Meet the Bloggers Twitter BTSecureThinking YouTube Channel Blogroll About BT Looking for more?
BTSecureThinking Resources center

SecureThinking > SecureStrategies

Thursday, May 19, 2011

Assessing Mobile Security Risks: Part Two

By Jill Knesek, Chief Security Officer, BT Global Services

Last time we checked in on the topic of mobile security I wrote about how BT assess the risks associated with employees using personal devices and what steps we take to mitigate the threats.  This time, I want to explore how IT teams should respond when the inevitable security breach occurs.

Despite everyone’s best plans, policies, and efforts, we need to accept that security breaches are inevitable and that having plans in place to deal with this situation must be a top priority.

The most critical step in ensuring that security is preserved is to ensure that employees report the loss, theft, or breach of a personal device be reported promptly to minimize the potential exposure.  The employee needs to be able to tell the IT team what security capabilities were implemented on the device and what type of business data is stored locally on the device.  With this information the IT team can take the necessary steps to suspend accounts, change passwords, and/or wipe the device remotely.  These steps are necessary to ensure that access to the corporate network is blocked.

At BT, once these measures are taken, the Security Team goes into investigation mode to analyze the exposure and ensure that the correct mitigation steps are being implemented.

In determining the best use of resources our analysis at BT was that a separate technical support desk for personal devices didn’t currently make sense.  From our analysis, it was clear that education and training campaigns for employees was key so that they understand the risks associated with using a personal device, are able to maintain the security of the device, and able to participate in the risk mitigation process.

The reality is that personal mobile devices are here to stay. CIOs and CSOs need to search out the best way possible to reduce exposure while providing our employees with access to the tools and technologies that make them most effective and productive in their roles.

There is always a balance that needs to be struck between risk and innovation but as long as an in-depth analysis is done and an informed and fully-vetted  decision is made personal devices should not be treated any differently than other innovative and high tech solutions that are considered for business use.

 

 

  1. Assessing Risk in the Mobile World: Part One

Posted at 1:17 PM
Tags: , , , ,

Bookmark and Share

Leave a Reply