ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY

ASSIGNMENT 1
Table of Contents
SECURITY POLICIES IN ORGANIZATIONS

INTRODUCTION

USE OF MOBILE TECHNOLOGY IN ORGANISATIONS

1.
2.
3.
4.
a.
b.
c.
d.
e.
f.
g.
h.

COMMUNICATION
DEVELOPMENT
MARKETING
COMMERCE
Mobile ticketing
Mobile vouchers, coupons and loyalty cards
Content purchase and delivery
Location-based services
Information services
Mobile banking
Mobile brokerage
Mobile Purchase

USE OF SOCIAL MEDIA IN ORGANIZATIONS

1.
2.
3.
4.
5.
6.
7.

Increased Brand Recognition

More Opportunities to Convert
Improved Loyalty Brand
Higher Conversion Rates
Decreased Marketing Costs
Customer Service Cost Reduction
Reduction of Production Design Costs

AUDIT OF MOBILE PHONE POLICY AT JACKSONS SECURITY

JACKSONS SECURITY AUDIT FINDINGS
AUDIT OF SOCIAL MEDIA POLICY AT WASHINGTON POST
WASHINGTON POST AUDIT FINDINGS
MOBILE PHONE POLICY RECOMMENDATION FOR JACKSON SECURITY
1.
2.
3.
4.
5.
6.

Personal device policies

Enforcement of Screen Locks and Secure Passwords
Office Use of Mobile Phones
Mobile device monitoring
Return Policy
Breach of policy

SOCIAL MEDIA POLICY RECOMMENDATION FOR WASHINGTON POST

1.
2.
3.

More Dos than Donts

Definition of whats private or confidential information
Training and education of Employees

3
3
3
4
4
4
5
5
5
5
6
6
6
7
7
7
7
8
8
8
9
9
10
10
10
10
11
11
11
12
12
12
12
13
13

Conclusion

13

REFRENCES

14

APPENDIX

15

WASHINGTON POST SOCIAL MEDIA POLICY

JACKSON SECURITY MOBILE PHONE POLICY

15
16

pg. 1

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1

SECURITY POLICIES IN ORGANIZATIONS

INTRODUCTION
Information is the basis of our society, of our businesses and of our Organizations.
Once, information was marginal to organizations and then gradually information
became central. In recent years, weve seen the advancement of technology, mobile
phones, phablets, and tablets are becoming the order of the day. These devices have
increased their computational and processing powers while becoming portable lighter
and smaller. New programs, applications and features are being developed and
published daily in the mobile world for end users to download. With the rapid
movement of social media, it is starting to emerge from a form of communication to
the mainstream level. Companies had to deal with the electronic mailing system in the
past, now, they have to figure out how to deal with all the emerging and established
social media avenues like Facebook and twitter.
There are so many clear advantages attached to social media and these devices, but
their security issues should also be considered. So measures should be taken in order
to prevent these technological advancements from jeopardizing the company and its
data, this is why a sound policy is needed.

USE OF MOBILE TECHNOLOGY IN ORGANISATIONS

Did you know that 70% of smartphone users check their phones in the morning within
the first hour of getting up and 56% check their phones before going to bed?
(Econsultancy, 2015) The scary thing is, youre probably reading this and slowly
realizing that youre within these statistics. Almost every one today uses and owns a
mobile device, often more than one. Not only do people own and use them, they also
tend to spend a considerable amount of time, money and effort customizing, buying
and choosing, exploiting and enhancing them. Mobile technology has extended
computing and the internet into the wireless medium with the provision of greater
freedom of information sharing, collaboration and communication. The strategic
importance of mobile technology in organizations cannot be undermined. Its rapid

pg. 2

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1
rate in development, advancement and adoption creates a vast opportunity for
innovative and new services rendered through mobile devices. Organizations have
now become reliant on mobile technology, organizations have developed new ways
for customers and employees to utilize the technology the mobile platform brings,
some of these include:

1. COMMUNICATION
This trumps the list of what mobile technology brings to an
organization as it is has increased the ease of communication between
employees and employers, customers and employees by almost 95%.
Workers can download applications on their mobile devices so they
can communicate easily with customers, or the organization can use
native application or web applications to enable direct communications
with their customers. Real time communication in the workplace can
deliver important business benefits and save precious time. Interaction
with co-workers and sending of emails are examples of how mobile
technology makes communication effective and easier in an
organization.

2. DEVELOPMENT
The interactive-ness nature of mobile technology has allowed
information sharing through mobile devices thus allowing business
organizations to get rapid feedbacks/responses on the services and
products rendered to customers. The accessibility and speed of
feedbacks and suggestions have led to rapid development, upgrade and
research for organizations; this is a method of staying ahead of the
market competition. This way, the clients and customers feel they have
a more direct role in the development of the organization.

3. MARKETING
Marketing and advertising products for businesses has taken a
remarkable dimension with the introduction of mobile technology.
Advertisement of products are now seen on mobile phones through the
means of banner ads, QR codes, SMS and application adverts by
potential customers. Because most customers and potential customers
pg. 3

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1
usually have a mobile device with them, the probability of seeing an
advert on their device is high.
Studies indicate that:

97% of mobile subscribers will read an SMS (text) message

within 15 minutes of receiving it; 84% will respond within 1
hour. (Do you know any other medium that gets a potential

customers attention that fast? I don't!).

Average campaign response rates are typically 12 - 15% (as
opposed to direct mail which averages 2 - 3%); some

companies are seeing response rates as high as 60%.

Mobile is NOT just for teens and twenty-somethings; prime
purchasers in the 35 - 44 and 45 - 54 age brackets are also

strongly embracing the use of Mobile devices.

While 65% of email is spam, less than 10% of SMS is.
A recent study by Compete.com indicates that almost 40% of
consumers are extremely interested in receiving mobile

coupons for a wide variety of services / purchases.

Demand for mobile websites is expected to exceed PC
accessible websites sometime in 2011; if you don't have one,
you need one very soon.

4. COMMERCE
The applications that have been developed in accordance to commerce
today are countless, thanks to mobile technology, paying for products
have gotten faster, easier and smarter, these are some of the features
mobile technology brings to the commerce world:
a. Mobile ticketing
Tickets can be now be booked and cancelled through mobile phones
using a variety of technologies. Users are then able to use their tickets
immediately, by presenting their phones instead of the casual ticket at
the venue.
b. Mobile vouchers, coupons and loyalty cards
Mobile technology can also be used for the distribution of vouchers,
coupons, and loyalty cards. These items are represented by a virtual
pg. 4

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1
token that is sent to the mobile phone. A customer presenting a mobile
phone with one of these tokens at the point of sale receives the same
benefits as if they had the traditional token.
c. Content purchase and delivery
Mobile content purchase and delivery mainly consists of the sale of
ring-tones, wallpapers, and games for mobile phones, and is evolving
into the purchase and delivery of full-length music tracks, video, books
and more.
d. Location-based services
Knowing the location of the mobile phone user allows for locationbased services such as:
Local discount offers
Local weather / news / sports
Tracking and monitoring of people
Traffic reporting
e. Information services
A wide variety of information services can be delivered to mobile
phone users in much the same way as it is delivered to PCs. These
services include:
International and national News / sports
Stock quotes
Financial records
f. Mobile banking
Banks and other financial institutions use mobile commerce to allow
their customers to access account information and make transactions,
such as:
Check bank balances
Process bill payments
Transfer funds between accounts
Verify deposits and other transactions

pg. 5

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1
g. Mobile brokerage
Stock market services allow the subscriber to react to market
developments in a timely fashion and irrespective of their physical
location.
h. Mobile Purchase
Merchants accept orders from customers electronically via mobile
device through mobile websites and/or apps. In some cases, catalogs
delivered via mobile.
The fast paced development in the mobile technology world also means that each time
an employee loses their cell phone, maybe to theft, organizational data will be
potentially lost as the device could include data like; files, emails, company
application with sensitive information. The advantages of mobile technology far
outweigh it disadvantages, this doesnt mean that appropriate security measures
shouldnt be designed and implemented in order to detect and prevent any threat to
sensitive corporate data caused by the use of mobile technology.

USE OF SOCIAL MEDIA IN ORGANIZATIONS

Years ago, social media was regarded merely as a hub for high school and college
students, now, it controls a tremendous influence over the way individuals around the
world regardless of their age, nationality, race or religion get and share numerous
information. The implications and influence of social media on business organizations
today are profound. It has become a communication phenomenon, the many arrays of
social media sites like Facebook, Twitter, Google Plus and YouTube among others can
be very overwhelming to surf.
It often plays a marketing role in organizations, people are often drawn to read
messages from friends, read product recommendations, share political views and
social concerns, find restaurants, this presents both risk and opportunity , on one hand
it brings in potential customers and helps manage, monitor and serve the
organizations current customer base and on the other hand, it all comes down to the
views of the person, who can decide to tarnish the image of an organization with an
angry review or blog post. Organizations successes or failures are now public as
pg. 6

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1
never before. These are some of the ways that social media influences organizational
growth:

1. Increased Brand Recognition

Part of various organizations goal is to expand and increase their
brand popularity, visibility and worth. Social media serves as a brilliant
means to fulfil these laid out goals, social media increases the brands
content and voice, and this is very important because it makes the
organization easier to access for potential customers, recognizable and
familiar for existing customers.

2. More Opportunities to Convert

Every time an organization makes a social media post, an opportunity
for conversion of customers is made. Access to new, old customers and
the ability to interact with them are made available. With every image,
video or blog post made, theres a chance that a potential customer
stumbles upon it, therefore leading into conversion.

3. Improved Loyalty Brand

Brand loyalty can be defined as when a customer uses a particular
product often, despite offers from other brands/competitor to gain their
loyalty. Organizations now have a direct channel to their customers
through social media where they can speak to them directly, this is a
precious thing that was not easily accessible and was costly to do
before the innovative arrival of social media. Customers can now reach
out to organizations and vice versa, this makes the customer feel safe
and at home with the company, thereby ensuring brand loyalty.
Connection breeds loyalty.

4. Higher Conversion Rates

Conversion rates gets higher when social media is introduced to an
organization. This is because it makes the organization more
humanized, a response like Im sorry to hear that, kindly email me
directly at carter@organizationname.com with the details of your
problem to get this sorted out is a lot better than hearing nothing from
the organization at all. People like doing business with other people,
pg. 7

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1
not with organizations. A higher number of social media likes or
followers tends to improve credibility and trust in the brand name,
thus, increasing the organizations existing traffic and conversion rates.

5. Decreased Marketing Costs

Since the introduction of social media into the business world,
marketing trends have evolved from orthodox channels to social media
platforms like Facebook, twitter and others. Social media has served as
a valuable tool in reducing business costs significantly while
increasing revenues, these are some of the ways it does so:

6. Customer Service Cost Reduction

Social media has made it direct and easier to help customers,
formerly, customers use a service call when they have a
problem that needs fixing, this costs a lot, due to the waiting
time. With the introduction of social media, the problem can be
fixed directly with less to no cost, even some customers that
have faced the same difficulty can help in solving the problem
for the customers facing problems, and this significantly
reduces the cost of employee resources.

7. Reduction of Production Design Costs

Organizations are identifying the savings and benefits of using
social media in the design of products. The feedbacks and
comments muster from potential and existing customers can be
made use in the product design as well as the product
marketing. Organizations are saving a lot because much of their
hypothesis have been extinguished, they can develop or
upgrade their product much on what the customers want.
No business organization can afford to be complacent. Social media platforms will
continue to change the way people behave and make choices, and business leaders
need to govern how their companies should respond. With all these things being said,
there are hidden threats associated with the use of social media and this is why a
sound social policy must be developed for every organization to avoid public
embarrassment.
pg. 8

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1

AUDIT OF MOBILE PHONE POLICY AT JACKSONS

SECURITY
The objective of this audit was to determine the loopholes in the current
organizations mobile phone policy. The audit scope and objective was determined
based on the following parameters:

Determine if the existing mobile policy is updated in accordance to the

technology of the new generation.

Improvement of the existing policy by identifying the loopholes and

suggesting new policies to tackle the identified loopholes.

To determine if the existing mobile policy is secure enough to ensure the
organizations data is secure and un-breached.

JACKSONS SECURITY AUDIT FINDINGS

The audit found that the mobile phone policy at Jacksons security was outdated and
they failed to include a policies for personal devices, enforcement of secure
passwords, screen locks and secure passwords, encryption before accessing corporate
e-mail, devices cannot be jailbroken or rooted, proactively wiping devices after 10
failed login attempts. These loopholes leave risks that include code running from
untrusted application stores, popularly known as side loading, running applications
from untrusted parties through email. Being a large security firm that deals with house
alarm systems, safes, security camera and digital video recording installation and
management, automotive locks and home security service and upgrade. One would
think that theyll have a fool-proof mobile phone policy. This audit found their current
policy lacking and outdated. Houses could be broken into if home security passcodes
are leaked through mobile phone data breach.

pg. 9

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1

AUDIT OF SOCIAL MEDIA POLICY AT WASHINGTON

POST
The objective of this audit was to determine the loopholes in the current
organizations social media policy. The audit scope and objective was determined
based on the following parameters:

Determine if the existing mobile policy is updated in accordance to the

technology of the new generation.

Improvement of the existing policy by identifying the loopholes and

suggesting new policies to tackle the identified loopholes.

To determine if the existing mobile policy is secure enough to ensure the
organizations data is secure and un-breached.

WASHINGTON POST AUDIT FINDINGS

The audit found that the social media policy at Washington post is out of touch with
the current age, it seems as if the policy was written by someone who doesnt
understand deeply the meaning of social media, the policy tells the employees what
they should not do rather than what they should do. They failed to point out the kind
of relationship that co-workers and employees can have with each other. Their main
goal should be to build and strengthen the relationship between them and the
audience, this policy makes it hard to do that. This policy really makes it hard for the
organization to make use of all the benefits social media brings.

MOBILE PHONE POLICY RECOMMENDATION FOR

JACKSON SECURITY
Mobile phones extend the network perimeter of an organization like never before, it
also provides new means for potential hackers a new entry route to infiltrate
organizational data. These mobile policy recommendations will make it tough for
hackers to attack:

1. Personal device policies

Security policies are easy and straight-forward to enforce if a mobile
phone is owned and provided to employees by the organization. This is
pg. 10

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1
different when an employee wants to access organizational data on
their personal mobile device, a personal mobile device should be
included in the companys policy. This will include employees asking
for permission before accessing or adding any organizational data to
their mobile device. If an employee does not agree with the addition of
this policy, they should be banned from accessing organizational data
on their phone or they can choose not to bring their personal mobile
devices to work. This is especially important for employees of Jackson
security, because if an employee loses his/her personal device that has
customer security information on it, this can be dangerous for the
customer whose information was leaked.

2. Enforcement of Screen Locks and Secure Passwords

This is another important aspect Jackson security failed to implement
in their policy. Every mobile device connected to the organizations
network needs to have screen locks and passwords, this should be
made a standard in the organization. Encryption before accessing
corporate e-mail, jailbroken or rooted devices not being able to connect
to the network, proactively wiping devices after 10 failed login
attempts, re-entry of password if the phone has been idle for 2 minutes
in case of theft, this will prevent the individual from accessing too
much information.

3. Office Use of Mobile Phones

Common courtesy demands that mobile phones should be switched off
before entering the premises of a meeting. This is another thing that
was missing in their policy. Mobile devices are being used any way
they like in the company, theres no rule that restricts them from using
their mobile device any way they want to.

4. Mobile device monitoring

Mobile devices should be monitored, this helps deal with any form of
device loss, and it also provides accountability of what was lost and
how to go about rectifying the data breach. This method is also much
pg. 11

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1
more secure, for example: a company device gets stolen, after 2
minutes of inactivity, the device locks itself, the individual that stole
the phone knows the password, the contents of the phone are
encrypted, which leaves the option of decrypting the phone. The
problem with company mobile encryption is that, the encryption keys
gets too changed often and its often very complicated and employees
dont bother remembering them, so they often write it down
somewhere or where its easily accessible on their device making it
easy for dedicated hackers to decrypt the data. But when a monitored
device is stolen and it gets reported to the organization, they can easily
remote wipe the device and all the stored data on it.

5. Return Policy
Employment termination or return of mobile device at the request of
the organization should be honored by the employee with the
accessories provided to them when the device was given to them.

6. Breach of policy
Disciplinary action should be taken with any employee that breach
these policies.

SOCIAL MEDIA POLICY RECOMMENDATION FOR

WASHINGTON POST
Due to the fast paced nature of social media, its policies should be revised often to
avoid employee unfitting conduct online. The number of people fired over tweets and
Facebook posts is on the rise, even employers sometime do background checks on a
candidates social media profiles before hiring them. If organizations dont have
adequate/right social media policies, they might end up facing serious public
backlash/problems. These Social Media recommendations will make sure the
organization makes the most out of social media and wont face public disgrace:

1. More Dos than Donts

This clearly outlines more of what employees can do with social media
than what they cant do. Itll help them understand ways to achieve
pg. 12

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1
business/organizational goals with the help of social media.
Expectations should be clarified to employees, guidance on what the
organization expects from its employees. The policys job is mainly to
prevent embarrassing events from happening to the organization, its
also to empower employees to achieve organizational goals.

2. Definition of whats private or confidential information

Employees should be given clear instructions on what the organization
considers public information, disciplinary action should be taken if an
employee shares confidential information/data on social media.

3. Training and education of Employees

Organization should show the employees the good and bad social
media can do to an organization. Real life examples should be used in
this case so they can know the implication of sharing the wrong
word/material or writing the wrong blog post on the web. This can
prevent them from making embarrassing decisions that would reflect
negatively on the organization.

Conclusion
While organizations enjoy the opportuneness brought about by social media and
mobile technology, they should also be conscious of the downsides and risks
associated with their usage. The risks linked with poorly managed or non-existent
supervision of social media use are abundant. Not only can there be concerns with
diminished productivity which would be at the head of many employers minds, there
are also concerns surrounding unfitting conduct that can negatively impact on brands
or may lead to bullying and harassment and disclosure of confidential information
(whether deliberate or not) and even defamation.
Furthermore, there are risks linked with penalizing employees who inappropriately
use social media on a personal level. Out of hours conduct through the use of social
media can have a damaging impact on businesses especially when comments and
posts can become viral in a matter of seconds.
pg. 13

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1
The constant thing present with both of the audited policy is the fact that they are
outdated and is not in sync with the technology of the current age. Technologically
related policies should be updated often because new technology is being developed
daily and threats to an organization from these new technologies are constant.

REFRENCES
1. Mobile psychology: how do smartphoners behave differently to desktoppers? |
Econsultancy. 2015. Mobile psychology: how do smartphoners behave
differently to desktoppers? | Econsultancy. [ONLINE] Available
at: https://econsultancy.com/blog/66626-mobile-psychology-how-dosmartphoners-behave-differently-to-desktoppers. [Accessed 6 October 2015].
2. Gant D, Kiesler S (2002) Blurring the boundaries: cell phones, mobility, and
the line between work and personal life. In: Brown B, Green N, Harper R
(eds) Wireless worldsocial and interactional aspects of the mobile world.
Springer, London, pp 121131Cross, M. (2014). Social media security:
Leveraging social networking while mitigating risk.
3. Noor, A. -D., & Hendricks, J. A. (2013). Social media and strategic
communications.
4. Use Social Media to Reduce Your Business Costs | RunApptivo. 2015. Use
Social Media to Reduce Your Business Costs | RunApptivo. [ONLINE]
Available at: http://runapptivo.apptivo.com/use-social-media-to-reduce-yourbusiness-costs-1336.html. [Accessed 02 October 2015].
5. Increase productivity and profitability with mobile technology.
2015. Increase productivity and profitability with mobile technology.
[ONLINE] Available at:
http://www.strategicgrowthconcepts.com/growth/increase-productivity-profitability.html. [Accessed 10 October 2015]
6. Why do you need a Social Media Policy? 2015. Why do you need a Social
Media Policy? [ONLINE] Available at:
http://www.australianbusiness.com.au/lawyers/expertise/employmentlaw/why-do-you-need-a-social-media-policy. [Accessed 11 October 2015].

pg. 14

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1

APPENDIX
1. WASHINGTON POST SOCIAL MEDIA POLICY

pg. 15

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1

2. JACKSON SECURITY MOBILE PHONE POLICY

pg. 16

ADU OLAWALE ADEYINKA

ISIT201 INFORMATION AND COMMUNICATION SECURITY
ASSIGNMENT 1

pg. 17