Secure Mobile Working

Beyond the technology

First published: February 2007

by Dale Vile

For as long as businesses have been considering mobile working, the concern topping everyone’s list has been security. In the early days, the questions and uncertainties related to the technology, but as experience has been gained and solutions have matured, realisation is dawning that the greatest risks are associated not with the technology per se, but with how it is deployed and used.

KEY FINDINGS

Only 1 in 5 say users have a consistently good attitude towards mobile security
A recent series of online workshops and surveys gathering input from both IT and business professionals revealed that the attitude of mobile users to security is either poor or variable in 80% of organisations.

But poor attitudes to security cannot be blamed on the users themselves
Ignorance and lack of risk awareness are the root causes of user related security issues. With the right kind of instruction delivered in the right kind of manner, users can be encouraged to develop a responsible attitude. Those delivering mobility related training in a classroom based environment, for example, are 4 times more likely to have created a consistently good attitude towards mobile security among their users.

When instructing users, it is necessary to brief them on all of the risks
While the trigger for providing security related advice and guidance is often the issuing of a new device to a user, the risks associated with mobile working go beyond single applications and pieces of equipment. Potential exposures can arise from behaviour that users may not always think of as risky. Frequently overlooked or ill-considered risks include the eavesdropping of mobile phone conversations in public places, the inadvertent display of confidential information on notebook screens to fellow travellers, and the invitation to snoopers and highjackers made when devices are improperly configured or WiFi networking is used in an inappropriate manner.

Simple approaches are more effective, so solving the problem is far from onerous
Of course it is possible to build extensive libraries of policies and procedures and devise in-depth training courses on the dangers of mobile working and how to deal with them. In most cases, however, this is not just unnecessary, but counter productive. The golden rule is that the fewer things you ask users to remember, the more chance there will be of them actually remembering and practising them. Relatively simple instructions, tips and guidelines are therefore far more effective.

CONCLUSION

Mobile security cannot be achieved through technology measures alone as user behaviour has a significant impact on the level of exposure. The danger is that security savvy IT staff often fail to appreciate that the risks and how to deal with them are not always obvious to the average user. The reality is that secure mobile working is dependent on users receiving the right kind of instruction.


Download full report

This report is free of charge. Click above to download the PDF or view the interactive e-document.

If you experience any problems during this process please contact us at;
info@freeformdynamics.com or call +44 (0)1425 626501 / 620008


Featured Content

Freeform Announcements

Webcast with Tony Lock  
Manage security in real time  
SIEMs like a good idea  
29th September. 1pm BST  
More details and sign up here

Analyst Blog