Mobile workers have been in our midst for years. In the past, working from home involved a personal computer that was located in one room with a modem or ISDN connection at best. The changes to the model are incredible. Mobile workers now work in an office without walls. Mobile workers can be around the world, relaxing on a beach, submitting work from a coffee shop, accessing organizational infrastructure from the ski slopes or downloading sensitive documents from 38,000 feet in the sky. The opportunities for mistakes that lead to data loss have grown exponentially.
The office without walls, coupled with the vast consumerization of devices that can now access the organizational infrastructure without actually being issued by the company, has become a troublesome recipe for carelessness and data exposure. Tablets and smartphones were not designed with security in mind, but rather to please the user. Its now more important than ever that companies help ensure their mobile workforce is as secure as possible, no matter what device they choose.
The key to the implementation of any security and privacy program rests with education. Companies must educate their mobile workers on the security controls required for all devices. Training programs that help show them how to maintain the privacy of their information and that of the organization need to be setup and regularly updated. Additionally, employees need to be periodically reminded of the controls, threats and vulnerabilities of their devices and the potential risks all mobile workers face while working remotely. If employees are properly educated, the need for additional and more costly security may potentially be avoided.
Tailor the Message
As a rule of thumb, training and awareness messages that are targeted to a specific audience’s needs will be easier to implement and more effective. However, wider and more general events reach more people with a “big picture” awareness message, and can set the stage for later, more targeted security and privacy education.
Methodologies for enhancing communications include the following:
Efforts to educate employees have a great impact on the image of the careless mobile worker. The more companies provide timely, relevant and useful information, the more employees understand and adhere to organizational security and privacy policies. Programming employees is a method of education, training and awareness repetition. It conditions them to standard methods of mobile device protections that become commonplace.
Highlight Available Physical Controls
Protections of a technical nature, such as virtual private networks, data encryption, access methods, software updates, and automatic data wiping, can be centrally distributed and managed to help mitigate mobile worker risks. However, in order for these physical controls to work, employees must also be educated on their use and common best practices for using mobile devices.
The following are examples of standards, guidelines and procedures for employees that effectively keep the costs of mobile security and privacy at a low level.
Identify the Appropriate Mix of Education Solutions
The key issue to mobile security and privacy is that no single security solution will work, given the nature of the mobile environment. Extending the existing security infrastructure for mobile devices simply is not cost effective. Organizations must educate their employees using continuous messaging across every available medium. The messaging needs to be timely, relevant and useful to the employee, and delivered in such a way that is memorable and consistent.
Educating staff can become the most effective control when it comes to implementing policies across the board. It is one of the best controls for the security of consumer devices in the workplace that is cost effective for the enterprise and easy for the staff to implement.
Making Educational Messages Relevant to Employees
Making educational messages relevant to your employee’s work environment is important to getting the message heard. In order to achieve this, tone and objectives for creating relevant content materials need to be defined. To create relevant and interesting content:
Tailor Education Programs to Worker Age-Groups:
The changing demographics of the workforce require a change in the methods of education. In the past, offering a single information security and privacy training over the course of the year seemed to be sufficient to educate employees. However, the security and privacy landscape has significantly changed over the years.
Matures, or people born before 1946 are retiring from the workforce. Their learning requirements are much different than Baby Boomers, people born between 1946 and 1964. Baby Boomers are apt to learn through workshops, lectures, books and materials as well as course based learning. Generation X, or people born between the years of 1965 and 1981 enjoy hands on learning, exploration, role playing and learning that is supposed to be fun. While Millennials or Generation Y, people born after 1982, learn through Web 2.0 type delivery such as blogs, videos, podcasts, and mobile devices (iPods, tablets, smartphones) in short bursts of information.
Information on the changing workforce can be used to further differentiate your target audience and will aid in determining the right tone and message type to effectively communicate to your employees.
Did you know?
1Thomson, Herbert H, PhD. “Visual Data Breach Risk Assessment Study,” 2010. People Consulting Services.
3M is a trademark of 3M Company. ©2015, 3M. All rights reserved.