Pub. 9 2020 Issue 2

17 s u mm e r | 2020 F E A T U R E Managing the risk of mobile devices and BYOD is no different. Determining the risks and developing your controls relat- ing to mobile devices will produce the most successful marriage of convenience and security. Policies Written policies can provide specific mobile device and BYOD requirements and reinforce security expectations to your employees. Best practices, em- ployee restrictions and even legal issues should all be included in your policy. The following are best practices that should be incorporated in your Mobile Device/BYOD policy: • Strong and unique passwords. • Locking devices with biometric controls. • Data encryption. • Bluetooth and Wi-Fi features disabled except when in-use. • Bluetooth set to non-discoverable. • Security software installation. • Data wiping. • Reporting lost or stolen devices. • Multi-factor authentication. • Operating and security soft- ware updating. • Termination provisions. EMM and MDM Enterprise Mobility Management (EMM) and Mobile Device Manage- ment (MDM) solutions can assist and enforce secure policies, such as iden- tity management and authentication procedures. Secure Network Utilizing a secure gateway, such as a VPN, when accessing sensitive bank information from unsecured locations outside of the bank firewall, provides another crucial layer of security. The encrypted connection helps ensure that sensitive data is safely transmitted. You can even limit what bank information is accessible from a home network to protect bank and customer information. Training Employee training allows you to communicate your expectations for what your employees should and should not do with their devices. Require periodic training on the bank’s Mobile device/BYOD policy to provide your employees with up to date infor- mation and relay the bank’s emphasis on the security need for the devices. The frequency of training also reminds the employees of any aspects of security they may have forgotten and reinforces the overall importance of security. Training can incorporate policies, as well as best practices such as: • Using caution when open- ing email and text message attachments • Avoiding joining unknown Wi-Fi networks, especially public networks • Maintaining social awareness when utilizing mobile devices in public places Mobile device/BYOD use is a com- mon corporate practice in our world, and the banking industry is no differ- ent. Good planning allows banks to enjoy increased employee productivity and manage risk. Considering those risks and creating multi-layer controls can empower your bank and its’ em- ployees to incorporate mobile device/ BYOD use, protect your bank and customer data, and still be confident in your security posture. Missy Oliver works at CoNetrix as a Compliance & Security Consultant with seven years of technical and security experi- ence in the educational and financial sectors. She has a B.A. in Advertising/Public Relations from Texas Tech University. She assists with the creation, customization, and maintenance of information security programs, facility in security pro- grams, facilitation in the security committee meetings, and Cybersecurity Assessment Tool board training. The mobile technology environment makes work easier and more functional than ever before. Our mobile devices — including laptops, tablets, and smartphones — are highly transportable, making ubiquitous access to work data a simple task. Not only that, but most of our personal devices have our preferences saved, making them more comfortable to use.