these new technologies because of concerns about their security - concerns that have been largely assuaged with software and safeguards (although computer viruses still pose a headache for IT departments). These technologies quickly became an everyday part of modern business.

Most of us have the sense not to give our passwords out to strangers, just as we now have the skills to identify a rogue e-mail. Wireless is no different and, with solid security platforms readily available, users need to be aware of the risks. The first step is to implement the security. According to the DTI, there is plenty of room for improvement as only half of all UK wireless networks have basic security controls in place.

With Intel, Cisco, 3Com and others investing in and actively promoting their wireless security products, the technology is available to secure wireless connections. However, configuration can be tricky, especially for smaller organisations.

But it is human error, not flawed technology, that is the cause of most security problems. Organisations should set up stringent security policies, implement training programmes and carry out routine checks.

Incorporating wireless security measures into an existing security policy is essential, and should cover everything that has a wireless connection, including Bluetooth devices.

Telling your road warriors about the risks of logging on from public places and about the existence of rogue access points is a start, but the education process has to delve deeper and be taken more seriously. Clear policies on remote internet access, wireless gaming and other personal activities people carry out with company equipment are essential.

With new wireless platforms and devices being introduced almost daily, it seems an arduous task for the jack-of-all-trades IT professional, especially in smaller businesses under pressure from executives desperate for wireless working who do not understand the risks.

Outsourcing the security configuration and management to wireless experts is one option, although larger organisations can easily do this task themselves.

Common sense and clear policies will help overcome the security issues posed by wireless technology so that businesses and users can start to take advantage of the benefits it offers.

Richard Harrison is head of commercial services at PC World Business

Keep the bad guys at bay >>

Read more on Hackers and cybercrime prevention