Surveys typically show that:
- Most organizations have some form of BYOD scheme encouraging or permitting workers to use their own laptops, smartphones and tablets for work; and
- IoT is spreading fast but still has a long way to go before it peaks.
We infosec geeks may throw up our hands in horror ... but the facts remain: BYOD and IoT are popular, now. They are here to stay and almost certain to expand.
It's too late now for us to bleat on about the information risks and security concerns*. The train has long since left the station.
So how should we handle this situation? An obvious approach is to retrospectively identify, assess and treat the information risks as best we can, emphasizing threats such as hackers, malware, theft or loss of information, and inappropriate disclosure, and promoting security controls such as - well, that's where it gets tricky because we have limited options for technical controls, and (despite our best efforts!) security awareness is never going to be a total cure for employees being incautious or careless. Being so negative and constrained, it's hardly a convincing argument. You could say it's also behind the times, fighting the last war as it were.
Instead, we're taking a more proactive and upbeat line in the NoticeBored content for January. There are business opportunities in going with the flow, embracing BYOD and IoT (where appropriate), making the best of the rapidly evolving technology and forging ahead. Maybe we can't fix everything today, but we surely can make tomorrow better.
Here's a single example: if a company's widgets can be smartened-up and networked, they might just catch the wave. Innovation is a vital component of brand value for many organizations, a common strategic driver. Provided the technology, security and privacy aspects are sufficiently well addressed, smart, networked widgets may be used to gather information about how the widgets are used in practice by real customers, en masse, giving valuable insight to drive further product development and innovation - a positive feedback loop.
Finding and exploring other similarly motivational examples and potentially attractive business opportunities has kept us happily occupied today. If we successfully express that excitement in the awareness materials, it should energize and motivate the audiences to get to grips with the risk and security aspects of BYOD and IoT. They will at least set off on the journey in a more positive frame of mind than the more usual "We must improve security or the world will come to a sticky end", or worse still the cynical "Stop everything: for security reasons, the answer is NO!".
* PS In fact we did raise the information risk and security aspects of IoT and BYOD previously, several times, in the awareness materials. We try hard to keep up with, if not stay ahead of, new developments in this field. Some of our customers, though, have rather more inertia than they'd like to admit!