Wireless Security Gets Serious

In February 2005, when nude photographs and the phone numbers of celebrities stored on Paris Hilton’s Sidekick cell phone were posted on several Web sites by a group of hackers, she found out the hard way what happens when your wireless device security is breached. According to the Washington Post, one hacker simply acted like a T-Mobile supervisor, called a T-Mobile store, and asked for the Web address for T-Mobile’s secure customer account Web site, where he learned Hilton’s cell phone number. The hackers then used the phone number to gain access to Hilton’s T-Mobile account, change the password on her Sidekick, and lock her out of her own phone.

While businesses need to protect their wireless devices and networks from such scam artists, there are a few other security issues to watch out for. For instance, unsecured wireless networks. “If a hacker gains access via your wireless network, it’s the exact same thing as him or her physically sitting at one of your workstations and logging in,” says Mark Pfeffer, product manager at Eschelon Telecom, a provider of voice, data, and Internet services and business telephone systems in Minneapolis. “How nervous would that make you?”

“Wireless security is more difficult because wireless technology enables tremendous mobility,” says Steve Bult, director of consulting services at Technology Management Corporation, a business technology consulting company in Shorewood. “This means that the target devices are constantly moving around in an environment that companies cannot control, yet the users are demanding the same access to the same highly valuable data and applications that the more easily secured fixed devices have.” Portable devices that contain confidential information should be encrypted, stored in a locked area, and password-protected. Notebook computers should be secured with a cable lock, a device that looks like a cable bike lock and attaches to the computer’s lock slot.

We asked local telecommunications professionals about what businesses can do to secure their mobile devices and data in the face of security threats such as hackers and the opportunists who troll the city looking for unsecured wireless Internet networks.

Encryption is Key

Pfeffer says that the starting point for a secure wireless connection is adequate encryption. Encryption is the process of translating data into a code that is unreadable except by people who have a password or “key” to decode the information. Providing a password or several passwords, also known as authentication, essentially proves that you are authorized to access a device or network. Hackers who encounter mobile devices and wireless networks that are protected by encryption can’t gain access without the password, so they move on to a victim who is unprotected. Mobile devices and wireless networks may come with a “standard” setting for encryption, but experts warn that all businesses should change this setting and secure their devices and networks using the newest encryption standards.

“The current best option [for encryption] is WPA2,” Pfeffer says. “However, not all client hardware supports this level of encryption.” WPA2, or wi-fi protected access, is a security protocol set by the Washington, D.C.–based Institute of Electrical and Electronics Engineers, Inc.