There’s No Such Thing as “Bring Your Toy to Work” Day (And there’s good reason for that…)

by Dean.Brown on January 9, 2012

With the holidays just behind us, there’s a good chance you may have received a cool new technology gadget as a gift. Yes, it has all kinds of bells and whistles. Yes, it could be very useful in the workplace. So yes, you should go ahead and bring it to work with you, right?

Not so fast. Most companies (rightfully so) have a security and/or acceptable use policy, which specifies who owns the information you’re trying to access. In most cases you don’t even own your company email.

Before you take your new gadget to work, as yourself these questions:

  1. How will I feel if I get a subpoena for my gadget (because there is company data on it)?
  2. Do I want to give the company permission to access my gadget to see their data?
  3. Do I want to give the company permission to delete all my data because I misplaced my gadget?
  4. When the gadget comes home at night, do I really want to play with something I use at work?
  5. Do I want a family member seeing my work information?

If none of these is a concern, talk to your IT department. They will have their own set of questions, too, including:

  1. What information are you going to access via your new gadget?
  2. How will that information be protected? (Virus protection, spyware protection, malware of all kinds, passwords, and encryption protocol are just some of the things the company may consider.)
  3. How can we make sure the gadget doesn’t cause an information flow disruption?
  4. How will the device make you a better and more productive worker?
  5. Who provides the maintenance and up-keep for the gadget?
  6. Are you the only person that will access the gadget?

If all parties agree it makes sense to use your gadget at work, be sure to get it in writing.

Technology can improve your life, including your productivity at work. But don’t assume that just because you got a new toy, you can bring it in and start to use it on your company network. You might get rewarded with an unemployment check.

{ 0 comments }

Don’t Fall Prey to “Trendy” Implementations

by alexis.mathers on November 15, 2011

A recent survey unveiled an interesting statistic.  Enterprises may be rushing into implementing new technologies without any update to security controls.  Given the emphasis on information security controls lately, this statistic comes as a surprise. 

New technologies are very enticing and lack of adoption could threaten the success of your enterprise; however, adopting trending technologies like mobile devices, social media, and cloud computing without investigating the security risks could put your enterprise at severe risk.

Here are a few tips to ensure you adequately address security implications to a new technology:

  1. Identify the reasons for implementing the new technology.  Make sure this is going to benefit your enterprise and not because it happens to be Google’s trending topic this week.
  2. Perform a failure mode analysis.  Ensure you identify the “what can go wrong’s” involved with implementing and using the new technology.
  3. Identify the new security risks that will arise due to use of this new technology.
  4. Design and implement new controls to address the new security risks identified.
  5. Test the new technology and controls to ensure your enterprise will remain secure post implementation.

Technology is evolving every day and we all want to benefit from new technologies. It is important to remember that with new technology comes new information security risks, and these risks should always be addressed and evaluated when deciding to implement a new technology.

{ 1 comment }

Management Approach to Cloudphobia

October 13, 2011

If you are familiar with arcade games, you may have stumbled upon Cloudphobia – a time attack game where a player is required to withstand the never-ending assaults from incoming enemies while protecting itself and an assigned mother ship from lasers and missiles. From a business perspective, amongst other things, business managers and IT Executives [...]

Read the full article →

QR Tags – The Little Square That Can Pack a Punch

September 29, 2011

We use our smartphones more and more each day.  We use them to manage our finances, search the internet, maintain work and personal meetings, store pictures… the list goes on and on, so it’s no wonder cyber criminals are looking for the next avenue to gain access to these mini data gold mines. Recently we [...]

Read the full article →

Doctor iPad

September 22, 2011

Health Care organizations are starting to see the value in medical professionals using the iPad.  In October of 2010, the Healthcare Information and Management Systems Society hosted a webinar on iPad’s and of those in attendance, (nearly 1000 attendees) 25% planned to use an iPad immediately and 70% planned to use an iPad within one [...]

Read the full article →

Business Email on Employee-Owned Smart Phones

August 22, 2011

Earlier this week I was sent a question asking if we had seen any best practices for policies regarding email access on personal smart phones not owned by the company. The best practices are similar to what you would find in acceptable use policies for VPN access or corporate smart phone access, but they also [...]

Read the full article →

What is all the Fuss Surrounding Google Plus?

August 11, 2011

Circles, Hangouts, Sparks… what is all of this?   With all the avenues of social media out there it is hard to believe  that yet another one has jumped onto the scene.   Facebook has been the reigning champ for quite some time but it has had competition from Google since the beginning but never has Google [...]

Read the full article →

Proposed HIPAA Privacy Changes Bring New Patient Rights and Increased PHI Protection

August 3, 2011

In an ongoing effort to provide information and insight into patient information access, the Department of Health and Human Services Office for Civil Rights has issued a series of proposed changes to the current Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule.  The proposed changes would enhance current privacy rules protecting patient information by [...]

Read the full article →

A New Series of Reporting Options for Service Organizations

July 27, 2011

Many service organizations and other entities are familiar with SAS 70 reports — reports prepared following the CPA profession’s Statement on Auditing Standards No. 70, Service Organizations. Innovations in technology and the increasing use of outsourcing have led to these reports being used in ways that were never intended. Specifically, SAS 70 engagements were not [...]

Read the full article →

GLBA Report to the Board of Directors

July 20, 2011

Easily, the two most common areas of regulatory recommendations I’ve heard about recently are vendor management and risk assessment, but appropriate Board involvement would be a close third.  Is it just a coincidence that two of the major areas requiring the Board’s attention are critical vendors and risk assessments? A major program the Board needs [...]

Read the full article →

← Previous Entries