Feeds

If users are a security threat, how do you manage them?

Your problems answered by the experts

  • alert
  • submit to reddit

The Essential Guide to IT Transformation

Mobile Clinic In our final mobile clinic, The Register's resident experts return to provide their opinions on the questions you've raised.

Question 1: "Argggghhhh. [My biggest problem is] managing the users who keep losing their damned handsets packed full of sensitive email addresses, emails etc. We talk a lot about technology, but aren't the users often the weakest link? What tips do the experts have for dealing with this?"

David Tebbutt, Freeform Dynamics

The reader who raised the above question is absolutely right, once the proper technical measures are in place, security is absolutely a human issue.

But it's no good fighting it. You have to recognise that handhelds will be lost, stolen or broken and plan accordingly.

Let's say that everything on the handheld is encrypted, periodically (and securely) synchronised and corporate access blocked without either the correct credentials or following notification of loss by the user, then all should be well.

But, for it to be well, you need to be sure that the user hasn't taped the password inside the battery cover or disabled the password altogether in order to make life easy for themselves. Freeform Dynamics' research shows that security awareness among users is low to non-existent in 80 per cent of organisations.

How can you raise awareness? Through education. It's no good documenting security policies or usage guidelines without drawing the users' attention to them in a meaningful way. Like, "IT has done all it can to protect you, now it's down to you to protect yourself and the company". I'd be tempted to add an "or else", but that would probably be counterproductive. However, they do need to understand very clearly that a handheld device is potentially a doorway to the organisation's secrets.

They wouldn't leave the office front door open at night. Or, worse, leave the safe open. Why on earth should they make their handhelds an even more dangerous equivalent?

The danger for most IT folk lies in their "but this is obvious" thinking. It isn't. Not to the average user. They'll happily chirp away on the mobile - on a train, for example. We've heard people giving their credit card details on a crowded train. Or they are very likely to leave their Bluetooth in discover mode or their Wi-Fi open.

It wouldn't occur to them that they are exposing their company to an unacceptable risk. They think largely in terms of their own convenience and the value the device brings to them. They want the rights and benefits, but are unaware of the responsibilities that accompany them.

So, we say, get a training programme in place. Either guidelines for small workshops or something more formal on a grander scale. It would be wonderful if a company like Video Arts brought its talents to bear.

The films are usually enjoyable as well as slamming home important messages in a memorable way. The trick is not to weigh the user down with masses of information but simply to get the risk message into their heads and identify the basic measures they should take to protect the company and, in so doing, themselves.

A final and invaluable step is to give them somewhere to go for help and advice. Somewhere on the intranet perhaps, or even a small help file in the device itself. And have an emergency support number to catch them when all else fails.

Build a business case: developing custom apps

More from The Register

next story
Scotland's BIG question: Will independence cost me my broadband?
They can take our lives, but they'll never take our SPECTRUM
Bring back error correction, say Danish 'net boffins
We don't need no steenkin' TCP/IP retransmission and the congestion it causes
Auntie remains MYSTIFIED by that weekend BBC iPlayer and website outage
Still doing 'forensics' on the caching layer – Beeb digi wonk
NBN Co adds apartments to FTTP rollout
Commercial trial locations to go live in September
Samsung Z Tizen OS mobe is post-phoned – this time for good?
Russian launch for Sammy's non-droid knocked back
Telstra to KILL 2G network by end of 2016
GSM now stands for Grave-Seeking-Mobile network
Seeking LTE expert to insert small cells into BT customers' places
Is this the first step to a FON-a-like 4G network?
What FTC lawsuit? T-Mobile US touts 10GB, $100 family-of-4 plan
Folks 'could use that money for more important things' says CEO Legere
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.