This editorial was originally published on Apr 7, 2014. It is being republished as Steve is on vacation.
Does your organization have some policy around data security on mobile devices? Do your fellow employees care about data security? A new study says that most organizations don't, and potentially that's an issue.
Many of us are data professionals, and we might have no idea how much data a user can access using today's modern mobile devices. Potentially we can help them understand that the $500 smartphone they use can actually contain and access much more than $500 worth of data. If their device is the cause of a data breach, the cost could easily be much closer to $50,000 than $500.
Security is always a big gamble, and rather than the old models of controlling all devices and limiting access, we need to learn to educate users, work with them to secure their devices and report losses quickly. The survey shows that most employees don't even know how to report the loss of a device that might cause a data breach. At the very least, we can establish some procedures that will allow an account to be quickly turned off. And to ensure productivity doesn't suffer, we need a procedure that also engages a new account for a user quickly.
My guess is a lot of security issues could be handled quicker if we ensured that users were aware of issues and penalized for ignoring them, but made sure those penalties were balanced with an understanding that there it is inevitable people will make mistakes and accidents. Forgive mistakes and ask for reports of potential issues quickly.