Businesses must secure their wireless networks so they can protect data from being picked up by competitors, hackers or through accidents like the Google Street View incident, security experts warn.
The warnings come after communications minister Stephen Conroy suggested last night businesses and individuals may have had their banking details stolen through the Street View debacle.
Google collected private WiFi data during “Street View” sessions when it used cars to take pictures of residential areas. A piece of code in the software used to upload the pictures collected data from unsecured wireless networks.
The company is facing investigations in several countries, including a Federal Police probe here in Australia, but Conroy says the damage could have been far worse than just picking up a few documents here and there.
“(If) you were doing a banking transaction, or transmitting personal information, they could have hoovered it up, sucked it up into their machine,” he told ABC TV yesterday.”What we want to ensure now is that we get access to the information that’s been collected.”
“We want to know where it’s stored, we want to know what the information is, and importantly we want to ensure that Google don’t destroy this information.”
But Google denies this kind of data sharing could ever have taken place. A spokesperson told The Australian encrypted data couldn’t have been transmitted through the Street-View software program.
“The way it works is that the equipment we use (which we bought from a third party) and our software will recognise encrypted transmissions, but immediately discards that encrypted data.”
“If you have an open network, but are using a website that is itself protected by secure socket layer (security) or some other form of encryption, then the software may have stored that data, but we are not able to read it,” the spokesperson said. “Banking is a form of encrypted data. We did not collect information travelling over secured wireless networks.”
While the company says it is “profoundly sorry” for the mistake, it nevertheless demonstrates how businesses must pay attention to their wireless network security.
Symantec regional product manager Josh Simmons says the issue has raised “a lot of eyebrows” in the IT industry, and says businesses need to be concerned about the loss of intellectual property or customer data.
“Whether it’s due to intellectual property theft of any other issue, this issue is in a lot of people’s minds right now, and banking details are certainly one area where there is a possibility of theft.”
Simmons says that whether or not data can be collected inadvertently or deliberately, businesses need to ensure their wireless networks are secure.”
“The first most important thing to do is that you need to set a password. When you buy a network and set it up, by default, it does not have a password. You need to enable encryption and then set a pass phrase.”
Simmons says this password should be at least eight characters long, and should not be something directly related to the business so hackers cannot make an easy guess.
“You need to also make sure communications between wireless computers is encrypted, so that anyone sitting on the street, in a car for instance, can’t listen to those waves and receive information. Don’t run an open network.”
“Also, you can configure most wireless networks to not even broadcast the network name, so people won’t know if it’s for your business or not.”
Additionally, Simmons also says businesses need to monitor their bills closely to watch for anomalies. If a sudden spike of data appears, it could be because people outside the organisation are using your wireless network.
“If this happens, it could be for a criminal purpose. Most companies should have an idea of how much data they are using, and if it goes up remarkably, that would be a good time to investigate.”
Ed Curtis, strategic and solutions sales manger from Research In Motion, recently told SmartCompany that businesses need to know exactly what type of data is being used.
“What data are you transmitting? Are you describing different parts you use, if it’s a trade business, or is it credit card details? Are you transmitting customer information, such as phone numbers? Are you happy with transmitting that information?”
“Having access to that data is fine, but you need to know what would happen if a competitor gained access to that. Break-ins to these networks can occur, so you need to make sure the network and employees have passwords on their phones that are secure.”