Do you permit employees to access your systems from any of the following?
How prominent are the following threats to IT security? A net increase is expected in the level of threat across the board
The issues are exacerbated by a conspiracy of circumstances… <ul><li>People are buying their own devices </li></ul><ul><li>Mobile technologies are a work in progress </li></ul><ul><li>Organisations have not thought things out in advance </li></ul><ul><li>Lack of a joined up architecture for mobility </li></ul><ul><li>Broadband and always-on access leave no breathing space </li></ul>
FREQUENTLY OVERLOOKED OR ILL-CONSIDERED RISKS Handheld devices Notebook PCs Public/home terminals Inadvertent publishing Careless mobile phone conversations allowing eavesdropping by those within earshot in public places Displaying confidential data on planes, trains and in other places where people can look over your shoulder Displaying confidential data in internet cafes and other places where people can look over your shoulder Electronic snooping/theft Leaving Bluetooth device in discoverable mode risking high jacking or theft of on board data Connecting to unknown or insecure WiFi networks or irresponsible use of ad hoc WiFi networks Use of insecure connections from public terminals or saving data/login information on home/public PCs Physical loss or theft Pick pocketing, snatching, burglary, leaving devices on public transport, client sites, in public places Snatching, theft from car, theft from desk, burglary, leaving PC on public transport, client sites, in public places Burglary, loss or theft of removable storage devices (USB keys, SD cards) used to move data between PCs
How easy is it to control the security risk arising from the proliferation of confidential data across workgroup servers, PCs, mobile devices, remote sites, etc? Just the way in which technology use grows organically in a distributed manner represents a threat to security in itself
How prominent is the risk from security breaches or exposures via employees acting carelessly or deliberately? Larger organisations in general are more concerned about the threat from employees, reflecting the “depersonalised” corporate culture.
Have concerns of risk exposure specifically held you back from taking full advantage of any of the following? The opportunity cost associated with risk related concerns is clear
Considering IT security measures, what is the status of your capability in the following areas?
RIGHT SUPPLIERS Try to select vendors who understand your type of business and are willing to provide help and advice RIGHT TECHNOLOGY Ensure that selected technologies are securable as well as functional SMART DEPLOYMENT Implement technology in a controlled and structured manner and strive for consistency wherever possible SMART USE Ensure that users are properly trained, appreciate the risks and know how to deal with them KEYS TO SECURE MOBILE WORKING
What does this mean in practice? <ul><li>Always remember who is in charge </li></ul><ul><li>Remind users of their obligations </li></ul><ul><li>Spell out the risks very clearly </li></ul><ul><li>Consider all aspects of mobile working </li></ul><ul><li>Make it easy for users to cooperate </li></ul><ul><li>Put the necessary support into place </li></ul><ul><li>Provide the right kind of instruction </li></ul>
How would you rate your employees' attitude towards mobile data security? There’s no substitute for proactive training when it comes to security
Thank You Jon Collins, Service Director Freeform Dynamics Ltd [email_address] July 2007 www.freeformdynamics.com