We all live through history. Seminal events, big changes in life, landmark breakthroughs and the like, however noteworthy, come to have a greater significance in the future, seen from afar, analysed, placed in a wider context. Like when the internet came – some of us remember hearing about it at school, a teacher remarking you could use it a lunchtime, but that was time for gossiping, kicking a football about. We didn’t know how important it was. It was just something new.
Needless to say, the internet has, in its relatively short history, come to transform life on earth radically. We look back at the day of dial-up and bland, static pages of content, and we see primitive beings working out how to exist within the confines of this new medium and it’s rather sweet, like children’s scribbles. And then one day, that scribble begins to take shape and an artist is born, shifting paintings worth millions of pounds. Back then it was just another picture, who would have known how important the work was? History allows us to assess it.
What will they say of BYOD (bring your own device) in five or ten years time? Was it a fad, a stroke of genius or an inevitable consequence of the mass proliferation of powerful portable and handheld devices, the stuff of which was unimaginable a decade ago? It’s hard to say, this history is for those writing in the future. To us, whether it’s someone working in an information security or risk management setting, BYOD is just something that happened, like flexible working. It wasn’t a black and white thing where one day it wasn’t there and bam, the next day it was… it evolved.
Whatever your sentiments, it is definitely part of the discourse. And so, we stick to the present with this blog. BYOD is very open, complex and multifarious nature, meaning it is predisposed to any number of security issues. Smartphones in particular, because of the sheer volume of data, traffic and work conducted on them, are increasingly becoming part of the regular apparatus at work, yet policies governing their use are lax.
According to Darrin Reynolds, vice president of information security at Agency Services in New York, one of the key things is to have a policy in place and for it to be communicated in as simple a manner as possible, or as he puts it, for it to be written in “crayon”.
In an interview with SearchSecurity.com, he explained the canons that govern his organisation when it comes to BYOD and mobile phones.
“The rules are you can use any device you want, but if it is going to support or receive corporate data then you have to play by our rules,” he elucidates. “Our rules are: you have to have a [personal identification number] PIN; it has to support a code lock; it has to have an auto lockout feature; it has to support encryption; and it has to support remote wipe. We kept it really simple to those four things.”
And that’s it, he says, no additional security measures. He may well be correct in surmising that those four methods of security – which are top notch by the way – are enough to keep fraudsters and cyber criminals at bay, but, if history tells us anything, it’s that nothing stays static for long. In technology, what is new, what is current is immediately yesterday’s news. More measures will have to be developed either proactively or reactively when the time comes. History repeats itself, albeit it differently.