Feeds

Corporate culture and mobile email

Mobile Security Poll

  • alert
  • submit to reddit

Using blade systems to cut costs and sharpen efficiencies

Mobile Workshop The majority of people would appear to be prepared to trust a well dressed stranger. Research has shown that if you stand outside a railway station in a suit you are more likely to be loaned some cash for a ticket than if you're wearing something less sartorial, a hoody for example.

But how do you establish trust when you can't use your senses, and you are considering someone based solely on their presence? eBay is possibly the biggest social experiment in this regard: there are sanctions for bad behaviour, but the system relies heavily on the naming and shaming potential of a bad rating.

If you spoke to people they would probably agree that they don't want to get ripped off, but would say that they are prepared to tolerate some degree of risk in this regard for the return they get from a working social system. eBay is easy to use, Blogs and social sites like MySpace are a method of self-expression, and it seems that many of us desire to put ourselves out there in the new Internet age. Some people are naïve: giving out your credit card details on a train is pretty daft, but many people do it.

It's clear from the feedback from our articles on mobile email that this culture is at odds with the discipline that is required for rigorous protection of corporate information; and if you overlay poor corporate culture on top of this you are creating an environment that is almost guaranteed to compromise sensitive information and run foul of compliance legislation.

In the mini-survey we asked questions about attitudes to mobile email, and over 60 per cent of you said that it creates a business advantage, with a further 20 per cent unsure, but presumably prepared to be convinced. Mobile is also being used for more than just voice, reflecting its adoption for remote access to corporate applications. Despite being a late entry to the push email market, Microsoft matched RIM as a strategic mobile email platform. This goes to further emphasise the point we made in previous articles that mobile email is here to stay, and that RIM and Microsoft are in the driving seat.

Although we write about IT, many of the people responding quite rightly concentrate on the softer issues of corporate culture and staff behaviour. The regular tests around the Infosec show reveal how easy it is to socially engineer sensitive information out of people. In San Francisco, jaded bank workers were happy to give out login credentials when offered a free Latte.

Effective management of personal storage devices is therefore a mixture of physical and electronic security. IT can put in place mechanisms that encrypt data, manage configuration and policies from the centre, and facilitate the replacement of lost devices. Service providers can offer these capabilities as part of a product package to smaller businesses that don't have the resources to do it themselves. Many of these features exist now on the BlackBerry, and are no doubt coming from Microsoft and the developer community on the Windows Mobile platform.

Creating an effective security culture is another matter altogether. In the Infosec example, people are usually genuinely surprised when it is pointed out to them how they have parted with sufficient information for identity theft, so there's clearly a willingness to listen. Information security represents a unique opportunity for IT and HR to work together on fun, but valuable, user education on the ways that sensitive information is gathered both from businesses and consumers. Entertaining and informative courses could therefore be offered that provide value to the business and the employee, and these can be linked in to training on the new mobile email toys that are being handed out.

We'd like to ask you therefore about your company's policy for technical and social education on mobile device security.®

This survey is now closed.

How would you rate your employees' attitude towards mobile data security?

Good - employees want to do the right thing to protect data
Average/variable - some will try, but the level of cooperation is inconsistent
Poor - most employees really don't care
No single platform (mixed strategy)
Undecided - the jury is still out
No firm plans to adopt anything

Do you have a standard mobile email device that is issued by IT?

Yes
No

How do you train people to use their mobile email?

Classroom training
One on one training
Written policies and guidelines
Ad hoc, DIY
We don't

How is your policy on protection of company data documented?

Confidentiality as part of terms of employment
Written policies or standard operating procedures
Both of the above
Neither of the above - we rely on people being sensible

Do you offer any training or guidance on avoiding identity and data theft?

Yes - company data only
Yes - company data and personal data
No

Approximately how large is your organisation (worldwide) in terms of employees?

Less than 10 employees
10 to 49 employees
50 to 249 employees
250 to 4,999 employees
5,000 to 24,999 employees
More than 25,000 employees
Unsure / N/A

HP ProLiant Gen8: Integrated lifecycle automation

More from The Register

next story
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
Microsoft unsheathes cheap Android-killer: Behold, the Lumia 530
Say it with us: I'm King of the Landfill-ill-ill-ill
All those new '5G standards'? Here's the science they rely on
Radio professor tells us how wireless will get faster in the real world
Apple orders huge MOUNTAIN of 80 MILLION 'Air' iPhone 6s
Bigger, harder trouser bulges foretold for fanbois
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
US freemium mobile network eyes up Europe
FreedomPop touts 'free' calls, texts and data
Oh girl, you jus' didn't: Level 3 slaps Verizon in Netflix throttle blowup
Just hook us up to more 10Gbps ports, backbone biz yells in tit-for-tat spat
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.