Can BYOD Work for Banks?
It’s difficult to know how many businesses have Bring Your Own Device policies, because researchers can’t seem to agree, citing statistics anywhere from 15% to 33%. What is clear, however, is that businesses are increasingly relying on BYOD and that this trend is only slated to increase. The new generation of employees relies more on mobile, and most workers prefer to use their own.
Like other businesses, financial institutions can benefit from the greater efficiency, improved user experience and increased transparency provided by remote access from any device. Respected organizations such as Citigroup have begun implementing BYOD policies for their employees, so that they can "enjoy the convenience of a single device for both business and personal purposes through a broad range of options."
The advantages of BYOD are clear. On the other hand, banks are privy to the most sensitive data about their customers and are at high risk for hacking and data breaches. Hacking programs are more sophisticated and sneakier than ever. New techniques for downloading and installing malware are constantly appearing on the horizon, sometimes bypassing endpoint security by exploiting old bugs.
How can banks enjoy the advantages of BYOD while protecting their customers?
Before a bank introduces BYOD, it must create a comprehensive policy that delineates best practices, legal issues and employee restrictions. This policy will have to be updated as technology changes and new threats emerge. A sample policy might include restrictions on accessing certain websites during work hours, blacklisted apps, the need for strong passwords and automatic locking of idle devices.
Although it’s fine to use Starbuck’s free Wi-Fi to search for hotel rooms or browse through Facebook, bank employees must use secure networks when accessing sensitive information from unsecured locations outside the firewall. This is typically ensured by means of a secure gateway, such as an SSL or IPSec VPN. Many organizations also limit accessibility so that some banking information is accessible on a home network, while other features of the database are available only from the office network.
Banks should test their various network security components with large volumes of realistic traffic that simulate cyber-attacks. Comprehensive testing that includes the latest applications and malware definitions helps keep the network safe from the newer techniques in hacking and security breaching.
By using remote access solutions to work with business-critical data and applications, rather than downloading or installing them onto the device itself, banks can ensure that no sensitive information is exposed if an employee's laptop, tablet or phone is lost or stolen. Instead, the organization's data and applications remain in the company’s secure data center, where they are better protected. In particular, HTML5-based access solutions can be implemented without the need for configuration or maintenance on the employee’s device, so it is particularly suited to BYOD.
Mobile allows for various forms of secure authentication. These include voice authentication, facial recognition and fingerprinting. Use of more than one type of authentication will keep data more secure, especially in the case of a lost or stolen device. In the event that a user’s password is obtained by a hacker, the remote network is still secure if protected by another factor, such as a security question or SMS code.
BYOD is here to stay in the business world, and that includes the banking world. Banks can enjoy the benefits of BYOD as long as they take the risks into account and protect their data in numerous ways. Comprehensive BYOD policies that combine elements such as remote access, secure networks, multi-factor authentication, and thorough testing help protect the bank’s sensitive data and keep vicious cyber-attacks at bay.