Defend against Industrial Espionage if laptop ban extended

Homeland Security has banned laptops in the cabins of US bound flights from 10 airports in the Middle East and Africa. Rumors are circulating that the ban will extend to European airports. This will be a major inconvenience to business travelers, but can also result in losses to companies.

Valuables such as laptops or camera equipment should not go in checked luggage. Airport employees, including those in security, are known for stealing from checked luggage. Trust European airport employees as you would their US counterparts. Theft of company equipment is annoying and costly for a large cap corporation, but could be crippling for a microcap company.

Another downside of a potential laptop ban is the loss of billable hours. Over half of employees prefer to work on the plane. The National Trade and Tourism Office reports 4.9 million passengers flew overseas and 1.9 million travelled to Europe. If they were unable to work on the plane, the total number of billable hours lost at an average of $76/hr. could be as high as $500M.

Productivity issues are small compared to FBI information that says economic espionage costs US businesses nearly $500B per year. Laptops transported in checked luggage are excellent targets for IP theft. The FBI and other officials know that US allies have a history of spying on private sector companies. The French version of the CIA enabled France to win a $1B contract to supply military equipment to India by learning about competing bids. Stealing bid pricing is convenient, but marketing plans, customer lists, supplier lists, and other material could give a competitor an edge or a new competitor could enter the market if certain information fell into the wrong hands.

No commercial measures are foolproof, but these are some hints to help you prevent foreign officials from accessing your data:

  • Do not have data on your computer that could someone could access in the luggage screening area
  • Your hard drive can be copied by authorities
    • If your drive is unencrypted they now have all your files
    • If your drive is encrypted they try to break the encryption or guess your password
  • Consider carrying a “burner” laptop for your business trip
    • Chromebooks or Windows 10S systems that use only a web browser are a better option
    • Do not have the browser remember your password
    • Do not check “remember me” when logging into a site
    • If authorities decide to keep your laptop it’s only a financial inconvenience
  • Enable BitLocker encryption on Windows
  • Enable FileVault encryption on MacOS
  • Forensic tools can recover deleted files or a formatted hard drive
    • Delete files using a multi-pass tool
    • Commercial and open source options available
  • Keep your antivirus and security patches up to date
    • Antivirus only works on known viruses
    • Governments may have unique variants
    • There are places on your computer antivirus cannot reach
  • Hardware added to your computer can log your keystrokes or take pictures of your screen
    • Antivirus will not protect you

Large companies will always be the primary target, but small businesses may be a target of convenience. A little advance planning can go a long way to securing your assets from professional spies.

Samsung Galaxy S8 Face Unlock Defeated by Photo

MARCIANOTECH uploaded a video showing a Samsung Galaxy S8 unlock using a photo of himself. Google introduced the Face Unlock feature in Android 4.0 and is aware that photos can unlock the screen. The feature is a convenience, not a security enhancement.

In a statement to Ars Technica Samsung Electronics Ltd. ( KS:005930) spokesperson provided the following:

The Galaxy S8 provides various levels of biometric authentication, with the highest level of authentication from the iris scanner and fingerprint reader. In addition, the Galaxy S8 provides users with multiple options to unlock their phones through both biometric security options, and convenient options such as swipe and facial recognition. It is important to reiterate that facial recognition, while convenient, can only be used for opening your Galaxy S8 and currently cannot be used to authenticate access to Samsung Pay or Secure Folder.

This is a reminder that businesses should consider the convenience vs. security tradeoff. A fingerprint is more secure, but may introduce other security issues. Government agents can compel you or your employees to unlock a phone using a fingerprint or an iris scan. A PIN is the best choice if confidentiality of your company data is the highest priority.

These Apps Are Safe From The CIA

  • No definitive proof CIA has bypassed encryption
  • CIA can bypass security of apps by hacking phone
  • Signal & WhatsApp not found in leaks

A new release from Wikileaks has journalists sifting through the details to bring you the story. The initial reports were not correct that the CIA broke encryption in popular apps. Researchers have had time to look through the information and initial reports were based on assumptions. The good news is there is no mention of Signal or WhatsApp in any of the reported documents. For now, this shows the encryption strength in these apps. The real risk is the installation of key loggers or screen capturing software on a phone. Bypassing encryption would not be necessary to gain access to information if any government agency installed these tools. Business owners should be wary of any links received by email if they do not know the person sending them. Airport and border searches are also areas where someone may try to install monitoring software on your company’s equipment. If you are careful to avoid malware, then the risk of someone intercepting your Signal or WhatsApp conversations are relatively low for now.

Defense sector bullish after president call for spending

President Trump called for a $20 billion increase in defense spending while cutting other programs. The defense sector rallied after the president made his budget proposal. Here is the market effect:

iShares US Aerospace and Defense ETF (ITA): +1%/day

SPDR S&P Aerospace & Defense ETF (XAR): +1%/day

PowerShares Aerospace & Defense (PPA): +0.7/day

iShares US Aerospace and Defense ETF (ITA): +8.2%/YTD

SPDR S&P Aerospace & Defense ETF (XAR): 8.7%/YTD

PowerShares Aerospace & Defense (PPA): 6.3%/YTD

SPDR S&P 500 ETF (SPY): 5.27%/YTD

The increase in spending will be bullish for the sector and the supply chain. 3rd or 4th+ party suppliers to the major defense companies will benefit from the increase. Is your small business ready? Now is the time to implement an ISO 27001 Information Security Management System or an ISO 28000 Supply Chain Security Management System to show your customers your dedication to protecting their business interests. We provide training and consulting services for many different ISO standards. Contact us today to discuss your goals and needs.