Getting serious about tablet security risks and user training

With increasing tablet security risks, the time has come to get serious about user education. UK Bureau Chief Ron Condon prescribes a new mindset.

This article can also be found in the Premium Editorial Download: IT in Europe: Taking control of smartphones: Are MDMs up to the task?

We are used to rapid change in the IT world, but the last two years rank as exceptional. Since January 2010, when the late Steve Jobs announced the iPad, the way we use computers has changed dramatically.

The iPad, followed shortly after by other tablet computers running the Android operating system from Google, immediately caught the imagination of people of all ages and occupations. Although designed primarily as a platform of audio-visual media and Web content, the tablet took off like no other format before it as a general-purpose computing device that was easy to carry, easy to use, always on – and also looked pretty cool.

Tablets had existed before, of course, including the Apple Newton of 25 years ago, but this time a lot of component factors fell into place: the wide availability of Wi-Fi connections, high-speed wireless communications, more powerful processors, improved screen technologies and better batteries.

Security pros need to
ensure that
if users want
to use these new devices, they understand
they have a
duty of care
and a responsibility
to guard
the information
they hold.

Furthermore, the market had already been primed by the smartphone (also largely driven by Apple), with its ability to access the Internet and collect emails. Users were getting used to working on the go rather than sitting at a desk or even at a table in a coffee shop. But the smartphone’s tiny screen has always prevented it from being a fully fledged computing device; when the tablet arrived, users were immediately able to grasp the potential.

Organisations saw the potential too, from retailers giving tablets to employees so they could provide online advice to customers, to doctors doing their ward rounds. Nearly every sector could see a use for the tablet.

The challenge for security professionals is how to manage the phenomenon and prevent users picking up infections or losing valuable information. The always-on nature of the devices, plus their obvious appeal to any passing thief, makes them a potential security nightmare.

In less than two years, the tidy world of the managed Windows-based laptop has been shattered, and security professionals now have a much more diverse and fragmented range of devices to manage, some of which may not even be owned by their organisation.

Technologies exist to help manage tablet security risks, but technology alone cannot close off all the security holes. More than ever, security pros need to ensure that if users expect to use these devices professionally as well as personally, they understand they have a duty of care and a responsibility to guard the information they hold.

To that end, security awareness programmes need to be delivered with conviction and in terms the users can immediately grasp. The security profession has for too long paid lip service to user awareness, writing security policies that are at best boring and often incomprehensible to the average user.

With the tablet computing model here to stay, users need to be made part of the security solution, not just the perennial problem.

Read more on Security policy and user awareness