Five Warning Signs Your Security Policy Is Lacking
Warning signs of a weak security policy from SunGard Availability Services
The fast-paced growth of mobility and its impact on corporate security is one of the key topics with which the business community is dealing. A study by Symantec finds something interesting and important: The actions of automated security tools-and, presumably, the things that folks are doing to trigger them-are different when they are in the office or on the road.
The vendor's MessageLabs Intelligence Report found that websites are blocked by the company's products 35 percent more often when people are outside the office. The study found that download blocks are five times more likely from mobile workers, and that shopping, search engine, personals and dating site prohibitions were more likely to be enforced. That means that people are trying to get to these sites more often. It is interesting that attempts to reach pornographic sites were more likely when the user was in the office than on the road.
The report implicitly points to the importance of effective mobile security policies. Indeed, policies affect a number of mobile security areas discussed by Brien Posey at TechRepublic. Posey, in a post this week outlining 10 things to consider about mobile device support, suggested that it is very important that employees are informed about policies.
The complexity of safely using mobile devices is evident in information, some of which was updated last week, from Northwestern University. This document offers a general orientation on how mobile devices should be handled. To some extent, it kicks the can down the road:
The rapid development and subsequent deployment of these devices precludes specific instructions so this document will provide general recommendations. It is your responsibility to consult the manual for your specific device in order to enable the specific features available on your device.
The document does link to a number of others. They seem to cover the gamut-they are on security policies, network policies, hardware policies, software polities, residential network policies and e-mail policies.
The twin keys are to establish a policy and to make sure it is understood, wrote Mark Lobel, a project leader with ISACA, an organization promotes good IT practices, and a principal at PricewaterhouseCoopers.
Creating a transparent, understandable and executable mobile security policy is the best way to protect intellectual property and sustain competitive advantage. Embrace, but educate. Don't wait for a major data breach- make sure your IT department has a governance model that will make your mobile device a workhorse-not a Trojan horse.
None of this is particularly new. But it is vitally important that organizations recognize the importance of creating mobile use policies and ensuring that employees know of their existence, as well as their content.