Feeds

Corporate culture and mobile email

Mobile Security Poll

  • alert
  • submit to reddit

High performance access to file storage

Mobile Workshop The majority of people would appear to be prepared to trust a well dressed stranger. Research has shown that if you stand outside a railway station in a suit you are more likely to be loaned some cash for a ticket than if you're wearing something less sartorial, a hoody for example.

But how do you establish trust when you can't use your senses, and you are considering someone based solely on their presence? eBay is possibly the biggest social experiment in this regard: there are sanctions for bad behaviour, but the system relies heavily on the naming and shaming potential of a bad rating.

If you spoke to people they would probably agree that they don't want to get ripped off, but would say that they are prepared to tolerate some degree of risk in this regard for the return they get from a working social system. eBay is easy to use, Blogs and social sites like MySpace are a method of self-expression, and it seems that many of us desire to put ourselves out there in the new Internet age. Some people are naïve: giving out your credit card details on a train is pretty daft, but many people do it.

It's clear from the feedback from our articles on mobile email that this culture is at odds with the discipline that is required for rigorous protection of corporate information; and if you overlay poor corporate culture on top of this you are creating an environment that is almost guaranteed to compromise sensitive information and run foul of compliance legislation.

In the mini-survey we asked questions about attitudes to mobile email, and over 60 per cent of you said that it creates a business advantage, with a further 20 per cent unsure, but presumably prepared to be convinced. Mobile is also being used for more than just voice, reflecting its adoption for remote access to corporate applications. Despite being a late entry to the push email market, Microsoft matched RIM as a strategic mobile email platform. This goes to further emphasise the point we made in previous articles that mobile email is here to stay, and that RIM and Microsoft are in the driving seat.

Although we write about IT, many of the people responding quite rightly concentrate on the softer issues of corporate culture and staff behaviour. The regular tests around the Infosec show reveal how easy it is to socially engineer sensitive information out of people. In San Francisco, jaded bank workers were happy to give out login credentials when offered a free Latte.

Effective management of personal storage devices is therefore a mixture of physical and electronic security. IT can put in place mechanisms that encrypt data, manage configuration and policies from the centre, and facilitate the replacement of lost devices. Service providers can offer these capabilities as part of a product package to smaller businesses that don't have the resources to do it themselves. Many of these features exist now on the BlackBerry, and are no doubt coming from Microsoft and the developer community on the Windows Mobile platform.

Creating an effective security culture is another matter altogether. In the Infosec example, people are usually genuinely surprised when it is pointed out to them how they have parted with sufficient information for identity theft, so there's clearly a willingness to listen. Information security represents a unique opportunity for IT and HR to work together on fun, but valuable, user education on the ways that sensitive information is gathered both from businesses and consumers. Entertaining and informative courses could therefore be offered that provide value to the business and the employee, and these can be linked in to training on the new mobile email toys that are being handed out.

We'd like to ask you therefore about your company's policy for technical and social education on mobile device security.®

This survey is now closed.

How would you rate your employees' attitude towards mobile data security?

Good - employees want to do the right thing to protect data
Average/variable - some will try, but the level of cooperation is inconsistent
Poor - most employees really don't care
No single platform (mixed strategy)
Undecided - the jury is still out
No firm plans to adopt anything

Do you have a standard mobile email device that is issued by IT?

Yes
No

How do you train people to use their mobile email?

Classroom training
One on one training
Written policies and guidelines
Ad hoc, DIY
We don't

How is your policy on protection of company data documented?

Confidentiality as part of terms of employment
Written policies or standard operating procedures
Both of the above
Neither of the above - we rely on people being sensible

Do you offer any training or guidance on avoiding identity and data theft?

Yes - company data only
Yes - company data and personal data
No

Approximately how large is your organisation (worldwide) in terms of employees?

Less than 10 employees
10 to 49 employees
50 to 249 employees
250 to 4,999 employees
5,000 to 24,999 employees
More than 25,000 employees
Unsure / N/A

SANS - Survey on application security programs

More from The Register

next story
A black box for your SUITCASE: Now your lost luggage can phone home – quite literally
Breakfast in London, lunch in NYC, and your clothes in Peru
Broadband Secretary of SHEEP sensationally quits Cabinet
Maria Miller finally resigns over expenses row
AT&T threatens to pull out of FCC wireless auctions over purchase limits
Company wants ability to buy more spectrum space in auction
EE dismisses DATA-BURNING glitch with Orange Mail app
Bug quietly slurps PAYG credit - yet EE denies it exists
Like Google, Comcast might roll its own mobile voice network
Says anything's possible if regulators approve merger with Time Warner
Turnbull leaves Australia's broadband blackspots in the dark
New Statement of Expectations to NBN Co offers get-out clauses for blackspot builds
Facebook claims 100 MEEELLION active users in India
Who needs China when you've got the next billion in your sights?
Facebook splats in-app chat, whacks brats into crack yakety-yak app
Jibber-jabbering addicts turfed out just as Zuck warned
prev story

Whitepapers

Designing a defence for mobile apps
In this whitepaper learn the various considerations for defending mobile applications; from the mobile application architecture itself to the myriad testing technologies needed to properly assess mobile applications risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.