Q: I've given staff laptop computers. I understand that some are logging onto the Internet at public hotspots. Are there any security issues to consider?

A: If the users are abiding by a well-structured security policy which states that access to critical data and/or systems, such as e-mail, is protected by strong authentication (user name, password and authenticated one-time password) as well as the usual security measures (updated antivirus, anti-spyware, firewall, intrusion detection systems) installed on the laptop, then the user risk has been mitigated.

The use of antivirus, firewall and anti-spyware minimize the chances of being hacked and having the user credentials stolen, and if the worse happens and the user name and password are stolen, the use of one-time-passwords (i.e. strong authentication) means that the stolen credentials are of no use to the hacker since they cannot steal and use an ever changing authentication code.

If the user is logging in from anywhere without the above security measures (as a minimum), then I would be worried!

Our expert: Ross Wilson, managing director of RSA Security, South Asia & India.

Back to Special Report Home