Education is key to BYOD security: Experts
- 08 November, 2011 16:38
Educating employees on how to protect data on their smartphones and tablets is crucial to bring-your-own-device (BYOD) security, according to a panel of security experts.
At the Cisco BYOD panel discussion today, Cisco’s chief security officer, John Stewart, said that majority of staff try to safeguard their devices but are not equipped with the knowledge to secure them effectively.
“Most employees are trying to do the right thing, never forget this,” he said.
“They’ll make mistakes, but they’re not trying to deliberately hurt the company, they’re not trying to deliberately lose information, they’re not trying deliberately to lose a thumb drive.
“On the other hand, they are also very rarely fully knowledgeable on what it is you have to do to protect stuff.”
Telstra’s chief information security officer, Glenn Chisholm, agrees. He also placed the onus on organisations to provide staff with sufficient BYOD security information on how to protect data on their devices or risk a security breach.
“You need to enable your people to do the right thing,” he said. “If you can’t control your current fleet, BYOD won’t solve your problems.”
Chisholm added that an organisation’s IT department should be responsible for educating employees about BYOD security and “empowering” them by providing appropriate security tools to protect themselves.
“There is a misunderstanding about what an IT department does,” he said.
“The IT department is there to enable business. If the IT department can’t communicate to staff to understand business, then you haven’t structured the department correctly [and] you don’t have the right people in the department.
“This is empowering people to understand what they need to do to make themselves safe… But do you actually make the security tools available to these people so that they know they have the ability to secure their devices?”
However, Craig Valli, Edith Cowan University’s head of computer and security science, said that the IT department are the “worst people” to teach employees about BYOD security because they have one particular world view and fail to look at technology from a business perspective and how it is a “business enabler”.
In addition to education, Scott Cass-Dunbar, a director with KPMG’s IT advisory practice, said that having a flexible, simple and well-designed security policy is also important in helping people understand security implications and may deter employees from trying to bypass strict security rules.
Follow Diana Nguyen on Twitter: @diananguyen9
Follow Computerworld Australia on Twitter: @ComputerworldAU
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
- OAIC releases privacy impact assessment guide for consultation
- Some Australian businesses 'unlikely' to be ready for Privacy Act changes: survey
- BYOA 'shadow IT' grows in the enterprise: Telsyte
- Cost of a Privacy Act breach could extend to ongoing audits: legal expert
- How Hunter Water is saving $50k a year in software licences
Trust issue looms large for tech companies capitalizing on personal data
5 women who've made it in IT
Five trends affecting legal CIOs
CIO Roundtable: The changing face of security
Bitcoin malware count soars as cryptocurrency value climbs
Case Study: Columbia Sportswear
With the agility and intelligence provided by their management tools, Columbia sportswear is transforming IT to be much more service oriented in fulfilling business requests and delivering resources as needed. It’s allowing IT to “never say no” with an infrastructure that can handle nearly any project that comes through the door.
Performance in Supply Chain
Delivering more products, heightened quality and shortened customers with flawless execution and minimal business interruption defines your supply chain success. This report discusses a newly developed end-to-end solution with the right tools to efficiently procure, assemble, ship and deliver the goods your customers want, when they want them.
Pathways Leadership Development Program Overview 2014