A story at VARBusiness, which reports on a survey from Cisco and InsightExpress, offers many facts and figures on how well remote workers guard security. Indeed, the second page of the story simply is a recap of all the questions asked and responses received.
Respondents' answers are broken down according to country. The survey can't be seen as anything more than anecdotal, since its base of participants (about 1,000) is narrow compared to the geographic area it seeks to cover (10 countries). It's also unlikely that the respondents are equally distributed among the nations represented, which would further skew the results.
Regardless, the survey is valuable. The most striking element is the great differences in behavior between nations in some of the responses. For instance, 57 percent of respondents in China use their work PCs for non-business reasons, while only 12 percent of Japanese respondents do so. In some cases, regional realities probably influence PC behavior. For instance, it may be that respondents in China commonly use their PCs for non work-related tasks simply because they are less likely to have their own machines. (It's fair to point out, however, that laptop sales are growing in China.)
Beyond the national differences, however, the unstated message of the survey is that remote and in-office computing is far different. Furthermore, the freedom that comes with being out of the office clearly leaves machines open to more flexible -- and in some cases, dangerous -- use.
IT departments must recognize the importance of non-technical elements of a mobile device security program. No amount of security hardware and software can do more than increase the odds that a machine is being used in a prescribed way. For instance, two-factor security using a password and biometric identification can ensure that the legitimate user of a machine logs on. It can't, however, stop that user from handing the machine to his cousin a moment later.
The key, then, is to recognize that the machines are used by humans. It is vital to have well publicized and reasonable security policies. Creating and implementing these policies is a multistep process that must be well researched and carefully executed.
IT departments should clearly explain to remote and mobile workers why such security steps have been taken. The good news is that people for the most part are reasonable. Most will cooperate if they are dealt with as equals and understand why the security rules are necessary.