The threats to data security are most severe at home, a Seattle security expert told the Secure World Detroit conference at the Ford Conference and Events Center in Dearborn Wednesday.
Gordon Mitchell, president of Future Focus Inc., told the audience of a couple of hundred IT security professionals how to "become a counterspy in three easy lessons."
Mitchell said good counterspies must figure out what information is valuable, think about who could be a spy, think likea spy would and protect the information.
Companies and institutions are constantly surrounded by people who are spying on them, Michell said. The strategies can range from the sophisticated to the simple -- like the biotech client that actually had an employee listening to board meetings by using a drinking glass up against a wall.
Mitchell said home workers are generally the biggest security threat, given the sophisticated protection at many workplaces and the rudimentary protections in place on many home computers.
And it isn't just about computers. Far from it. Mitchell warned against discussing sensitive information onk a cordless phone. "About half the cordless phones you see aruond can be easily intercepted by stuff you can buy for 100 bucks at Radio Shack," Mitchell said. "My advice is to use a phone with a cord on it or a cell phone."
He also said home users should use software that's less targeted by the bad guys. For Web browsing, that means Mozilla Firefox with the NoScripts plug-in that won't allow running Java script programs.
He also recommended the use of shredders -- and even pouring paint on shredded documents to keep them secret.
Mitchell also had amusing advice for dealing with an intruder at home -- lock your bedrom door and go back to sleep. Mitchell said he has a friend who trains SWAT teams, and even among trained SWAT teams, "the guys clearing the building always lose to a guy hiding behind the couch with a gun. Why should I walk through my house with a baseball bat? I lock the bedroom door." But he said your cell phone should sleep in that bedroom too, in case you need it after someone has cut your regular phone line.
As for computers, Mitchell advised that "every computer that's hooked to the evil Internet should have a hardware fireball, and they cost under $100 ... it keeps a lot of the garbage away from your machine, and it logs things, so if something goofy happens you can find out what it was."
Also evil in Mitchell's book is wireless Internet access. "The reason I think so is that every time I start getting comfortable with something ... somebody figures out how to bust it. I don't think you can keep ahead of those folks unless you hvae a full time IT staff at your house."
Oh, and Mitchell added: "Music sharing, porn and game sites are poison." And he said that parents who don't monitor kids' Internet activities are irresponsible -- and that kids' computers should be in a public part of the house, not a bedroom.
He also said IT managers should get copies of pictures of the people fired as the result of tech investigations -- so they can quickly recognize whether someone is headed back for revenge.
As for foiling spies at work, Mitchell said, yes, IT managers really do have to check the undersides of tables for wireless microphones and other hidden electronics intended for eavesdropping. He said he's found wireless microphones in a meeting room that can beam its notices 15 stories up or down, and open cell phones in others. Another time, he found a node on a network that gave a competitor access.
He also recommended studying employee Web searches, recalling one client with an employee who killed his wife after workplace Web searches on "kill spouse."
He also urged an understanding of "elicitation," the way professional spies get information out of marks without them even seeing to ask sensitive questions. He recommended John Nolan's book on the subject, "Confidential."
Finally, Mitchell said IT managers have to learn how to pay attention by the important 20 percent of the data they recieve, and to relax.
More at www.esleuth.com. GLITR also recorded a podcast interview with Mitchell Tuesday. Check the podcast section of www.wwj.com.
The Secure World Conference Detroit continues today.
E-Mail Story
Print Story
