How to talk security so people will listen (and comply!)
So far, three phishing experiments involving 250 employees each have been conducted; eventually, Mankovich hopes to test the security smarts of all 90,000 email-connected Philips employees worldwide.
"At the end of each pilot we talk to a few of the users to see what they felt about the experience -- both those who fell for the phishing and those who did not," Mankovich says. "We [typically] have a very small percentage of people who did the bad behavior, and those people do get the message."
As for more simulated attacks, "We've decided we're going to run it forever. Those personal hooks do very well" -- though future phishing tests will be stealthier and increasingly intricate, he says.
Protect to enable
In light of the increasingly virulent cyber-threats out in the wild, IT leaders struggle between giving business units the freedom to choose their own apps, launch their own online initiatives and adopt new devices, and putting the brakes on.
But it is possible to strike a balance between the two, Harkins says. Intel adopted its "protect to enable" mantra three years ago. Rather than focusing primarily on locking down assets, the mission of the information security group has shifted to enable business goals "while applying a reasonable level of protection," Harkins says. "The more drag you put on information flow, the slower the business velocity, which also creates strategic risk issues," Harkins explains.
To enable business goals while still effectively communicating its security policies, IT needs three things, Harkins says: an adequate level of acumen as to the business side's situation and needs; input from both technical and business units on the risks versus rewards of a given security decision; and a clear channel of communication among all levels and units of the business.
Intel's BYOD plan is one product of its "protect to enable" policy. As early as 2009, Intel took a new approach that supports personal devices in the enterprise. "I challenged my team to work with Intel legal and human resources groups to define security and usage policies. This enabled us to begin allowing access to corporate email and calendars from employee-owned smartphones in January of 2010," Harkins says.
The initiative has been highly successful in allowing users to adapt their mobile devices to the workplace while keeping corporate data safe, and Intel continues to define new security and use policies as new devices come onboard.
Insurance provider Endurance Specialty Holdings Ltd. in New York tries to establish policies that don't limit the users from performing their jobs, says CIO Tom Terry. "There's generally a good reason why they're asking for a particular software, tool or device. We attempt to understand the problem they're trying to solve and give them tools to address their needs in a secure manner."
- Troubleshooting Common Issues in VoIP Learn more about Voice over Internet Protocol (VoIP), including common VoIP metrics used, best practices in VoIP management and tips and tricks for...
- 2013 Network Management Software (NMS) Buyers Guide This white paper contains an independent comparison study of six different network management solutions and provides guidance on how you can choose the...
- Rightsizing Your Network Performance Management Solution: 4 Case Studies This white paper discusses challenges encountered as organizations search for the most cost-effective network performance management solution.
- Global Growing Pains: Tapping into B2B Integration Services to Overcome Global Expansion Challenges A recent survey by IDG Research explored both the challenges and pain points companies face when growing globally, as well as the capabilities...
- E-Signature RFP Checklist Webcast If your organization is looking to adopt e-signatures, you may be overwhelmed by the number of providers that offer seemingly similar solutions. How...
- Cloud and Collaboration: Driving Your Business Value Mission Critical Cloud from Peer 1 Hosting is enterprise-grade. All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!