Social networking can cause problems in the workplace, but there are solutions

• Article 19 of 33
• SC Magazine, December 2009
• View the original article online

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | All 6 Pages

David Emm, senior technology consultant of Kaspersky Lab, says “the key issue is that smartphones are easy to mislay or be stolen. Transport for London finds 100,000 mobiles left on tubes and buses.” He advises authorising a specific range of models of phones and laptops. If an employee wants to use their device for work, they can do, provided it has a standard corporate build or set of apps. This build may include anti-virus and other security software, although cloud-based technologies may make that unnecessary. Encryption should be mandatory. “You should also be able to lock the data and decrypt remotely as well,” Emm says.

Organisations should also look into software and devices that support ‘smart policies', such as Fortinet's FortiClient, which enforces corporate security policies for working remotely. If a device isn't being used on corporate property, it should be governed by stricter security measures that are triggered automatically. When returning to the business, the devices should go into a ‘quarantined' area to be checked for malware.

There are alternatives. Depending on the device's sophistication, it may be possible to run a virtualised desktop on it. By running the desktop on a server that can be accessed remotely, no data ever leaves the company and ends up on the device and malware can't be passed onto the corporate network. With Citrix, for example, offering its Receiver app on iPhones, BlackBerry, Symbian smartphones, Macs, Linux and Windows PCs, laptops, netbooks, smartphones and thin clients, almost any device can be used with corporate systems with minimal security risks.

Keyloggers and over-the-shoulder monitoring (“shoulder surfing”) are the only real security issue. Anti-spyware should prevent keyloggers, while training should make employees monitor what's going on around – or behind – them.

Case study: BT's cautious welcome for Web 2.0
There are few people who can boast of having as many as six CSOs reporting to them, but Ray Stanton, global head of BT's business continuity, security and governance practice, is one. BT's IT infrastructure is among the largest outside the US Department of Defense.

Stanton says allowing employees to access Web 2.0 is important to BT. “Our perspective is that we are invested in the principle of innovation and that requires the enablement of our people.” Web 2.0 enables BT's employees to stay connected and negotiate their social life at the office while still working – which can help with the long hours.

Says Stanton: “We have instant messaging with Communicator, which gives us the ability to connect with external parties. But my wife works at IBM and I can contact her via IM.”

BT's research division saw the advent of Web 2.0 a number of years ago, Stanton says, so was able to plan what it needed to do. Part of the decision was to invest in cloud-based anti-virus as well as Bluecoat technology that allowed filtering of specific apps. “What we've done is layered up the technology. So you can't video, file transfer or do voice calls to other organisations” using IM, but are still able to use it for communication. Similar techniques are applied to Facebook, Twitter etc.

BT also ensures that mobile and home workers are able to use Web 2.0 technology securely. It has a policy-enforcement system called e-census on all BT property. Anyone wanting to use their own equipment is allowed to do so, provided they have a standard BT build installed on it.

To ensure everyone understands the security implications of using Web 2.0, there is an education programme. All staff have to complete an online test each year, on what to do, and what not to do. Employees are reminded not just of the effect on the company of security breaches, but also on themselves.

Page 1 | Page 2 | Page 3 | Page 4 | Page 5 | Page 6 | All 6 Pages