Mobile Users to IT: Security is Your Job Not Mine
What are CSOs to do when their company's own employees are in the running for the "Enemy Number 1" title? We know that social engineering attacks are some of the most difficult to counter because it depends on changing behavior. A report by InsightExpress, reported in Report: Mobile Users Often Lax About Security, shows that too many mobile device users have a cavalier attitude about security and that is costing companies.
Their research found that 73 percent of mobile users admitted they are not always cognizant of security threats and best practices. More than 25 percent also conceded they either hardly ever or never consider security risks and proper behavior, offering reasons such as "I'm busy and need to get work done" and "It's IT's job, not mine" as justifications.
Yesterday I posted a podcast on data loss prevention (DLP) that argued we need host based as well as network based DLP because mobile devices not connected to the network would be at risk otherwise. Here is a case in point.
The eWeek article goes on to quote Craig Mathias, a principal at the Farpoint Group in Ashland, Mass. who notes:
"I think it's a matter of education, to be sure, but also providing negative reinforcement when an employee obviously skirts enterprise policies and procedures," he said. "We also need to make security easier.
For sure, security measures need to be easier but lax attitudes about security is a more serious problem. Assuming that we can pass the buck and make security someone else problem will only perpetuate, not address, risks.
Email This!
Digg it!
Sphere it!
Del.icio.us
Reddit!
Newsvine
