Make love not war!

December 2011 Information Security

The pace of business today requires that workers stay in touch, even while on the move. Access to e-mail, data and applications, regardless of someone’s physical location or device used, has become a business imperative. In fact, the truth of the matter is quite simply that employee productivity, customer satisfaction and competitive advantage all depend on adopting mobile working practices.

But it comes at a price – how big a price is down to you.

The security battlefield

In the past, IT departments have been reluctant to deploy mobile solutions for fear of the increased risks posed to information security. All too often devices were lost, or stolen, exposing the vulnerable data contained on the device itself. Instead of the benefits these flexible practices could introduce, the mobile device instead became a weapon of mass destruction turned against the corporate defences of the organisation.

However, while in the past saying no to users may have been an option, with today’s modern working practices it is just unrealistic. This is not just in terms of restricting an organisation’s ability to function and therefore hindering its competitiveness, but also from the consumerisation of IT. With the price of technology affordable for the majority, many users are not only happy, but actually willing, to invest and use their own personal devices if it makes their life easier.

Instead of trying to block mobile devices, effective IT departments need to engage more collaboratively with their users in order to embrace these new technologies safely. Open communication, with the recognition that technical controls alone are not a fail safe mechanism to prevent failures in information security, is the key.

Grant Taylor
Grant Taylor

Three tips to peace and harmony

The implementation of workable security controls, that balance the needs of users against the real risks facing the organisation, is the only way forward.

There are three primary elements to this:

The human dimension

Never forget the first line of defence for improving mobile security is your users. The sad fact is many wrongly believe that the IT department is trying to control them, rather than the actual reality of helping them, to do their job.

The main point to get them to understand and accept is why what they are doing poses a security risk to the organisation. Only once they fully comprehend the reasons for restrictions, will you gain their support.

Users will not remember what they read when they first joined your organisation. And, actually, policies and practices need to be regularly revisited and changed over time to reflect advancements in technology and also reflect differences in the risks the organisation faces.

To address the human dimension you need to:

* Create, and then regularly re-visit, your home and mobile working policy making sure each key point is explained, in simple language, with no room for interpretation.

* Focus your users’ attention by emphasising the consequences of non-adherence. Keep these personal, instant and non-negotiable.

* As part of your communication and awareness programme introduce random testing to reveal gaps in understanding.

The technology dimension

Introducing mobile connectivity is renowned for increasing help desk support. Although logical, yet often forgotten, is that the more complex the security access solution is, the more difficult it is for users, and therefore the amount of support needed will increase.

Instead, organisations need to keep three things in mind:

* Choose a solution that provides seamless interaction, with data and applications, no matter where people are or the device they are using.

* Limit user access in relation to the requirements of their role balanced against the risks posed by their location or device.

* Communicate with users why these restrictions are absolutely necessary, especially at the point of use, so they understand why they cannot do something and will not try to circumnavigate them.

The final dimension

This relates to flexibility. In an ideal world you may choose to prevent or restrict unauthorised use of peripheral devices on corporate computers. However, now or in the future, these devices could be deemed a necessary business tool.

Going back to our previous point of denial not always being an effective solution, instead, you need to devise methods that accommodate these necessary deviations:

* Encourage users to discuss the tools they need so you know what is out there.

* Track and report on data movements and have a mechanism to obliterate content from lost or stolen devices.

* Communicate the benefits of early reporting so users are not afraid to report losses immediately.

Together we are stronger

By developing mobile security initiatives with reference to corporate risk objectives that are important to end users, your IT department shares the responsibility with business managers and employees. The expectation becomes that everyone helps to mitigate risk proportionately rather than completely avoid it.

On-going education of the reasons behind security precautions, and how a user’s risky behaviour exposes them and the enterprise, with explanations of how it is being overcome is fundamental. Only then can you be sure that everyone fulfils their role in the battle to keep information secure.

To learn more about mitigating risk with Cryptzone IT security solutions for policy compliance, secure access, endpoint security and content security visit www.cryptzone.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Want effective Attack Surface Management? Think like an attacker.
Information Security
Effective ASM requires companies to think like attackers, anticipate risks, and act decisively to reduce exposure by knowing their environment, deploying a structured approach, leveraging capable tools, and addressing both internal and external risks.

Read more...
The growing role of hybrid backup
Infrastructure Information Security
As Africa’s digital economy rapidly grows, businesses across the continent are facing the challenge of securing data in an environment characterised by evolving cyberthreats, unreliable connectivity and diverse regulatory frameworks.

Read more...
POPIA non-compliance puts municipalities at risk
Information Security Government and Parastatal (Industry)
Digital responsibility must go beyond POPIA compliance to recognising that privacy and service delivery are fundamentally linked. Despite this, only 51 out of 257 municipalities submitted their mandatory data protection and access to information reports in 2024.

Read more...
Choicejacking bypasses smartphone charging security
News & Events Information Security
Choicejacking is a new cyberthreat that bypasses smartphone charging security defences to confirm, without the victim’s input or consent, that the victim wishes to connect in data-transfer mode.

Read more...
Most wanted malware
News & Events Information Security
Check Point Software Technologies unveiled its Global Threat Index for June 2025, highlighting a surge in new and evolving threats. Eight African countries are among the most targeted as malware leaders AsyncRAT and FakeUpdates expand.

Read more...
Welcome to the new cyber battleground
Information Security
The Iran-Israel conflict is rapidly redefining modern warfare, pushing the boundaries of cyber capabilities and creating a new, borderless digital battlefield. Fortinet’s CISO, Dr Carl Windsor, offers a critical, in-depth analysis of the escalating tactics and global implications in his latest report.

Read more...
African industries may overestimate cyber defences
Information Security
A significant perception gap exists in security awareness training: 68% of leaders believe training is tailored to roles, yet only a third of employees feel adequately trained. Many organisations only conduct annual or biannual generic training that may not effectively change behaviour.

Read more...
SMARTpod talks to Sophos and Phishield
SMART Security Solutions Technews Publishing Sophos Videos Information Security News & Events
SMARTpod recently spoke with Pieter Nel, Sales Director for SADC at Sophos, and Sarel Lamprecht, MD at Phishield, about ransomware and their new cyber insurance partnership.

Read more...
Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Corporate and academic teams can register for Kaspersky contest
Kaspersky News & Events Information Security
Kaspersky has announced the registration opening for its new Kaspersky{CTF} (Capture the Flag) competition, inviting academic and corporate teams from around the globe to compete in a battle of skill, strategy and innovation.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.