Sunday, December 30, 2012

Not just for Spies

November 06, 2010
For an informed view on connected entertainment in the UK & Ireland, visit Cue Entertainment 


The revolution in information technology has happened in a remarkably short space of time, and a survey from Ernst & Young’s tax and advisory service published this week reveals that many companies are simply not ready to address the risks created by new technology.

The seemingly unstoppable surge in smartphone sales has opened up a wide range of options for corporate communication on the move. The prevalence of wireless devices that not only phone home but also send and receive images, documents, emails, voice and video messages from the slopes of Everest to the boardrooms of big business has undermined the very concept of an “out of office” message.

Spy movies in the 1960s such as “The Ipcress File” featured heroes like Michael Caine’s Harry Palmer taking clandestine snaps of secret documents with a miniature Minox camera. Since he worked outside the frame, presumably then he had to take the film to the local chemist to have prints made.

Today, the smallest of mobile phones can take high-resolution pictures and transmit them anywhere instantly with no need for paper. Computer screens can be captured, data copied and audio recorded with almost no fear of detection. Almost everyone in the working population owns one of these powerful devices with their onboard cameras and they are carried freely in and out of the most confidential environments.

What was an entertaining fantasy in 1965 has become a credible threat to corporate security in 2010. The Ernst & Young report argues that, far from banning these devices in the workplace, employers should invest much more time and effort in communicating the need for personal responsibility to protect sensitive business information.

For it’s 13th annual Global Information Security Survey, titled “Borderless security”, Ernst & Young approached senior executives in almost 1,600 organisations in 56 countries around the world in order to gather their views on the threats and challenges that businesses face. The participants are from diverse industry sectors, including retail and wholesale, technology, manufacturing, telecommunications and financial.

The survey reflects executives’ understanding that their businesses operate in a rapidly changing environment, one in which traditional boundaries disappear with the impact of greater workforce mobility and the increased use of social media and other collaboration tools. It also shows that when it comes to dealing with personal devices in the workplace, 52% of respondents perceived a growing risk of data leakage.

Less than one third of business leaders polled said they have an IT management programme in place to address the risks related to new technologies. Despite this lack of action, more than half report that increased workforce mobility represents a challenge to the delivery of security initiatives. For 64% of respondents, the disclosure of sensitive data is one of their top five IT risk areas.

Faced with challenges associated with mobile computing, 50% of the Chief Information Officers, Chief Technology Officers, Chief Operating Officers and other senior management who participated plan to increase spending on the prevention of data leakage or loss over the next 12 months. In a period of financial constraint, this expenditure is 7% up on last year, an indication that many organisations recognise the increased risks and the need to address them.

Almost two-thirds of respondents place the low level of employee security awareness at the top of a list of 10 challenges identified by Ernst & Young, above the availability of skilled resources and an adequate budget. The report recommends effective and regular security awareness training for the mobile workforce as a critical factor in successfully keeping pace with the changing environment.

“It is important that businesses understand and accept the risk created by the use of new technologies, and this includes technologies personally adopted by their employees that may also be used for business purposes,” the report says.

From the Ernst & Young perspective, information security policies should be reviewed to establish acceptable use and to define any specific restrictions related to mobile computing devices. It’s not only the use of mobile phones that threatens security as 60% of respondents acknowledge there is an increased risk level from use of social networking, cloud computing and personal devices in the workplace.

“The new generation of workers has never known a world without the internet, without social media and without sophisticated personal technology to access information 24 hours a day. They will spend countless time texting, chatting and browsing Facebook, LinkedIn, blogs, wikis and other social networking and social media websites,” the report says.

With this generation comes a new set of expectations regarding technology and the ability to connect to networks and communities both inside and outside the business environment: “Attracting and retaining the best and brightest means providing the social networking and collaboration tools that these people have come to expect. Many organizations are implementing infrastructure and applications that support social media usage inside the enterprise. Such social tools provide the new generation of employees with increased opportunities for professional collaboration and personal interaction but within the protected and secure environment of the business intranet.”

So it’s Facebook at every workstation from now on – or is it? The survey respondents place social networking in ninth place on a list of 10 significant challenges, just above business uncertainty.

“The fact that only 10% of respondents indicated the examination of new and emerging IT trends as a critically important function is further evidence that few organizations have assessed the impact of social networking,” the report says, “As the use of social networking … continues to increase and become part of the standard work environment, the behaviours related to sharing personal information are often being transferred to sensitive business information, where they are not appropriate.”

The report continues: “If no action is taken, this will likely lead to an increase in the disclosure of business information or protected privacy-related data, either intentionally or accidentally through the use of social media.” It recommends that an effective process be put in place to evaluate the risks associated with new and emerging IT trends. Without that, it could be increasingly difficult to comply with regulations, protect reputation and brand and also protect personal information.

The temptation to avoid the problem by simply banning access to social networks during working hours just won’t work, as the report explains: “It is doubtful that such an approach can be successful, since it does not prevent the sharing of sensitive information from personal devices or home computers. It could also drive additional unwanted behaviours such as connecting personal laptops to the business network. People not only share information and collaborate around the world at astonishing speed and efficiency, they demand it.”

Even so, 45% of respondents indicate that they restrict or prohibit the use of instant messaging or email for sensitive data. The survey concludes: “To create a secure and successful business environment, organizations must involve their people. A technology savvy workforce will find a way around controls, unless they fully understand the danger of the risks involved. By informing every member of the organization on the risks and issues related to social media, information security becomes an expanded function that all employees are fully aware of and have a responsibility to perform.”

They should also continue to keep an eye out for the man with the Minox. The company that supplied cold-war spies with the tools of their trade in the 1960s is still very much alive with plans to ship a remarkable miniature four-lens 3D digital camera in summer 2011. 

Harry Palmer would no doubt have approved.

No comments: