Comments
Top 5 BYOD Pitfalls Your Bank Should Avoid
Newest First  |  Oldest First  |  Threaded View
KBurger
50%
50%
KBurger,
User Rank: Author
10/10/2013 | 11:50:34 AM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
Healthcare is a great test "case"/area for many of these emerging technology areas. My understanding from covering insurance is that providers (doctors, mainly) are ironically resistant to change and don't like to have new systems imposed on them, even if there are proven benefits. So any successes in educating providers about benefits, policy, process, etc., should provide some real best practices to other industries. Thanks for your insights.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/10/2013 | 9:46:58 AM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
Great example. When it comes to security and compliance, technology can't meet the demands alone. Companies need training and education of employees to enforce the rules. CISOs are also facing this challenge. Many thought that a good firewall or other security technology was enough. But all employees need to be aware of threats and, in this case, potential HIPAA violations.
hudson.josh
50%
50%
hudson.josh,
User Rank: Apprentice
10/10/2013 | 3:07:29 AM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
In healthcare (just like in banking with SOX), not having a good BYOD policy can result in large HIPAA fines, so a good BYOD policy is very important but it is really the education of staff about the policy that will make it a success or failure. An good example is that our hospital put a BYOD policy in place to use Tigertext for HIPAA and SOX complient text messaging, but the doctors still used their unsecure regular SMS text messaging. Even though we had a good BYOD policy, it wasn't enough, we had to bring each doctor in to admin for training and explaining the HIPAA issues and how to use the app correctly. Now we have most of the doctors in compliance which has significently lowered the HIPAA risks and increased productivity for the doctors and the hospital. Here is an example of a BYOD policy similar to ours: http://www.hipaatext.com/wp-co...
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/3/2013 | 12:26:24 PM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
Thanks for the note. There are a variety of ways to secure BYO devices. Sometimes, a firm insists on the ability to lock down the entire device, but this doesn't seem to be the preferred way anymore. Sometimes, a firm can secure the data on the device (in a wrapper, or box). Or, as you mentioned, a firm can secure the connection to the corporate systems that house the data.
AdamG293
50%
50%
AdamG293,
User Rank: Apprentice
10/1/2013 | 6:37:36 PM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
BYOD will continue growing as mobile devices continue to play a greater role in our lives. That's why most major IT players are offering solutions to address such BYOD challenges as security and device management.

Does BYOD come with headaches? Of course it does. However, security issues and IT management headaches (how do I support all those devices?) can be addressed by using new HTML5 technologies that enable users to connect to applications and systems without requiring IT staff to install anything on user devices. For example, Ericom AccessNow is an HTML5 RDP client that enables remote users to securely connect from iPads, iPhones and Android devices to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. This enhances security by keeping applications and data separate from personal devices.

Since AccessNow doesn't require any software installation on the end user device G just an HTML5 browser, network connection, URL address and login details - IT staff end up with less support hassles. The volunteer or temporary employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.

Visit http://www.ericom.com/BYOD_Wor... for more info.

Please note that I work for Ericom
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/1/2013 | 2:04:38 PM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
Many BYOD policies are actually just that: Bring (or Buy) Your Own Device. The employee goes out and gets the device that they want to use. The company then secures the corporate data on the device.
Byurcan
50%
50%
Byurcan,
User Rank: Author
10/1/2013 | 12:51:33 PM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
I would have assumed any company with a BYOD policy was already buying the devices for employees, rather than giving them a stipend to purchase what they want, but if many are still doing the latter, it seems very unsecure. The company buying the device would allow IT to install the necessary security controls before issuing to the employee.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Author
10/1/2013 | 12:40:30 AM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
It seems that BYOD and mobile security is no longer about the device. Instead, mobile security is about securing the data on the device. Some FIs no longer care what device you use. Instead, the company encrypts and secures a portion of the device that holds corporate data. In the event of a compromised device, the company can wipe the "company" data on the device, while the rest of the device remains untouched.
Nathan Golia
50%
50%
Nathan Golia,
User Rank: Author
9/30/2013 | 11:31:03 PM
re: Top 5 BYOD Pitfalls Your Bank Should Avoid
Interesting stuff. I do wonder about #3, though. When it comes to financial institutions, sometimes it's not so much "bring your own device" as it is "you can use the device you prefer from the selection of the most popular handsets and OSes." I don't think this is a bad approach G I think in a highly regulated industry where security is paramount, it's important to ensure that IT understands the environment through which data is being moved.


Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This is a secure windows pc.
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2017-0290
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

CVE-2016-10369
Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

CVE-2016-8202
Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

CVE-2016-8209
Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

CVE-2017-0890
Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.