News

Wireless hot spots and services offering mobile access to the Web, e-mail and corporate networks are spreading across Canada faster than mosquitoes in spring -- and for information technology workers, they can be just as pesky.

Many hotels and airports have offered WiFi (wireless fidelity) for the past year or so, and Rogers Wireless Communications Inc. and Second Cup Ltd. recently teamed up to offer WiFi at coffee shops.

Wireless Internet access points are also starting to crop up in places where people don't necessarily sit around and have time to kill -- Mac's Convenience Stores Inc., for example, is piloting WiFi in selected corner stores in British Columbia.

As a result, it's getting more and more common for people using notebooks and handheld computers equipped with WiFi cards or wireless data modems to connect to corporate networks and e-mail at access points across the country. Add devices such as smart-phones and BlackBerrys to the mix, and you've got routine network access anywhere, any time.

And a potential IT security nightmare.

While wireless access can improve the productivity of mobile executives, sales representatives and field service workers, it can also make life difficult for information technology staff, industry experts say.

Making sure handheld wireless devices are secure is not all that much more complicated than securing hard-wired network connections from a technological point of view, but there's one critical difference. You can't slip a desktop personal computer under your arm or into your pocket and walk away with it.

IT departments have to be concerned about thieves who steal portable devices from employees, said Michelle Warren, a Toronto-based IT analyst at Evans Research. At risk is not only the information stored on the device, but also all the network resources it is configured to log on to. Commandeered by thieves, notebooks and handhelds can be used as wireless conduits to a company network, unless they are thoroughly password- protected and encrypted. Failure to pay heed to wireless security can lead to the loss of client data and other sensitive information, theft of intellectual property, loss of customer trust -- and loss of customers, she added.

Access to networks from WiFi hotspots "breaks down office borders and raises security concerns," Ms. Warren said.

Security is recognized as "the most critical issue" when connecting without wires, however "wireless security is kind of swept under a rug."

But many people aren't taking even the most basic security precautions.

One-third of all corporate employees store unprotected business information, including passwords and other network access details, on personal digital assistants (PDAs) and smart-phones, the second annual Pointsec Mobile Technologies PDA Usage Survey reveals.

The survey provides ample evidence that people use PDAs as business tools "without considering the implications," said Peter Larsson, chief executive officer of Pointsec, a mobile data protection company based in Stockholm, Sweden. Unless there is a "fundamental change in attitude" toward mobile security, there will be a dramatic increase in handheld security breaches," he added.

Unless attached to users on strings like handheld mittens, portable devices can't be made theft-proof. But they can be made secure using widely available encryption and password technology, experts say.

And the onus falls on the IT department. When it comes to wireless connectivity, IT can -- and should -- do more than simply hand out shiny new portable devices configured for remote network access, said Hector Hickey, a principle in the networking practice at IBM Global Services in Toronto.

IT departments need to set business rules for security and ensure that they are enforced, and in some cases bring in consultants with the necessary expertise to protect confidential personal, financial or other sensitive data, he said.

For instance, it's easy to protect data on a notebook, Palm or BlackBerry, but many users are too lazy to set up password protection. Devices can be set up by IT so that users have no option but to accept password protection.

If an incorrect password is entered several times in a row -- often a sign of a hack attempt -- data on the device can be destroyed automatically. Of course, IT has to then ensure there are systems in place to back up data and restore it if it is destroyed.

Security can seem complex, but in most cases it's not rocket science, said Mr. Hickey, it's simply a matter of following safe practices and making sure mobile users actually use things like password protection.

And companies can't afford to be lax any more when it comes to making sure mobile devices aren't a gaping network security hole. An average of 186 million new users, from companies large and small, are expected to go wireless each year between now and 2007, according to In-Stat/MDR, a Massachusetts-based research company.