ACSC2016 Blundering Australian executives have left sensitive financial documents and tenders in the business centre of prominent luxury Canberra hotel, security man Wayne Ronaldson says.
Wayne Ronaldson. Photo: Darren Pauli, The Register
The documents were left unprotected in the folders of the Windows desktops and contained information sufficiently sensitive to cause massive damage to at least three firms.
That mess was one of several illustrations Ronaldson offered delegates of the Federal Government's Australian Cyber Security Conference in Canberra yesterday.
The co-founder of Adelaide-based consultancy Risk Offensive says corporate sensitive data is being stolen by local and international hackers, taxi drivers and clerks – or simply being lost due to execs' own epic security blunders.
“The business centre was jammed with tenders and financial information,” Ronaldson says.
“Some taxi drivers get paid a lot of money to hand off information about the people who get in their cabs, to supply their audio and video footage.
“So if you're having a business meeting in a cab, hang up.”
Ronaldson illustrated other ways executives can be hosed while travelling. One executive for an unnamed Australian firm lost every tender it submitted after a staffer's laptop was compromised at an overseas industry conference.
Those tenders were hoovered up by a rival which used the information to get a cheap head-start on the company.
Another individual had blueprints for a new communications system stolen when he was invited to speak on the subject at a foreign industry conference.
"Travel is the new blindspot," he says.
Ronaldson advised enterprises to enforce a privacy lockdown on executives' social media accounts such as Facebook if the high fliers insist on sharing travel information such as their check-in to airlines' frequent flyer lounges.
He says all devices taken on overseas trips must be quarantined before they are connected to corporate networks to mitigate the "very real risk" of compromise.
For best practice, top executives should leave their personal and corporate devices at home and travel with burner phones and laptops.
"I take one bag and it goes with me everywhere," Ronaldson says.
"Before you go on your business trip, know the adversary has already watched you, already knows your flight, knows that you love going to the lounge and watching the footy, and that you put your bag down and go for a drink." ®