4. Encrypt devices, shared corporate documents and email attachments.
Any smartphone or tablet with bank information – whether bank-issued or employee-owned – should be encrypted in its entirety via the MDM solution to prevent access to corporate data in the event of device theft or loss. (Data is automatically decrypted once the user is authenticated.) All files and documents transmitted from the bank to the device should also be encrypted to protect data at rest as well as in transit.
Additional controls should be applied to email access. Attachments should be encrypted, and copy/paste operations from the email to any outside program should be disallowed. These functions can be enabled from the email program.
5. Separate business and personal information.
For further protection, all bank documents and other content pushed to any mobile device used for business should be wrapped in a password-protected secure container. This not only provides additional access control – making it harder for data thieves to crack the code – but also segregates personal files in the event that an admin must wipe business data when a device is lost, stolen or owned by an employee who is leaving the company.
6. Define policies for handling lost or stolen devices.
In addition to the encryption and containerization safeguards just mentioned to prevent business data from falling into the wrong hands, admins should be able to track devices by GPS, lock them remotely and selectively or completely delete stored information to avoid breaches and the associated repercussions. These features – all provided in an MDM solution – need to be backed by bank policies, particularly on wiping employee-owned devices.
One issue is that – even with containerization – personal data sometimes gets erased along with corporate data because it is difficult to identify where specific information is stored on the device. For that reason, employees who are using their own smartphones or tablets to access bank data should be required to sign an agreement stating that they understand the risk of losing personal information if their device goes missing or departs with them to the next job.
7. Monitor mobile expenses.
Device purchase costs are less than 10% of enterprise mobility spend. The bulk of the expense comes in recurring charges for voice and data service plans. Monitoring usage of voice, data and text messaging can deliver substantial savings, particularly with a mobile expense management solution that can issue real-time alerts when service plan usage exceeds pre-defined thresholds. Admins can then switch to packages with higher data or voice allowances before large overage charges cause budget overruns.
Clearly, given benefits ranging from employee convenience to a better customer-facing experience, increasing mobile adoption for bank employees is inevitable. The watchword to a successful rollout is control. These recommendations are a good starting point for achieving that goal.
Pankaj (PJ) Gupta is the CEO and Chief Architect at Amtel, developer of a cloud-based platform that integrates mobile device, app and expense management.