- Security TWENTY Home
In our November issue we reported mobile phone theft – how one thief jailed for a stealing a phone in a Nottingham pub was also given a criminal ASBO, Mark Rowe writes.
For all the talk about data and the internet, have we overlooked the old-fashioned theft of property? Or are young people with an easy-come, easy-go attitude to belongings at fault? If it’s merely their own property, it’s their look-out – though ultimately the cost is on all of us, through insurance – but what about when those young people enter workplaces?! Trends in technology – devices making it ever easier to store and carry data – bring security challenges, that you may deplore, but cannot ignore.
The two young men walked into the security reception. They were casually-dressed and athletic-looking, each wearing sports trousers of the sort that unzip at the bottom so you can take them off easily. But they had not been on the sports field recently. They were reporting a crime. The uniformed officer behind the desk – white open-neck shirt, black trousers and epaulettes that said ‘SECURITY’, gave the victim the police non-emergency phone number 101. The alternative was to walk to the nearby police station. The officer offered the reception land-line to the young man to ring 101. From overhearing the man’s side of the conversation, the whole story emerged. “I would like to report the theft of my mobile phone. It was just from my pocket. I felt it go, but the person just ran. I’m not sure who the person was.” The young man then said where he was; the 101 call handler evidently had asked. The handler then must have asked more about the crime, whether to flesh out details or to check it was a genuine report: “Some friends … a pair of jeans, front pocket. I was wondering whether I would be able to claim my insurance on it.” The student’s friend sitting beside me, inevitably, was passing the time by looking at things on his mobile. “Yes all right, thank you,” the crime victim said. He put the phone down and the officer asked: “What did they say?” The victim replied: “Go back there and see if there’s CCTV.” The officer asked if the other student had registered his phone (meaning the Immobilise property website, www.immobilise.com). The officer added: “If anything is stolen and gets recovered it gets back to you, not just phones, but laptops, everything.” The two students left, saying they would go to the police station. ‘It’s always the way,’ I say to the officer behind the counter, but he either does not hear me (he has put a radio earpiece in one ear) or ignores me. Students only learn about the need for crime prevention, after the crime. Protecting your belongings, being sensible, isn’t cool. But then being a victim of crime is not cool either.
In dark and busy pubs, on trains, in cafes and hotels, and on holiday, besides at a new university, you only need drop your guard for a moment – and entertainment venues like us to feel relaxed – and your bag is dipped into or snatched altogether. Are young people careless, for whatever reason – they change their makes of phones as readily as some of us change ties; a phone is taken for granted from childhood? Besides the physical object, there is the question of data and address book on the device. It’s stating the obvious that in the old days (but well within a working life) your only device you carried was a watch. Take the 1968 film The Italian Job; to foul up the Turin traffic control computer, the robbers have to take a dinner-plate-sized spool of tape, to replace the proper one on a computer the size of the Mini cars they escaped in. Data has become portable; even invisible in the Cloud; devices to carry data, cheaper; and disposable. BYOD – bring your own device – is evidence of how home and workplace have mixed. You could hardly take the Turin traffic computer home; now you can take the equivalent enormous amounts of data on a stick in your pocket, as the (now jailed) American Bradley Manning did, to pass to Wikileaks.
An IT company points to its recent survey suggesting that ‘Generation Y’ employees (aged 18 to 35) have an appetite to contravene corporate policies governing use of own devices, personal cloud storage accounts, and new technologies such as smart watches. Fortinet report a 20-country survey of 3,200 employees aged 21 to 32 during October 2013. A good third (36 per cent) of respondents use their own personal cloud storage (such as DropBox) accounts for work purposes. The point of BYOD is that it speeds up work – and it’s what staff want, for instance if they work out the office, or abroad. But how secure is it, if – as the survey found – 12 per cent admit to storing work passwords using these accounts, 16pc financial information, 22pc critical private documents such as contracts and business plans, and a third (33pc) store customer data.And what will happen when Google Glass comes in? Or cars that connect to the internet?! As Professional Security has reported, can we trust the cloud to store data securely, if it’s in China, or nowhere? And for saying younger people are savvy with devices, the survey suggested many devices are being compromised. A good half, 55 per cent, of responses indicated an attack on personally owned PCs or laptops. Around half of these came with an impact on productivity or loss of personal. or corporate. data. Attacks were far less frequent on smartphones (19pc) or tablets (19pc). Yet one in seven, 14 per cent, of respondents said they would not tell an employer if a personal device they used for work purposes became compromised. The survey also hinted at a link between BYOD use and what the surveyors termed ‘threat literacy’, in other words how knowledgable they were about risks. The more frequent the BYOD habit, the better the understanding of threats. A good sign, the surveyors suggested, if you’re a workplace seeking to bring in policies and training on the risks of using a tablet or whatever.
John Maddison, vice president of marketing for Fortinet, said: “This year’s research reveals the issues faced by organisations when attempting to enforce policies around BYOD, cloud application usage and soon the adoption of new connected technologies. The study highlights the greater challenge IT managers face when it comes to knowing where corporate data resides and how it is being accessed. There is now more than ever a requirement for security intelligence to be implemented at the network level in order to enable control of user activity based on devices, applications being used and locations. It’s worrying to see policy contravention so high and so sharply on the rise, as well as the high instances of Generation Y users being victims of cybercrime. On the positive side, however, 88 per cent of the respondents accept that they have an obligation to understand the security risks posed by using their own devices. Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organisation’s IT security.”