Categories

Editor's Choice
Tech Jobs Network
News & Events
Access Control & Identity Management
AI & Data Analytics
Asset Management
Associations
Conferences & Events
Facilities & Building Management
Fire & Safety
Information Security
Infrastructure
Integrated Solutions
IoT & Automation
Perimeter Security, Alarms & Intruder Detection
Power Management
Products & Solutions
Security Services & Risk Management
Smart Home Automation 
Surveillance
Training & Education
Videos
Security by Industry Sector ▾








Print this page printer friendly version

Make love not war!

December 2011 Information Security

The pace of business today requires that workers stay in touch, even while on the move. Access to e-mail, data and applications, regardless of someone’s physical location or device used, has become a business imperative. In fact, the truth of the matter is quite simply that employee productivity, customer satisfaction and competitive advantage all depend on adopting mobile working practices.

But it comes at a price – how big a price is down to you.

The security battlefield

In the past, IT departments have been reluctant to deploy mobile solutions for fear of the increased risks posed to information security. All too often devices were lost, or stolen, exposing the vulnerable data contained on the device itself. Instead of the benefits these flexible practices could introduce, the mobile device instead became a weapon of mass destruction turned against the corporate defences of the organisation.

However, while in the past saying no to users may have been an option, with today’s modern working practices it is just unrealistic. This is not just in terms of restricting an organisation’s ability to function and therefore hindering its competitiveness, but also from the consumerisation of IT. With the price of technology affordable for the majority, many users are not only happy, but actually willing, to invest and use their own personal devices if it makes their life easier.

Instead of trying to block mobile devices, effective IT departments need to engage more collaboratively with their users in order to embrace these new technologies safely. Open communication, with the recognition that technical controls alone are not a fail safe mechanism to prevent failures in information security, is the key.

Grant Taylor
Grant Taylor

Three tips to peace and harmony

The implementation of workable security controls, that balance the needs of users against the real risks facing the organisation, is the only way forward.

There are three primary elements to this:

The human dimension

Never forget the first line of defence for improving mobile security is your users. The sad fact is many wrongly believe that the IT department is trying to control them, rather than the actual reality of helping them, to do their job.

The main point to get them to understand and accept is why what they are doing poses a security risk to the organisation. Only once they fully comprehend the reasons for restrictions, will you gain their support.

Users will not remember what they read when they first joined your organisation. And, actually, policies and practices need to be regularly revisited and changed over time to reflect advancements in technology and also reflect differences in the risks the organisation faces.

To address the human dimension you need to:

* Create, and then regularly re-visit, your home and mobile working policy making sure each key point is explained, in simple language, with no room for interpretation.

* Focus your users’ attention by emphasising the consequences of non-adherence. Keep these personal, instant and non-negotiable.

* As part of your communication and awareness programme introduce random testing to reveal gaps in understanding.

The technology dimension

Introducing mobile connectivity is renowned for increasing help desk support. Although logical, yet often forgotten, is that the more complex the security access solution is, the more difficult it is for users, and therefore the amount of support needed will increase.

Instead, organisations need to keep three things in mind:

* Choose a solution that provides seamless interaction, with data and applications, no matter where people are or the device they are using.

* Limit user access in relation to the requirements of their role balanced against the risks posed by their location or device.

* Communicate with users why these restrictions are absolutely necessary, especially at the point of use, so they understand why they cannot do something and will not try to circumnavigate them.

The final dimension

This relates to flexibility. In an ideal world you may choose to prevent or restrict unauthorised use of peripheral devices on corporate computers. However, now or in the future, these devices could be deemed a necessary business tool.

Going back to our previous point of denial not always being an effective solution, instead, you need to devise methods that accommodate these necessary deviations:

* Encourage users to discuss the tools they need so you know what is out there.

* Track and report on data movements and have a mechanism to obliterate content from lost or stolen devices.

* Communicate the benefits of early reporting so users are not afraid to report losses immediately.

Together we are stronger

By developing mobile security initiatives with reference to corporate risk objectives that are important to end users, your IT department shares the responsibility with business managers and employees. The expectation becomes that everyone helps to mitigate risk proportionately rather than completely avoid it.

On-going education of the reasons behind security precautions, and how a user’s risky behaviour exposes them and the enterprise, with explanations of how it is being overcome is fundamental. Only then can you be sure that everyone fulfils their role in the battle to keep information secure.

To learn more about mitigating risk with Cryptzone IT security solutions for policy compliance, secure access, endpoint security and content security visit www.cryptzone.com





Share this article:
Share via emailShare via LinkedInPrint this page


Further reading:

What are MFA fatigue attacks, and how can they be prevented?
Information Security
Multifactor authentication is a security measure that requires users to provide a second form of verification before they can log into a corporate network. It has long been considered essential for keeping fraudsters out. However, cybercriminals have been discovering clever ways to bypass it.

Read more...
SA's cybersecurity risks to watch
Information Security
The persistent myth is that cybercrime only targets the biggest companies and economies, but cybercriminals are not bound by geography, and rapidly digitising economies lure them in large numbers.

Read more...
Cyber insurance a key component in cyber defence strategies
Information Security
[Sponsored] Cyber insurance has become a key part of South African organisations’ risk reduction strategies, driven by the need for additional financial protection and contingency plans in the event of a cyber incident.

Read more...
Deception technology crucial to unmasking data theft
Information Security Security Services & Risk Management
The ‘silent theft’ of data is an increasingly prevalent cyber threat to businesses, driving the ongoing leakage of personal information in the public domain through undetected attacks that cannot even be policed by data privacy legislation.

Read more...
Data security and privacy in global mobility
Security Services & Risk Management Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

Read more...
Navigating South Africa's cybersecurity regulations
Sophos Information Security Infrastructure
[Sponsored] Data privacy and compliance are not just buzzwords; they are essential components of a robust cybersecurity strategy that cannot be ignored. Understanding and adhering to local data protection laws and regulations becomes paramount.

Read more...
AI augmentation in security software and the resistance to IT
Security Services & Risk Management Information Security
The integration of AI technology into security software has been met with resistance. In this, the first in a series of two articles, Paul Meyer explores the challenges and obstacles that must be overcome to empower AI-enabled, human-centric decision-making.

Read more...
Milestone Systems joins CVE programme
Milestone Systems News & Events Information Security
Milestone Systems has partnered with the Common Vulnerability and Exposures (CVE) Programme as a CVE Numbering Authority (CNA), to assist the programme to find, describe, and catalogue known cybersecurity issues.

Read more...











SMART Security Business Directory



Published by Technews

»  Dataweek Electronics & Communications Technology
»  Electronics Buyers' Guide (EBG)

»  SMART Security Solutions
»  SMART Security Business Directory

»  Motion Control in Southern Africa
»  Motion Control Buyers' Guide (MCBG)

»  South African Instrumentation & Control
»  South African Instrumentation & Control Buyers' Guide (IBG)



© Technews Publishing (Pty) Ltd. | All Rights Reserved.