Applications Not the Only Concern for Mobile Users

Last week, Washington State implemented its new "hands-free" cell phone/text messaging law, making most cell phone use while driving a primary offense. Previously such use was a secondary offense, meaning police officers could only cite a driver for cell phone if a higher-priority offense had been committed at the same time.

Washington joins a handful of other states trying to curb cell-phone use by drivers, and again raises the issue of what an enterprise's responsibilities are for its mobile workforce and what IT's role is in compliance.

Two Washington firms, DialPro Northwest and Personnel Management Systems, have released a list of recommendations for keeping employees safe and connected to the office

Jack Goldberg, president of Personnel Management Systems, explained in a company release that “most company HR policies are out of date and need to be updated.” His company provides outsourced human resource management services. We encourage businesses to review their policies in light of current employee cell phone usage and the law. Employees should minimize the amount of time they use the cell phone while driving on the job, and to always stay safe by using headsets or hands-free devices when they absolutely need to use the phone.”

We must acknowledge that there are die-hard, must-be-connected workers, points out Dennis Tyler, president of DialPro Northwest (the company provides voice messaging and unified communications solutions). “It is not always feasible for employees to pull to the side of the road. Sometimes a quick response is required to respond to an e-mail message or make a phone call. There are a whole group of business-oriented speech recognition tools that keep employees both safe and connected to the office while offering full compliance with the law.”

Their guide also discusses questions businesses should be asking about the new law and liability and HR issues that must be considered. The information is available at either company site: www.dialpronw.com or www.hrpmsi.com.

- James E. Powell
Editorial Director, ESJ

0 comments


World Cup Woes for Your Network

Is your Web surfing policy in place? You might want to double check. The 2010 World Cup -- running from June 11 through July 11, 2010 -- may suck up a lot of your bandwidth otherwise.

A press release from Internet monitoring firm SpectorSoft Corporation says the sporting event "is anticipated to be the most widely-viewed and followed sporting event -- exceeding even the Olympic Games." Over 30 teams are participating in 64 matches, each Webcast three times per day. The company says a new study warns that over half of UK workers (54 percent) said they plan to watch World Cup games on their office computers during work hours. SpectorSoft also points out that "major broadcasters including the BBC, ESPN, ITV, and Tudou plan to stream live matches on their websites."

Uh oh.

It's not just the games themselves that will consume network resources. SpectorSoft Corporation says the event may "erode business profitability, productivity, and corporate security" as employees watch news and highlights of the games, participate in Facebook discussions about them, or visit online gambling sites to place bets.

You can also expect a rash of e-mail scams and infected messages using World Cup-related subject lines.

“Business owners should take note of the business risks before the World Cup begins, and establish an ‘acceptable use policy’ that allows for employee flexibility -- without compromising productivity or security,” said SpectorSoft president and founder C. Douglas Fowler, in a statement.

Of course, policies are worthless without enforcement, SpectorSoft warned in the release. No doubt. The company's Spector 360 tracks employee behavior, recording and storing all PC and Internet activity, including e-mail, chats, instant messages, and Web sites visited.

However you enforce your policies, it's a good time to review what your policy covers and how it's communicated to your employees.

- James E. Powell
Editorial Director, ESJ

Posted by Jim Powell0 comments


The Need for Single Sign-On

Are you spending more time writing secure usernames and passwords on sticky notes -- or wracking your brain about what to enter in login boxes -- than you should?  For half of respondents in a recent survey, the answer is yes.

Exostar has begun conducting monthly polls of its 75,000 customers to get a handle on "the strategic plans and tactical responses firms are formulating and executing."

Their latest survey examined the number of usernames/passwords individuals had to manage to conduct business with its customers. To no one's surprise, more than one in five (over 20 percent) respondents said they maintained six or more sets of usernames and passwords in order to login and access the systems of a single customer. Almost a third (30 percent) had to work with three to five sets; half only struggled with one or two sets.

"Clearly, username/password proliferation is a real problem, and single sign-on solutions are needed to enhance security and user productivity," an Exostar spokesman told me.

How is your enterprise dealing with single sign-on? Are you making headway or falling behind?

- James E. Powell
Editorial Director, ESJ

Posted by James E. Powell0 comments


Are Budgets to Blame for Security Gaps?

CDW, an information technology solutions provider to business, government, and education, has released its  IT Threat Prevention Straw Poll that surveyed 200 IT security managers and "decision makers" at mid-size and large U.S. enterprises.  The poll focused on IT security threats and the measures businesses are taking to prevent them.

The top concern (cited by 37 percent of respondents): data loss --"primarily from user misbehavior, negligence or accidents," according to CDW.

"It's critical for businesses to secure themselves with the effective, readily available shields against ordinary threats, to free up time and resources for more proactive action against data loss and the rising threats of botnets and malicious, targeted attacks," said Doug Eckrote, senior vice president, strategic solutions and services at CDW, in a statement.

The majority of organizations surveyed have dedicated IT security support in place (for example, 68 percent have a dedicated IT security administrator or team), but more than four out of five respondents say there's room for improvement. 

What would it take to spark a budget increase to make that improvement happen? Everything from news stories and case studies to a breach of their own systems.  However, what caught my eye was this result: 18 percent confess that "only a significant breach of their systems would compel an escalation of security investment at their business." Of course, by then security "prevention" measures are of no use. 

Sadly -- and perhaps shockingly -- more than one in six organizations "say explicitly that nothing could compel their business to invest more for a higher level of security and threat prevention." Nothing? Though there's obviously room for improvement, it's just as obvious that few want to spend the money for it -- no matter what.

On the plus side, more than a third (39 percent) agree that "an assessment of their systems pointing out real vulnerabilities would lead to additional investment." Given the tough economy and tougher budget constraints, that may be magical thinking. As CDW notes in its commentary, "the challenge ... is how to obtain such an assessment, given their ongoing work load, and whether the assessment will have weight with their executive management. Their answer, though, indicates optimism that management will respond to a specific assessment."

Ironically, one-quarter of those surveyed see "evolved forms of current threats" as their top future challenge. CDW points out that "there are tested and proven solutions to help businesses control 'evolved forms of current threats,' so businesses that see these as their next big threat most likely reflect management issues such as limited funding for IT security, competing priorities for new project funding in general, gaps in executive understanding or commitment (including IT staffing), or a lack of security training and experience on the part of the IT staff."

- James E. Powell
Editorial Director, ESJ

Posted by Jim Powell0 comments