This morning I joined Empire Avenue and got the ticker symbol TREF – v important I’m sure you agree. I did it because people I interact with on Twitter have done so and being a sheep I followed. I hooked my Empire Avenue account up with Linked In, Facebook, Twitter and YouTube and then bought 100 shares in eBay.
Whether this was a sensible thing to do I know not – the account hook-ups not the eBay purchase which I don’t care about either way. I am really trusting the application.
After a bit of a browse I decided not to waste any more time and left. TREF was secured. At this point the responsiveness my wireless keyboard and mouse began to slow down significantly and I was hit with anti virus messages on my screen. Uhoh.
To cut a long story short thanks to Michael our IT guy I eventually got rid of the screen and am running full system scans using AVG and malwarebytes.
The last time I picked up a virus it wiped me out for a week and we had to rebuild my machine. That was the week I really road tested the iPad and found it deficient. So this time you can imagine what was going on in my mind. I can’t afford to be without a PC for any length of time.
I write all this because I am also currently thinking about device security in general and in particular the security of the corporate network when exposed to consumer gadgets in the workplace.
I don’t know whether the little incident described above was something to do with Empire Avenue. It is almost certainly nothing to do with the platform itself – more likely, if at all, another user behaving in an unfriendly manner or already compromised themselves.
The point is that I was doing this on a device attached to my work network. It happened to be my work laptop but it could have been a personal tablet or smartphone that I had brought into the workplace. It would be easy to just tighten up web access security and ban the use of non work devices.
However, issues arise:
Firstly we are rapidly approaching the day when employees will be bringing their own preferred laptop/tablet/smartphone in to the workplace. How many people actually get a company car nowadays? You get an allowance and go out and buy your own (assuming you are lucky enough to have a job that provides such a reward).
If you provide your own phone for work use how does your IT manager manage the fact that you might well want to use it to access Facebook and Twitter as well as, for example, your company emails? It is easy enough to set time of day policies for internet access but that doesn’t solve the security risk.
Can you partition your phone to have separate controls for work and play? Vendors touting “dual persona” controls are really just tarting up the ability to have different profiles. Nothing new here. The idea of trying to provide totally separate partitions on a device – one for work and one for play are not practical. You would have to completely separate the applications as well as draw a line down the middle of the phone memory.
There is only one sensible answer. If staff are going to use their own computing devices in the work place this has to be in total collaboration with the employer. In my mind this means that if say the employer uses a device management and security system then it should be ok for this system to be extended to the personal device. This might mean using an employers Anti Virus solution, firewall, data encryption policy, password policy, remote kill solution, VPN solution etc etc.
This has to be in the interest of the individual. Why would I not want my device protected?
The biggest issue is going to be in relation to web access policy.
Tightening up web access security means restricting access to more and more sites that might be considered security risks. These almost certainly include social networking sites such as Facebook and Twitter. After all, many people have been suckered by “have you seen this” scams on such platforms. Thus far these scams have been harmless enough but it is only a matter of time before this changes – click on that link at your peril.
Blocking such sites might sound like a no brainer for the security conscious IT manager but where do you draw the line? Dropbox? Flickr? Blogs? Trefor.net? Your average consumer is not going to be happy if any of these sites are blocked on his personal phone.
Also over blocking stifles innovation. Experimentation with new online technologies can lead to big steps forward for a business. Look at Twitter – now a common tool for business but still a social networking platform!
The only practical answer for personal devices in the work place is for users to be given company security tools but without the web filtering. In other words we are going to have to trust employees.
If staff are educated to look out for threats then most of the time they can take their own common sense steps to avoid them. The company device management tools are then only required when a problem actually does occur.
We are all having to change our attitudes towards trust in this internet age. I don’t have all the right answers but I do know that a lot of it is down to education, vigilance and preparedness.
Btw the TREF stock price on Empire Avenue is currently 18.95 – it’s a strong BUY if you fancy a punt. Also I have already made 2,233.64 on my eBay virtual shares.
PS click on the header to see an extremely bewildered staff member wondering how to secure all her devices.