Look First, Then Leap

Resource Library:

User inconvenience and security shortsightedness come into play when corporate decision makers fall into what Ed Adams, CEO of consultancy Security Innovation, calls the "Recency Trap." "This is when organizations panic at some perceived immediate threat and hastily change their security procedures, only to leave themselves open to more serious but unrecognized risks," he says.

Rather than spending money on quick fixes, CIOs should look at the broader corporate picture and make expenditures that target higher-priority threats. "Employees will continue to make lifestyle choices about the technology they use, such as laptops or cell phones, for example," Yankee Group's Jaquith says. "It's a knee-jerk reaction to ban them."

That's an issue for James Wilson at OnBoard LLC. The director of technology at the five-year-old real estate information company in New York City concedes that his security policy has gaps that must be addressed. Yet he's reluctant to impose severe restrictions given that OnBoard boasts a relaxed corporate culture, with some employees connecting wirelessly to the company network from their homes or other remote sites.

OnBoard hasn't lost any corporate data. Still, Wilson recognizes that employees who work remotely using wireless Internet connections put business data at risk. "I don't want to impose security that's so strict as to not be able to attract the very best workers," he says. Taking what he characterizes as a measured approach to IT security, OnBoard bans connecting from heavily traveled venues such as Starbucks but permits wireless linking from homes and less traversed public locales.

Next Page: Secure Code From the Get-Go