Education is key to BYOD security: Experts
- 08 November, 2011 16:38
Educating employees on how to protect data on their smartphones and tablets is crucial to bring-your-own-device (BYOD) security, according to a panel of security experts.
At the Cisco BYOD panel discussion today, Cisco’s chief security officer, John Stewart, said that majority of staff try to safeguard their devices but are not equipped with the knowledge to secure them effectively.
“Most employees are trying to do the right thing, never forget this,” he said.
“They’ll make mistakes, but they’re not trying to deliberately hurt the company, they’re not trying to deliberately lose information, they’re not trying deliberately to lose a thumb drive.
“On the other hand, they are also very rarely fully knowledgeable on what it is you have to do to protect stuff.”
Telstra’s chief information security officer, Glenn Chisholm, agrees. He also placed the onus on organisations to provide staff with sufficient BYOD security information on how to protect data on their devices or risk a security breach.
“You need to enable your people to do the right thing,” he said. “If you can’t control your current fleet, BYOD won’t solve your problems.”
Chisholm added that an organisation’s IT department should be responsible for educating employees about BYOD security and “empowering” them by providing appropriate security tools to protect themselves.
“There is a misunderstanding about what an IT department does,” he said.
“The IT department is there to enable business. If the IT department can’t communicate to staff to understand business, then you haven’t structured the department correctly [and] you don’t have the right people in the department.
“This is empowering people to understand what they need to do to make themselves safe… But do you actually make the security tools available to these people so that they know they have the ability to secure their devices?”
However, Craig Valli, Edith Cowan University’s head of computer and security science, said that the IT department are the “worst people” to teach employees about BYOD security because they have one particular world view and fail to look at technology from a business perspective and how it is a “business enabler”.
In addition to education, Scott Cass-Dunbar, a director with KPMG’s IT advisory practice, said that having a flexible, simple and well-designed security policy is also important in helping people understand security implications and may deter employees from trying to bypass strict security rules.
Follow Diana Nguyen on Twitter: @diananguyen9
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Spiceworks' free management software gets integrated MDM
Maximising productivity without sacrificing security
Advances in mobility and client computing technology combined with the ubiquity of the Internet and social media are creating a culture and desire for constant connectivity and anywhere access to information. As these trends extend from the home into the work place, IT managers should consider seriously the opportunities for increased productivity and communication with customers and constituents, as well as understand the increased security risks posed by online, anytime access to private networks and data. Read more.
Accelerate Cloud and Composite Application Delivery
Are your requirements the need for faster release cycles, you have reduced budgets required to run and manage a complex test environment, and you want to decrease your third party expenses? HP Service Virtualisation, designed to enable your teams to create, develop and test against virtual services that simulate real service behaviour with no constraints, available anytime.
Russian Underground 101
This research paper intends to provide a brief summary of the cybercriminal underground and shed light on the basic types of hacker activity in Russia. It discusses fundamental concepts that Russian hackers follow and the information they share with their peers. It also examines prices charged for various types of services, along with how prevalent the given services are in advertisements. The primary features of each type of activity and examples of associated service offerings are discussed as well. Read this paper.