An article from this past week’s New York Times explains the way a Brookings Institute expert handles protecting their intellectual property when traveling to China or Russia. It is a perfect example of how every enterprise mobile workforce member should behave with their electronic devices. The article, “Traveling Light in a Time of Digital Thievery” written by Nicole Perlroth gets right to the point. It illustrates the kind of behavior all enterprise IT departments and their respective legal departments should consider as standard operating procedure.
He leaves his cellphone and laptop at home and instead brings “loaner” devices, which he erases before he leaves the United States and wipes clean the minute he returns. In China, he disables Bluetooth and Wi-Fi, never lets his phone out of his sight and, in meetings, not only turns off his phone but also removes the battery, for fear his microphone could be turned on remotely. He connects to the Internet only through an encrypted, password-protected channel, and copies and pastes his password from a USB thumb drive. He never types in a password directly, because, he said, “the Chinese are very good at installing key-logging software on your laptop.”
What might have once sounded like the behavior of a paranoid is now standard operating procedure for officials at American government agencies, research groups and companies that do business in China and Russia — like Google, the State Department and the Internet security giant McAfee. Digital espionage in these countries, security experts say, is a real and growing threat — whether in pursuit of confidential government information or corporate trade secrets.
“If a company has significant intellectual property that the Chinese and Russians are interested in, and you go over there with mobile devices, your devices will get penetrated,” said Joel F. Brenner, formerly the top counterintelligence official in the office of the director of national intelligence.
Theft of trade secrets was long the work of insiders — corporate moles or disgruntled employees. But it has become easier to steal information remotely because of the Internet, the proliferation of smartphones and the inclination of employees to plug their personal devices into workplace networks and cart proprietary information around. Hackers’ preferred modus operandi, security experts say, is to break into employees’ portable devices and leapfrog into employers’ networks — stealing secrets while leaving nary a trace.
Targets of hack attacks are reluctant to discuss them and statistics are scarce. Most breaches go unreported, security experts say, because corporate victims fear what disclosure might mean for their stock price, or because those affected never knew they were hacked in the first place. But the scope of the problem is illustrated by an incident at the United States Chamber of Commerce in 2010.
This is exactly the kinds of defensive actions most businesses need to take in their IT policies and procedures.