Went to an interesting workshop this morning about securing mobile devices, and whether people bringing their own devices onto campus makes a difference. Led by Andrew Cormack from JISC we talked a lot about technologies, including mobile device management, automatic wipe of lost devices etc. But, I think we concluded it came down to two things. People, and risk. People are the most important factor, and an interesting fact was that in a recent survey by BT, 82% of people were not interested in the security of corporate data on their mobile device. And the figure increased, the higher up in management you were. The question is, how interested are people in the security of their own data. Most mobile devices now have a lot of personal information on. Access to bank details for example. I know I would be very concerned if I lost my laptop that I had lost my family tree data, not my work stuff which is all recoverable from somewhere else. The question is, can we get people interested in the security of their mobile devices by talking to them about their personal data.
The other thing we discussed on our table is risk. Everything is down to risk management and mitigation. We must assess the risk of information loss, and manage it appropriately. Too many organisations try to put measures in place to protect the most sensitive information and apply them to everything. And of course, this results in people finding a way round them. Forwarding all of your business email to your personal gmail account for example.
So in summary, know your risks, and use the security of personal information to educate users.
- Posted using BlogPress from my iPad