Mobile Security Tips for CUs

Five ways to keep information safe on mobile devices.

March 30, 2011

The financial industry has always been on the cutting edge of technology when it comes to protecting sensitive information. However, with work forces becoming more mobile, threats to that information are increasing.

According to a recent Symantec mobile security survey, 68% of survey respondents ranked loss or theft as their No. 1 mobile device security concern, while 56% said mobile malware is their No. 2 concern.

These tips from Symantec will help credit unions protect information on mobile devices:

1. Unblur the lines

Today, employees want to use whatever device they choose, and they want to have access to both their corporate and personal e-mail.

All organizations, including credit unions, are finding that the benefits of allowing employees to use the devices that make them the most productive are too great to ignore.

It’s no longer enough to erect high walls around networks. Organizations must set policies to help employees protect both their information and their devices.

Such policies should cover password enforcement—allowing only devices with encryption capabilities to connect to the infrastructure—and restricting any jail-broken or rooted devices from connecting to the network.

2. Click with caution

Just like on stationary PCs, social networking on mobile devices must be conducted with care and caution. Don’t open unidentified links, chat with unknown people or visit unfamiliar sites.

It doesn’t take much for a user to be tricked into compromising a device and the information on it. All of the same best practices applied to social networking on PCs should be applied to network-connected mobile devices.

These best practices include:

  • Check your privacy settings regularly to make sure your account and information is as secure as you think it is.
  • Don’t answer “yes” when prompted to save your password to a computer. Instead, rely on a strong password committed to memory or stored in a dependable password management program.
  • Don’t accept “friend” or “follower” requests from people you don’t know.
  • Don’t click on links in messages that seem strange or out of character, even if they’re from a known “friend.”

A common method used by attackers is to pose as a friend and send messages to users asking something like, “Is this you in this funny video?”

In reality, however, there’s no video, and when users try to open the “video” file, they’re infected with malware.

  • Never post social networking messages indicating your location, especially if you’re away from home.

In a similar vein, don’t post messages indicating you’ll be away from home on a specific date or time, such as being on vacation.

3. Encrypt and secure data

Across the board, information is a small business’s most valuable asset, and financial information is the most sensitive. Take steps to secure such data on mobile devices from unauthorized users and hackers.

Encryption is one of the best ways to go about this. Mobile security software is also a must for a comprehensive security approach.

4. Know what to do if a device is lost or stolen

In the case of a loss or theft, employees and management should know what to do next. Processes to deactivate the device and protect its information from intrusion should be in place.

Products are available for the automation of such processes, allowing smaller institutions to breathe easier after such incidents.

5. Change with the landscape

The mobile and security landscapes are always changing. New developments in technology, software, and security are always emerging, and hackers are changing, too.

One of the best ways for small institutions to stay safe and effective is to adapt with the improvements that become available. Not doing so would be the equivalent of choosing to be vulnerable.

Credit unions should do whatever they can within their budgets to regularly update their devices and software.