As we immerse ourselves in the vast data pool that is the digital world, the division between our social and work selves is fading, and groups are waiting to exploit all data.
Peril in merging professional and personal lives online
LONDON // A key theme emerging at the Infosecurity Europe conference taking place this week in London is a security nightmare created by the blurring of work and personal life. Unwary internet users are exposing themselves and organisations for which they work to unnecessary security risks by leaving a trail of increasingly valuable information about themselves whenever they go online.
"We are all leaving digital footprints everywhere we go," said Bruce Schneier, the chief technology officer at BT Counterpane, part of the UK telecoms operator BT Group. "You are not Google's customer. You are Google's product, which they sell to their [advertising] customers." Data protection heads from across the world are expressing continued concern at Google's use of privileged personal data from users of Gmail, its e-mail service, as the foundation of Google's new social networking site, Buzz.
According to a report prepared for the London conference by PricewaterhouseCoopers, Information Security Breaches 2010: "Staff postings to social networking sites pose a new data leakage risk." This kind of risk poses a huge threat to companies involved with deals or projects that are at a sensitive stage. Neil Hampson, a partner at PricewaterhouseCoopers, gives an example of a client who was unaware of the potential security threat that his use of a social networking site posed to his company.
"One of our clients was effectively broadcasting his geographical presence on a daily basis on LinkedIn. As he worked in the M&A [mergers and acquisitions] business, this meant that rivals could deduce which international corporate mergers he was working on from his postings on the social networking site," Mr Hampson said. He added: "Most people do not yet understand that what they put on the internet is forever. It is more difficult to manage multiple personalities than in the pre-digital age."
He also quoted the example of staff working in the defence sector compromising their firm's security by using their internet access to download and share illegal copies of films. According to PricewaterhouseCoopers, a trend for companies to allow staff more access to the internet, established between 2006 and 2008, has now reversed itself as organisations become aware of the inherent risk. What many executives do not fully understand is that the internet does not automatically distinguish between their professional lives and their personal activities online.
There are now growing fears being voiced at the security conference taking place in London that sophisticated data-mining software tools will allow unscrupulous organisations to trawl through the vast amount of information on the Web to gain competitive advantage. According to PricewaterhouseCoopers, "The blurring of personal and work life has grown in prominence, especially with the rise in home working and the people increasingly using their own ICT [information and communications technology] for work purposes. With increased mobile devices, loss or theft could result in exposure of data."
It is feared that the interception of data that passes over Wi-Fi or 3G networks and the illicit capture of data over Bluetooth connections will increase in parallel with the increase in the use of mobile devices. A root cause of this risk is the reluctance of the IT industry to distinguish between products and services aimed at business users and those made for consumers. Apple iPhones, BlackBerry phones, iPods and MP3 music players all pose security threats for commercial and governmental organisations.
Mobile phones that store personal contacts, music and photographs also often contain highly sensitive work data. Devices such as BlackBerry smartphones, originally intended for business use, are now being increasingly marketed to consumers, while the Apple iPhone, essentially a consumer device, is being targeted at professionals. It is feared that new technologies such as cloud computing, where an organisation's data and software are stored on remote servers controlled by a third party, also pose a huge potential security challenge.