Smartphones, Mobile Computing Create Internal Security Challenges

CUs must respond by acquiring new mobile technology security.

May 1, 2014

The ubiquity of smartphones and laptops creates a complex problem: internal fraud by employees, says Brad Miller, CEO of Awareness Technologies, a CUNA Strategic Services alliance provider.

“Fraud today moves and is produced electronically,” says Miller. “When you were dealing only with desktops at work, it was easier to monitor and secure data flow. Laptops changed the game by allowing data to become portable and remotely accessed. With smartphones, the complexity of dealing with security has greatly increased.”

That’s because smartphones are not controllable in the same way that networked computer systems are, especially if the devices are employee-owned. “Security measures that worked with desktops or laptops don’t work with smartphones,” he says.

Miller says smartphone security has been a hot topic for some time, especially once companies began encouraging employees to bring their own communication devices to work as a cost-saving measure. “They forgot that if employees bring in their own devices, it’s hard to secure them.”

What many forget is that smartphones can push out client data, credit card numbers, and other sellable information. “Because they’re not covered by traditional computer security technology, credit unions have to acquire new mobile technology security,” Miller says. “Then, if they want to monitor the activity on these employee-owned devices, they have to get consent to monitor them. Employees have to understand that such consent may give a credit union access to personal information stored on a smartphone.”

Credit unions’ two main concerns are fraud prevention and knowing when fraud occurs. “Our solution, based on the observation that many events and situations in modern life are recorded, is simple: Record everything that happens on a device,” Miller explains. “Build in triggers based on keywords, patterns, programs accessed and used, data saved to USB drives, and so on. That will alert you to possible fraudulent use.”

The best preventive measure against internal fraud is staff’s awareness that everything they do on a device is being recorded, he says.

“Financial institutions go to great lengths to thwart dishonesty, and this is no different.”