Education is key to BYOD security: Experts
- 08 November, 2011 16:38
Educating employees on how to protect data on their smartphones and tablets is crucial to bring-your-own-device (BYOD) security, according to a panel of security experts.
At the Cisco BYOD panel discussion today, Cisco’s chief security officer, John Stewart, said that majority of staff try to safeguard their devices but are not equipped with the knowledge to secure them effectively.
“Most employees are trying to do the right thing, never forget this,” he said.
“They’ll make mistakes, but they’re not trying to deliberately hurt the company, they’re not trying to deliberately lose information, they’re not trying deliberately to lose a thumb drive.
“On the other hand, they are also very rarely fully knowledgeable on what it is you have to do to protect stuff.”
Telstra’s chief information security officer, Glenn Chisholm, agrees. He also placed the onus on organisations to provide staff with sufficient BYOD security information on how to protect data on their devices or risk a security breach.
“You need to enable your people to do the right thing,” he said. “If you can’t control your current fleet, BYOD won’t solve your problems.”
Chisholm added that an organisation’s IT department should be responsible for educating employees about BYOD security and “empowering” them by providing appropriate security tools to protect themselves.
“There is a misunderstanding about what an IT department does,” he said.
“The IT department is there to enable business. If the IT department can’t communicate to staff to understand business, then you haven’t structured the department correctly [and] you don’t have the right people in the department.
“This is empowering people to understand what they need to do to make themselves safe… But do you actually make the security tools available to these people so that they know they have the ability to secure their devices?”
However, Craig Valli, Edith Cowan University’s head of computer and security science, said that the IT department are the “worst people” to teach employees about BYOD security because they have one particular world view and fail to look at technology from a business perspective and how it is a “business enabler”.
In addition to education, Scott Cass-Dunbar, a director with KPMG’s IT advisory practice, said that having a flexible, simple and well-designed security policy is also important in helping people understand security implications and may deter employees from trying to bypass strict security rules.
Follow Diana Nguyen on Twitter: @diananguyen9
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Cloud debate now about speed and sophistication
Yahoo Mail still down for some users, after an attempted fix
Queensland government to provide 200 services online by 2015
CIOs need to get their house in order, CFO panel says
Is Data Complexity Blinding Your IT Decision-Making?
APAC Digital Performance
With some of the highest levels of social media penetration, mobile device ownership, and Internet connectivity in the world, Asian markets are ripe for more innovative and adept interactive engagement. In this study, we look at how marketers in the region express high hopes for digital, but hare held back with limited budgets and a region-wide lack of talent and training. Click for more
‘A Little Extra Service’ Raises Customer Satisfaction and Lowers Costs
Companies are responding to the digital generation’s preference for online support, with new channels like Live Chat and Email Management. These mobile-friendly solutions give customers the right answers at the right time, when self-service just isn’t enough, and phone calls are undesirable. Read about these new touch points and the importance of a personalized web self-service.
Virtualisation and Cloud Computing: Optimised Power, Cooling and Management Maximises Benefits
IT virtualisation, the engine behind cloud computing, can have significant consequences on the data centre physical infrastructure. The particular effects of virtualisation are discussed and possible solutions or methods for dealing with them are offered. Download to learn more.