Viruses taking flight

Worms and viruses are increasingly sprouting wings, taking to the air, and nesting in wireless phones, PDAs, and other devices. If none of these assailants have found their way into your users' devices and data, then it's likely no more than a matter of time until they do. But there are steps IT can take now to help protect against this new breed of airborne virus.

Earlier this week antivirus vendors spotted what they consider to be the first virus that propagates via the Mobile Messaging Service. CommWarrior.A, in fact, is striking mobile phones with Symbian Series 60 software.

And the industry has seen the airborne virus Cabir spread throughout Singapore, the United Arab Emirates, China, India, and other countries since it first showed itself in August 2004 in the Philippines. Users in France and Japan earlier this month found their cell phones contaminated with Cabir.

But mobile viruses, to date, have not tallied considerable damage to enterprises. There is reason for concern, however. A recent survey conducted by security specialist netSurity for RSA Security found that in the business district of London the number of wireless local area networks (WLANs) increased by 62 percent in 2004, with access points growing to 1,751 from 1,078. At the same time, security on the wireless networks got worse, leaving 36 percent of the firms open to potential attack, up from 25 percent in 2003.

The report warns that this increase in unsecured wireless networks -- which is also occuring in other cities around the globe -- leaves businesses vulnerable to corporate information theft, sabotage, and compromised networks. And it is not just sophisticated criminal activity that is leading to this vulnerability. The report says that basic security precautions have not been taken. Forty-three percent of  companies failed to switch on the default wired equivalent privacy (WEP) encryption standards found in most wireless products.

Jim Stickley, co-founder and CTO of TraceSecurity, a security consulting and software firm, is not too surprised by the report's findings. "Two years ago, plenty of people were still saying this wasn't going to be a problem," said Stickley. "Now we're getting plenty of calls about it. People are concerned, and they should be."

But there are measures that IT can put into practice to help lessen the damage if a strike does occur, or at the very least steps that can be taken to educate users about the dangers.

Prepare for the worst

Stickley has some advice for IT managers who are now being asked to deal with the issue: Prepare yourself, prioritize, and encrypt.

"First off, be concerned. Prepare for the worst-case scenario. Ask yourself, what you are giving people access to when you set up a wireless system," he said.

Stickley also advises IT managers to prioritize their risk factors. For example, he notes that laptops carry a lot more risk than a cell phone, and that laptops with wireless capabilities carry even more risk. "When people switch off their default wireless security, they often don't switch it back on again, so it helps to build in some reminders," he said.