A ZDNet survey of IT decision makers in Australia has today revealed that 89% of senior managers have access to corporate data on their own personal mobile phones.
The survey also finds that, of the respondents, nearly half reported that their organisation does not have a formal, documented security policy. Turning the focus to best practice, only 17% of respondents said that their organisation is certified to ISO27001 with an additional 11% currently undergoing certification. That in turn shows a not insignificant 72% of the respondent’s organisations have not considered/are not pursuing certification to ISO27001.
ISO27001 is the internationally recognised best practice standard for an information security management system which underpins intelligent cyber security risk management strategies. Closely related to cyber security ISO27001 specifies the requirements for an Information Security Management System (ISMS) against which an organisation can be audited and certified.
Leaving mobile phone access so unrestricted leaves the confidentiality, integrity and availability of an organisation’s corporate sensitive data vulnerable to loss or misuse through malware, hacking or simply the physical loss of a phone. Mobile Security: A Pocket Guide addresses the key themes of mobile security and informs as to the safeguarding of sensitive information, the use of encryption, employee boundaries, and virus protection.
The honest assessment, from within, of the BYOD (Bring Your Own Device) information security practices in Australia must act as an embarrassing wakeup call. Just as an embarrassing ring tone on a phone causes its owner to swiftly stop it ringing so must IT Directors and Managers firmly grasp their policies and practices tightening access and improving security.
ISO27001 certification brings many benefits including international recognition, commercial advantage over non certified competitors, improved business practices and regulatory compliance.