We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
Free pizza can help raise security awareness

Free pizza can help raise security awareness

End users need to be educated about the what and why of mobile security

Article comments

Free pizza can go a long way in helping to raise the awareness of security among employees, according to the chief information security officer (CISO) of Lehman Brothers Holdings.

Speaking on a panel at the Infosecurity Europe conference in London yesterday discussing the security of mobile devices in the workplace, Michael Everall, CISO at LAMCO LLC – Lehman Brothers Holdings, said that education, training and raising awareness of end users was key to addressing security issues around mobile devices.

It follows a recent survey from (ISC)2 which found that after application vulnerabilities, information security professionals are most concerned by the threats posed by mobile devices.

Everall said that enticing end users to security awareness training sessions with the offer of pizza was surprisingly successful.

“A little bit of stick and a little bit of pizza helps to get things across,” he said.

In addition, offering a freebie for employees who complete training programmes is also a good way to engage with end users, Everall said.

He added: “Make sure each individual is aware about what is happening and how it helps them. Articulate not just the how [you are implementing security] but also the why. We are trying to protect the individual, in some cases, from themselves.”

Gary Cheetham, CISO at insurance firm NFU Mutual, said that developing this culture of accountability with end users, and introducing some light-touch policies to start off with, will help organisations manage the risks associated with the growth of mobile devices used in the business.

“It [mobile devices in the business] is inevitable. We just have to manage the risk,” he said.

Everall agreed, saying that his business, having outsourced most of its IT, cannot do the same for risk.

“You can’t outsource your risk, and it comes down to the individual. You [the user] handle that risk.”

One of the main challenges to managing the risk is the speed of adoption of mobile devices in the business – especially when it is led by senior management. This leads to IT departments continually having to play catch-up.

“We are a predominantly BlackBerry estate, but our senior management want other devices and want them very quickly,” said Cheetham.

“We are up against a timescale where we cannot secure the devices to the timescale they want to use them.”

While Cheetham seems prepared to accommodate mobile devices, other than BlackBerry,, in contrast, John Lewis Partnership’s information security officer said he did not think many mobile devices were secure enough yet for his organisation.

Like NFU Mutual, John Lewis is also a heavy BlackBerry user.

“We are under pressure to go down the Apple route,” said Louis Gamon, information security officer at John Lewis.

“I don’t think currently the Android or any other mobile [platforms] are secure enough. People lose them on a regular basis. I don’t have any confidence in the Googles of this world.”

Now read Lehman administrators make history in solemn system shutdown

Share:

Comments

Advertisement
Send to a friend

Email this article to a friend or colleague:


PLEASE NOTE: Your name is used only to let the recipient know who sent the story, and in case of transmission error. Both your name and the recipient's name and address will not be used for any other purpose.


ComputerworldUK Knowledge Vault

ComputerworldUK
Share
x
Open
* *