Users need to take their share of the responsibility, not punt the problem to others. As the "parents" of these "babies," here's what IT and business management needs to do:
- Educate employees more aggressively, and I don't mean through mind-numbing seminars or effervescent online videos. I mean phish your employees (particularly managers) and call them out when they fall for the trap. Better they fall for your "malware" and see the connection to their behavior than get phished or Trojaned by an actual crook.
- Penalize employees -- especially managers -- for getting fooled. The first time, disable their smartphone access for a week or two. After that, consider permanently denying access from a personal device, requiring them to use a BlackBerry or other safe but limited device. Depending on the person's role and access to sensitive information, pay-raise denials (or pay reductions), demotions, or other real performance penalties should apply. Some industries -- notably health care, due to the HIPAA regulations -- do enforce penalties for negligent behavior that puts the organization at risk, but too many companies give them a slap on the wrist and in essence tell employees it's fine to keep turning off their brains.
I'm all for treating employees as smart partners who will do the right things within the appropriate corporate policies, and thus should have the freedom to do things their way when that helps them and does no harm to the company. But employees also need to step up and act as smart partners. With freedom comes responsibility, and with responsibility should come consequences.
And if you use Android, boy, do you need to be responsible.
This article, "Android is a malware cesspool -- and users don't care," was originally published at InfoWorld.com. Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.