Spy vs. spy: Easy cell phone policy for corporate travelersIs counterintelligence the new mission of IT departments? What about the four billion mobile phones? Is there a cheap, low-cost way to keep this critical tool – which conveys trade secrets and intellectual property daily – outside of the hands of cyberspies and cybercriminals?
Here's a controversial recommendation: Do advance risk assessment and strip down the typical business traveler's load-out of gadgetry. This article recommends changes in the way we see the world and the way business travel is conducted.
Harden the target: International business travelers
While cybercrime in 2010 has proliferated in a wave from gas-pump skimming to hotel data theft centered around credit cards, travelers still have more to risk in overseas visits.
The primary area of concern to the Department of Commerce is intellectual property (IP) theft, which includes sales contact information for stateside businesses. The external threat of IP theft is not limited to computers. With four billion cell phones compared to one billion computers, PDAs and phones provide plenty of data risk.
Securing our eCity's four minute YouTube video speaks toward multiple threats that most CIOs and IT managers may not have yet considered – such as remotely turning on cellular phone microphones, SMS command overrides, and the foreign cellular networks on which data and voice are transmitted.
As Qualcomm Senior Director Bill Maheu has pointed out, even the contact list held within a cell phone has value. His recommendation:
[Create] a simple policy that simply says, If you're part of this company and you're going to be in a foreign country, you're going to take a separate phone."
Our assessment must include the point that the information value stacks exponentially the more senior a business traveler is: a vice president will have more strategic value than a junior employee. Providing both travelers with a temporary, data-minimized phone denies intelligence-gathering efforts, which could even be conducted through the cell networks themselves.
Unfortunately, you'll never be able to articulate the savings of something that doesn't happen, concludes Bill Maheu. ‘But once it happens, the cost and the expense in dollars and in lives – you don't want to get to that position. Prevent it if you can.'
Counterintel: Corporate travel checklist
- What role does this traveler have?
- Where is this person heading?
- Who are they visiting with?
- What information can they completely leave behind?
- What information must they have to perform their duties?
- What sensitive projects or information may they need to access while they are traveling?