Archive

Go to:

October 2017
SMTWTFS
1234567
891011121314
15161718192021
22232425262728
293031
< Sep Nov >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

Remote Device Security and the Risk of Data Breaches
Thursday, September 14, 2017 6:35 AM

Michael Salyer, IT Analyst, Credit Union Resources

In today’s business world, mobility is essential. In 2012, according to research from ZDNet, the average mobile worker carried 3.5 devices, which can include a mix of business and personal devices. This number is surely higher today. With the convenience of being able to work remotely from anywhere in the world comes the risk of data loss (destruction) and data breaches. Although the destruction of company data due to a destroyed device can be detrimental to a business, this blog will cover the risk of data breaches which could have a far more devastating and lasting impact.

Remote device security should begin with limiting who has access. Not every employee is going to require it, nor should they be granted access. All remote users, no matter who they are, should go through some kind of basic safety instructions on how to implement and maintain security on their devices. In addition, all devices with remote access must be configured with both a timeout and password, before being allowed to access the business’s data. End users should not be able to disable these functions. Finally, a remote wipe solution should be implemented on all remote devices, whether they be credit union issued or personal devices. Let’s take a closer look at the pros and cons of remote wipe solutions, and what happens if you’re depending too heavily upon them.

Some of the ways remote wipes can be accomplished are as follows:

  1. Some carriers have the ability to remotely wipe phones on their network. They can either do this themselves or instruct the business on how to do it.
  2. Install remote wipe software on the device. The down side to this process is that if a device is taken offline, data could be breached before the wipe could be performed.
  3. Some remote solutions rely on remote apps being in a separate encrypted container, segregated from the rest of the device’s functions. This solution could also include full encryption of the device.

One of the pros of a remote wipe solution should be obvious. Being able to remotely wipe all or a portion of the data from the phone will keep it out of unauthorized hands. Another positive is if this capability is done in house, corrective actions can be taken quickly, without having to rely on a third party. This is also why it’s important that any business that allows remote access should have lost phone procedures for employees to follow. In addition, having the ability to remotely wipe a device will enable the business to quickly remove access to company data when an employee is terminated.

Some cons would include, even with having a Bring Your Own Device (BYOD) policy, employees feeling uncomfortable with their employer having the ability to wipe their personal device. The employee should realize that this will be part of the risk, if they plan on using their own device. Another con, mentioned above, is that if the device is off the network, it cannot be wiped. This is why businesses should not overly rely on a remote wipe solution as their sole means of mobile device management (MDM).

Remote device security, like any other facet of cyber security, is the responsibility of the business’s IT department as well as the end user. All the security in the world is going to be ineffective if an employee doesn’t follow the security procedures they were trained on. Before your business decides to allow any kind of remote access to your confidential data, it is vital that you have a risk assessment performed and decide which product and solution is right for you. 

______________________________________________________

Assess Your Systems and Manage Your Risk

As technology changes, every credit union faces new security issues. Let Credit Union Resources help you stay on top of it—your future could depend on it. Our team of technology professionals provides guidance on compliance, shares best practices, and performs audits. We have a vested interest in your success, and your cybersecurity matters to us. To find out how we can help you manage cybersecurity and operational risks, contact:

Idrees Rafiq
469-385-6799
800-442-5762, ext. 6799
irafiq@curesources.coop

Deanna Brown
469-385-6464
800-442-5762, ext. 6464
dbrown@curesources.coop

About Credit Union Resources Inc.
Credit Union Resources is a service corporation that provides industry-leading solutions and expertise to credit unions across the country. Credit Union Resources is a wholly owned subsidiary of the Cornerstone Credit Union League, a regional trade association representing the interests of credit unions in Arkansas, Oklahoma, and Texas.