Corporate culture and mobile email
Mobile Security Poll
Mobile Workshop The majority of people would appear to be prepared to trust a well dressed stranger. Research has shown that if you stand outside a railway station in a suit you are more likely to be loaned some cash for a ticket than if you're wearing something less sartorial, a hoody for example.
But how do you establish trust when you can't use your senses, and you are considering someone based solely on their presence? eBay is possibly the biggest social experiment in this regard: there are sanctions for bad behaviour, but the system relies heavily on the naming and shaming potential of a bad rating.
If you spoke to people they would probably agree that they don't want to get ripped off, but would say that they are prepared to tolerate some degree of risk in this regard for the return they get from a working social system. eBay is easy to use, Blogs and social sites like MySpace are a method of self-expression, and it seems that many of us desire to put ourselves out there in the new Internet age. Some people are naïve: giving out your credit card details on a train is pretty daft, but many people do it.
It's clear from the feedback from our articles on mobile email that this culture is at odds with the discipline that is required for rigorous protection of corporate information; and if you overlay poor corporate culture on top of this you are creating an environment that is almost guaranteed to compromise sensitive information and run foul of compliance legislation.
In the mini-survey we asked questions about attitudes to mobile email, and over 60 per cent of you said that it creates a business advantage, with a further 20 per cent unsure, but presumably prepared to be convinced. Mobile is also being used for more than just voice, reflecting its adoption for remote access to corporate applications. Despite being a late entry to the push email market, Microsoft matched RIM as a strategic mobile email platform. This goes to further emphasise the point we made in previous articles that mobile email is here to stay, and that RIM and Microsoft are in the driving seat.
Although we write about IT, many of the people responding quite rightly concentrate on the softer issues of corporate culture and staff behaviour. The regular tests around the Infosec show reveal how easy it is to socially engineer sensitive information out of people. In San Francisco, jaded bank workers were happy to give out login credentials when offered a free Latte.
Effective management of personal storage devices is therefore a mixture of physical and electronic security. IT can put in place mechanisms that encrypt data, manage configuration and policies from the centre, and facilitate the replacement of lost devices. Service providers can offer these capabilities as part of a product package to smaller businesses that don't have the resources to do it themselves. Many of these features exist now on the BlackBerry, and are no doubt coming from Microsoft and the developer community on the Windows Mobile platform.
Creating an effective security culture is another matter altogether. In the Infosec example, people are usually genuinely surprised when it is pointed out to them how they have parted with sufficient information for identity theft, so there's clearly a willingness to listen. Information security represents a unique opportunity for IT and HR to work together on fun, but valuable, user education on the ways that sensitive information is gathered both from businesses and consumers. Entertaining and informative courses could therefore be offered that provide value to the business and the employee, and these can be linked in to training on the new mobile email toys that are being handed out.
We'd like to ask you therefore about your company's policy for technical and social education on mobile device security.®
This survey is now closed.
Sponsored: RAID: End of an era?