LAPTOP FROM PAGE 38
study by the Computing Technology Security training for mobile workers pays off
Industry Association found that only 42 Although a surprisingly small number ( 42 percent) of businesses surveyed have
percent of companies had either com- implemented or plan to implement security training programs for mobile workers,
pleted or planned a mobile computing most of those that have (88 percent) report reductions in major security breaches.
user security education program (see Training typically covers a range of topics, with e-mail use at the top of the list.
charts, at right). Perhaps that reticence Has your compa ny considered or implemented security awareness
hassomethingtodo with thedifficultyof training specifically for mobile or remote employees?
implementing an effective program. Yes, we have considered
“How do you communicate to implementing security Yes, we have implemented
businesspeople in a manner they awareness training but security awareness training.
have no immediate plans
can understand and relate to?” said to implement it. 17% 32%
Eric Litt, chief information security
officer at General Motors. “That’s the
skill. It may be more art than sci-
No, we have not 10%
ence. You have to build credibility.” considered implementing 41% Yes, we plan to implement
security awareness training
Litt holds Security Awareness security awareness training. during 2007.
Week sessions at GM, an intensive
Number of respondents: 797
push to educate the automaker’s
legions of employees, including tens What topics were covered in your group’s security awareness training?
of thousands of laptop users, on the E-mail use and security
latest security practices. And retell- Password protection
ing the tales of laptop woes is part Authentication Internet security/browser use
of the program. These tales include Remote worker access/security/
the one about the millions of U.S. VPNs with company equipment
veterans whose personal data was Intellectual property/software licenses/ piracy/copyrights
exposed when the laptop of a Veter- Physical security
ans Administration employee was Reporting incidents
stolen. “You talk about the VA and Identity theft
make sure people understand the Tracking of physical assets
Telephone security
risk of identity theft when you go to a Use of PDAs
kiosk that has a keylogger and check Social engineering
a bank account,” Litt said. Use of instant messaging
“It’s hard to clamp down,” said an Remote worker access/security/VPNs with
equipment not provided by the company
IT executive at a global manufactur- Other
ing company based in the Midwest.
“It becomes a political minefield and 0 20 40 60 80 100
Percentage of yes responses from 255 respondents
a nightmare. It’s Big Brother, and
people don’t like that.” Do you think the number of security breaches in your organization
The IT executive said that he has has been reduced since implementing security awareness training for
managed to persuade his organization mobile and remote employees?
to encrypt all laptop hard drives but
that USB and CD/DVD encryption is,
as yet, too unpopular. Still, users must Yes
be educated, he said, noting that with No
hard drive encryption in place, users’ 88% 12%
data may be unrecoverable if they fail
to perform backups.
Other organizations are cutting back
on laptops themselves. Glen Chrzas,
vice president of technology at Altura Number of respondents: 255
Credit Union, Source: Computing Technology Industry Association
[CONTINUED ON PAGE 43]
