If your credit union allows personal mobile devices to be used for company business, it should understand and prepare for the related risks.
While it’s probably not reasonable or desirable to prohibit mobile devices at work, the security risks are significant, says Ken Otsuka, senior consultant for CUNA Mutual Group’s Risk Management team.
“As mobile device use at work continues to explode, so does your risk,” he says. “It’s important to examine your credit union’s vulnerabilities and shore up security where needed.”
Otsuka suggests several steps credit unions should take to manage their mobile risks:
► Create a security policy. First and foremost, develop and maintain a comprehensive information technology (IT) security policy that addresses mobile devices.
This policy should be approved at the board level, and employees should review and sign off on this policy annually.
► Provide encryption. Encrypt sensitive data stored on mobile devices or when these devices are used to transmit sensitive data over the Internet or via email.
► Control and protect the devices. Require mobile devices to be password-protected, locked at all times, and able to be wiped clean remotely.
► Enforce time-out features. Install antivirus protection on all mobile devices used for credit union business and prohibit downloading applications and/or software without authorization or assistance from the IT department.
► Have secure network connections. Establish a secure socket layer virtual private network for employees to connect to the network using mobile devices. This protects data transmitted between the network and mobile devices.
► Don’t mix personal and business use. Credit union-issued devices are the safest option—provided the necessary security features are deployed.
But if your credit union does permit business to be conducted on employees’ personal devices, investigate software designed specifically for both purposes.