3 Tips for Banks to Mitigate BYOD Risks

Banks collect and store mountains of data about transactions, customer accounts and trades, and the majority of that data is highly sensitive. Last December when Barclays failed to properly back up electronic records, emails and instant messages, it faced a $3.75M fine. A failure to back up financial data violates U.S. regulations and has a severe impact on a company’s reputation and database.

In the BYOD era, financial institutions face the same challenge as other industries when it comes to securing mobile data. Bill Carey, vice president of marketing and business development at Siber Systems, notes three solutions to the most common security threats for banks, according to InformationWeek:

While most laptops, PCs and mobile devices used by employees at banks require passwords to access anything on the system, the flaw lies in the execution, notes Carey. Employees choose passwords, such as date of birth and children’s names, that any hacker would be able to easily guess by doing some background research.

Tip: Educate employees about the risk of having easy-to-crack passwords and provide advice for creating a password that is more secure, like using upper and lowercase letters, symbols and numbers. Carey adds, “Strong passwords incorporating those elements can also be easy to remember if the employee uses symbols and numbers that resemble letters in a simple password, such as ‘Fri$b33’ for ‘Frisbee.’”

Just as employees need more education about password techniques, they need better training about the consequences of compromised data. Typically employees aren’t being ignorant about the security of the data, they just don’t know better, Carey writes. When employees use their smartphones for both personal and business purposes, they run the risk of jeopardizing their personal information as well.

Tip: Offer training sessions about how and why employees need to secure their devices and back up their data. The sessions should include techniques for creating secure passwords, ways to avoid keylogger scams and methods for protecting against viruses and malware, Carey suggests.

When companies have a BYOD-friendly office, it’s a requirement to have a BYOD policy so that employees know the rules and regulations of using laptops and mobile devices for business use. Yet, many banks who are new to the BYOD game haven’t implemented a mobile policy.

Tip: Write a policy and make sure employees understand and agree to the terms. The policy can include information about how to ask for support and tips for keeping data and devices secure, Carey says.

“Bank employees are just as vulnerable to hackers and data breaches in their day-to-day business operations as staff at other types of companies,” Carey says. While securing and backing up transactional data is important, as exemplified by Barclays, ensuring that employees understand the importance and risks of their BYOD behavior is essential.

H/T: InformationWeek