Jamaican firms, like their counterparts across the world, are investing millions of dollars in wireless computer technology, but apparently, many, at least in New Kingston, are not paying sufficient attention to protecting the security of their networks.

For instance, by driving around New Kingston with a laptop configured with a wireless card and any of a myriad of free, downloaded software, it is easy to identify wireless access points of firms. It also becomes clear that in many cases data transmission is not encrypted.

And even when there is encryption, it is mostly with WEP (Wired Equivalent Privacy) technology, which is notoriously easy to break.

“Generally speaking, there is cause for concern,” says Krishna Phillips, a council member of the Jamaica Computer Society and group IT and security manager for the Jamaica-based mobile phone company, Digicel.

In fact, says, Phillips, this is not a problem unique to Jamaica. Even in the United States, the matter of insecure wireless networks has emerged as a serious and pervasive problem for the IT sector.

“Wireless access, by default, is not configured with deep security,” he says.

It is, therefore, up to firms to determine the importance, to their business, of the information that they transmit along wireless networks, and then decide how much time and money they are willing to spend to protect this information.

“It’s like any asset,” says Phillips. “It depends on how you are prepared to protect it.”

So fearful are some firms about compromising the integrity of their information, as concerns grow about the efficacy of some of the encryption technology in use, that they are pulling down their existing wireless networks ahead of installing new systems.

“We actually dismantled ours last year,” says a technology manager at a Montego-based IT firm that handles back-office data operations for many international companies. “We had to bring it down because of security concerns.”

In fact, says Edward Taylor, a former IT manager at the Observer, a discussion about the use of wireless connection technology is timely, given its increasing prevalence in Jamaica.

“It is not fool-proof,” he says. “It is convenient to be able to walk around with your PDA or laptop and have access to information (without a wired connection).

“But some of that information may be confidential. So, you have to weigh the convenience against the attendant risks of that information going outside the company. In some companies, the view is that the risks outweigh the convenience.”

Indeed, this very issue, and the application of IT security standards in Jamaica, was the subject of a not-very-well-publicised seminar put on last week by the technology ministry’s Central IT Office (CITO) in conjunction with the Jamaica Computer Society.

What, perhaps, will be even more frightening to the average person are the names of some of the firms whose wireless access signals spill beyond the walls of their buildings – sometimes for several hundred feet. In some cases, though, technicians and officials stress that this does not necessarily mean a compromising of their information.

Do what the IT (information technology) people call a “war drive” in New Kingston armed with a wireless configured laptop.

Along Trafalgar Road, in the vicinity of the British High Commission, you are likely to pick up a wireless access point for GraceKennedy Remittance Services (GKRS), the Western Union money transfer people. You’ll get up to 42 per cent of their signal strength.

Swing around to Haining Road, near where it merges with Hobart Road, and you will soon have a signal from DHL, the international courier company, whose head of IT, Gary Scott, was not available for comment on whether the wireless system at the Jamaica office accorded with DHL’s worldwide standard.

Move along Trinidad Terrace, in the region of the Hilton Hotel’s north gate, and you’ll have signal for that hotel’s guest network.

Go onto Knutsford Boulevard and spend a few minutes in the parking lot of the Courtleigh Hotel, next door the Hilton, and you can use the Courtleigh’s wireless signal to surf the Internet.

Head north along Knutsford Boulevard in the region of the Jamaica Deposit Insurance Corporation (JDIC) and run into a wireless portal for that government agency that insures bank deposits.

Last Thursday, no information was being transmitted from the JDIC’s wireless access point. But at the time that system, like many others, had no encryption, although in this case, it appeared to require password/username identification for entry.

From several points in New Kingston’s central business district, access points for a firm called Eckler Partners show up on your laptop.

In the car park of the New Kingston Shopping Centre, the signal strength from the travel agency, Great Vacations, ranged up to 38 per cent of capacity.

However, some officials say that while some wireless access points may be visible to potential hackers, it would be far more difficult to get onto their networks and pinch vital business information.

This is a point stressed by Teddy Alexander, the Miami-based head of technology and information for the diverse GraceKennedy group, which has the franchise for the Western Union money transfer business in several Caribbean countries.

“You have picked up the weakness in WIFI,” says Alexander, an appreciation of which has caused GraceKennedy to limit the kinds of information trafficked across such networks.

According to Alexander, wireless access points of the type picked up from the GKRS head office are primarily for people on the move but wishing to access the Internet, including email, and perhaps transmitting less sensitive information.

“But to get to things like the Western Union host, you need about three levels of identification – username/password,” explains Alexander. “We are very conscious about security.”

But IT experts point out that by monitoring blocks of information being transmitted along a wireless network, potential hackers can analyse the data to determine the authentication methods and password to break open networks. Often, this information is transmitted in clear, or unencrypted type.

However, Alexander explains that in 14 years of the money transfer operation, GKRS has not had a breach of its domain.

“To get to our business applications you have to be authenticated,” he adds, referring to the entire GraceKennedy network. “We have multiple layers of security within the network.”

But notwithstanding this, Alexander promises a review, and possibly, an overhaul, of GraceKennedy’s wireless access systems.

“We are going to review what we are doing with their access and bolt it down in place,” he says.

In fact, such a review was on the agenda of Yvette Thompson, the group’s Kingston-based manager for management information systems, who is just six weeks on the job. Circumstances have made action more urgent.

“Security is an issue and we are very concerned about it,” Thompson had told the Sunday Observer before Alexander’s comments and ahead of being told specifically about the spill of the GKRS signal into the public domain. “We are in a process of assessment and remediation.”

Thompson had stressed that her review of the network was not only of the wireless system, but the entire operation. But she was aware that wireless poses special concerns.

“Everybody understands its inherent weakness,” she had said.

At the Hilton Hotel, IT boss Anthony Chambers, has, over the past week, been overseeing the installation of powerful new antennas to allow for wireless Internet access across the property.

That, in part, may have been responsible for the spill of the signals beyond the compound. Once that is complete, he expects the signal to be more tightly bolted.

“Ours is an open network,” Chambers explains. “It is for guests, and we have guests who need the services but who are not necessarily technically savvy.”

The system, therefore, is not totally secure; so guests – and for that matter anyone else – should be aware of the type of information that is transmitted. However, the Hilton is moving towards a system of authentication of users, which will perhaps require guests to have passwords, thus tightening the system.

Chambers is aware of the fact that wireless signals from the Courtleigh, next door, are not confined to that hotel and that people outside the property can use it to surf the Internet. In fact, it may be costing the Hilton some business.

“I charge for my (Internet) service,” says Chambers, providing an amusing anecdote. “We have had guests asking for a particular room (where) they can get the Courtleigh’s signal (for free).”

Kevin Hendrickson, who runs the family-owned hotel, says the wireless access at the hotel is an experiment ahead of its possible introduction at other Hendrickson hotel properties. He is aware of the signal spill.

“That is the problem we are trying to conquer,” he says. The suppliers, however, have not yet been able to deal with it.

But, according to Hendrickson, the wireless access is not used for business applications. “We couldn’t take that risk,” he says.

Wireless access to the Internet, says Hendrickson, is a free service the hotel now provides to guests.

“It is an experiment for us,” he says.

For Digicel’s Phillips, there are ways of deploying wireless network to protect them from the inherent weakness of the system, but that demands attention to detail, continuous research and the application of time and resources.

In other words, people have to work out just how important is having a secure network worth to their bottom lines, and act accordingly.

“It is not black and white,” he says. “It is the degree to which you want security and the effort you put in it.”