Mobile control

It is alarming that many IT departments are still overlooking the huge security risk associated with staff creating their own mobile working solutions (‘Mobility through the front door', Information Age, January 2005). With mobile workforces on the increase, security aimed at remote workers must be stable and secure to ensure protection of business networks.

It is imperative that CIOs know exactly how many new handheld devices are being introduced to the company network and whether or not sensitive corporate data will be stored on them. Employees should also alert their IT department immediately so that any new assets can be checked for viruses, recorded and monitored, but in practice most do not. One way of securing and managing the growing number of business-critical mobile devices is to implement mobile management software that provides multi-layered on-device security to shield sensitive corporate information, which enforces strong password authentication and locks down lost or stolen devices.

Organisations underestimate the importance of securing mobile devices, oblivious to the potential security risks that these small devices can have on their IT environments. If businesses ignore the security implications of not securing handheld devices adequately within the enterprise, they risk exposing sensitive data to hackers.

Paul Butler
Principal services consultant Altiris

Spam police

Consumers have had enough of irrelevant promotions landing in their inbox.

In this multimedia age, too many companies are still shamelessly targeting people in a blanket fashion. Government intervention is urgently needed to prevent this from spiralling out of control. Unless action is taken, companies run the risk of losing vital customers.

A ‘marketing czar' should be appointed to front a government-backed Ofmark body which would properly audit direct marketing campaigns. If these steps are put in place, targeted campaigns will result in more efficient use of marketing budgets. Not only will this lead to more satisfied customers, but companies will be able to prove the return on investment and justify marketing spend to the board.

Colin Shearer
Vice president of marketing SPSS UK

High fibre diet

High-profile security breaches, such as the intruder in Channel 4's Big Brother enclosure and attempts to scale the walls surrounding Buckingham Palace, not only encouraged more businesses to consider potential threats, but have also highlighted the debate surrounding intrusion detection techniques, questioning how important building this level of security is.

Although these high-profile cases of intrusion are not commonplace in an every day business environment, the threat of someone tapping into a building's communication's lines is a serious and very realistic issue. Whereas an intruder trying to break into an establishment may be picked up on CCTV or by a security guard, someone tapping a phone line may be harder to detect and may go unnoticed.

Just because a cable is laid underground does not mean it is impervious to risk. For example, many businesses fail to recognise manhole covers as being a serious threat to building security and information integrity.

Businesses have measures in place to make emails and information secure once they have entered the building but surely these measures should be taken into account as information comes into and goes out of the building too?

Phillip Coombes
Managing director Fibre Technologies

Protective measures

As you acknowledged in your Effective IT 2005 report, UK businesses are impeding – not assisting – people in their work because of the lack of integration and coordination between IT systems, tools, policies and procedures.

Out of the thousands of organisations that provide Internet access and email in the workplace, many fail to implement proper controls and security to manage how employees use the systems. Many companies find information security (IS) a distraction and hope they can get away with avoiding having to do anything while concentrating on the day-to-day business. Then there are those companies that believe a quick technology fix is all they need to banish Internet threats forever. Both types are kidding themselves and by not taking the situation seriously they open themselves up to serious repercussions.

If companies are to avoid being subject to potential security vulnerabilities and instead provide resourceful and effective communication and information tools there are some simple steps to take.

All companies must have Acceptable Use Policies in place to govern how Internet and email resources are used, and it's advisable to implement technology to enforce these policies.

In addition to these measures, it is advised that ongoing user education to make staff aware of the specific security threats they are likely to face will be a significant boost to any company's security. Simply providing details on the risks that we face every day and how computer users can help avoid them would be a strong foundation for both policy and technology to be built upon. Furthermore, it gives an employer the opportunity to inform staff of new threats such as spyware, phishing attacks, evil-twin hot spots and so on.

Taking this three-pronged approach which integrates policy, education and technology is the only way that employees, networks and the business itself will be fully protected from threats to security and productivity. Internet and email are undoubtedly integral parts of business communication and efficiency but they will only be effective if employers realise their responsibility to manage use of the systems from the outset.

Steve Purdham
CEO SurfControl