For an informed view on connected entertainment in the UK & Ireland, visit Cue Entertainment
The
revolution in information technology has happened in a remarkably short space
of time, and a survey from Ernst & Young’s tax and advisory service
published this week reveals that many companies are simply not ready to address
the risks created by new technology.
The
seemingly unstoppable surge in smartphone sales has opened up a wide range of
options for corporate communication on the move. The prevalence of wireless
devices that not only phone home but also send and receive images, documents,
emails, voice and video messages from the slopes of Everest to the boardrooms
of big business has undermined the very concept of an “out of office” message.
Spy movies
in the 1960s such as “The Ipcress File” featured heroes like Michael Caine’s
Harry Palmer taking clandestine snaps of secret documents with a miniature
Minox camera. Since he worked outside the frame, presumably then he had to take
the film to the local chemist to have prints made.
Today, the
smallest of mobile phones can take high-resolution pictures and transmit them
anywhere instantly with no need for paper. Computer screens can be captured,
data copied and audio recorded with almost no fear of detection. Almost
everyone in the working population owns one of these powerful devices with
their onboard cameras and they are carried freely in and out of the most
confidential environments.
What was
an entertaining fantasy in 1965 has become a credible threat to corporate
security in 2010. The Ernst & Young report argues that, far from banning
these devices in the workplace, employers should invest much more time and
effort in communicating the need for personal responsibility to protect
sensitive business information.
For it’s
13th annual Global Information Security Survey, titled “Borderless security”,
Ernst & Young approached senior executives in almost 1,600 organisations in
56 countries around the world in order to gather their views on the threats and
challenges that businesses face. The participants are from diverse industry
sectors, including retail and wholesale, technology, manufacturing,
telecommunications and financial.
The survey
reflects executives’ understanding that their businesses operate in a rapidly
changing environment, one in which traditional boundaries disappear with the
impact of greater workforce mobility and the increased use of social media and
other collaboration tools. It also shows that when it comes to dealing with
personal devices in the workplace, 52% of respondents perceived a growing risk
of data leakage.
Less than
one third of business leaders polled said they have an IT management programme
in place to address the risks related to new technologies. Despite this lack of
action, more than half report that increased workforce mobility represents a
challenge to the delivery of security initiatives. For 64% of respondents, the
disclosure of sensitive data is one of their top five IT risk areas.
Faced with
challenges associated with mobile computing, 50% of the Chief Information
Officers, Chief Technology Officers, Chief Operating Officers and other senior
management who participated plan to increase spending on the prevention of data
leakage or loss over the next 12 months. In a period of financial constraint,
this expenditure is 7% up on last year, an indication that many organisations
recognise the increased risks and the need to address them.
Almost
two-thirds of respondents place the low level of employee security awareness at
the top of a list of 10 challenges identified by Ernst & Young, above the
availability of skilled resources and an adequate budget. The report recommends
effective and regular security awareness training for the mobile workforce as a
critical factor in successfully keeping pace with the changing environment.
“It is
important that businesses understand and accept the risk created by the use of
new technologies, and this includes technologies personally adopted by their
employees that may also be used for business purposes,” the report says.
From the
Ernst & Young perspective, information security policies should be reviewed
to establish acceptable use and to define any specific restrictions related to
mobile computing devices. It’s not only the use of mobile phones that threatens
security as 60% of respondents acknowledge there is an increased risk level
from use of social networking, cloud computing and personal devices in the
workplace.
“The new
generation of workers has never known a world without the internet, without
social media and without sophisticated personal technology to access
information 24 hours a day. They will spend countless time texting, chatting
and browsing Facebook, LinkedIn, blogs, wikis and other social networking and
social media websites,” the report says.
With this
generation comes a new set of expectations regarding technology and the ability
to connect to networks and communities both inside and outside the business
environment: “Attracting and retaining the best and brightest means providing
the social networking and collaboration tools that these people have come to
expect. Many organizations are implementing infrastructure and applications
that support social media usage inside the enterprise. Such social tools
provide the new generation of employees with increased opportunities for
professional collaboration and personal interaction but within the protected
and secure environment of the business intranet.”
So it’s
Facebook at every workstation from now on – or is it? The survey respondents
place social networking in ninth place on a list of 10 significant challenges,
just above business uncertainty.
“The fact
that only 10% of respondents indicated the examination of new and emerging IT
trends as a critically important function is further evidence that few
organizations have assessed the impact of social networking,” the report says,
“As the use of social networking … continues to increase and become part of the
standard work environment, the behaviours related to sharing personal
information are often being transferred to sensitive business information,
where they are not appropriate.”
The report
continues: “If no action is taken, this will likely lead to an increase in the
disclosure of business information or protected privacy-related data, either
intentionally or accidentally through the use of social media.” It recommends
that an effective process be put in place to evaluate the risks associated with
new and emerging IT trends. Without that, it could be increasingly difficult to
comply with regulations, protect reputation and brand and also protect personal
information.
The
temptation to avoid the problem by simply banning access to social networks
during working hours just won’t work, as the report explains: “It is doubtful
that such an approach can be successful, since it does not prevent the sharing
of sensitive information from personal devices or home computers. It could also
drive additional unwanted behaviours such as connecting personal laptops to the
business network. People not only share information and collaborate around the
world at astonishing speed and efficiency, they demand it.”
Even so,
45% of respondents indicate that they restrict or prohibit the use of instant
messaging or email for sensitive data. The survey concludes: “To create a
secure and successful business environment, organizations must involve their
people. A technology savvy workforce will find a way around controls, unless
they fully understand the danger of the risks involved. By informing every
member of the organization on the risks and issues related to social media,
information security becomes an expanded function that all employees are fully
aware of and have a responsibility to perform.”
They
should also continue to keep an eye out for the man with the Minox. The company
that supplied cold-war spies with the tools of their trade in the 1960s is
still very much alive with plans to ship a remarkable miniature four-lens 3D
digital camera in summer 2011.
Harry Palmer would no doubt have approved.
No comments:
Post a Comment