As business moves onto a global stage, business travel is increasing and the role of mobile devices has grown. However, this emerging trend brings with it a number of security concerns and finding a balanced approach is critical to a successful mobile security policy.
So said Nader Henein, from the security advisory of Research In Motion's BlackBerry Security Group, speaking at the ITWeb Security Summit, in Sandton, yesterday.
Henein urged delegates to consider the risks involved in business travel and the subsequent mobile workforce. “Does the risk change when I get off a plane in Afghanistan? How does this affect the safeguarding of individual and intellectual property, and what role does mobility play in this?”
Mobile security policies address theses concerns by implementing full disc encryption, duress countermeasures, application control, and proximity warnings, he noted. However, the human factor is a major challenge to mobile security policies.
Henein highlighted that different people have different practices and pointed to examples of social engineering attacks in which criminals use normal social occasions to steal mobile devices or install malicious software.
To this end, he argued it was important not to have too much security, which would stifle the user, but also not to have too little security, which would leave the user vulnerable. He said too little security can be the result of ignoring security questions as they come up and instead opting for the path of least resistance.
Henein advised delegates to strive towards achieving a critical balance in their mobile security policies. “Users will often willingly accept strict security measures provided that those measures are: as transparent as possible; do not cripple functionality; and enable them to be more productive,” he offered.
He warned delegates that if the device is locked down too tightly, then employees will just not use it. This will cause workers to pressurise the organisation into bringing in devices that cannot be secured or controlled.
“Leave it too open and you introduce potential risk,” Henein warned.
Share