Security

05:30 PM
Ankur Chadda
Ankur Chadda
Commentary
50%
50%

Network Security Concerns With BYOD

How banks can mitigate the risk of a network breach as BYOD policies become commonplace.

Analyst firm Ovum predicts Bring Your Own Device (BYOD) is “here to stay,” noting that nearly 70% of employees use their tablets or phones to access corporate data, with 15.4% of them doing so without IT’s knowledge and nearly 21% in spite of established policy. IT at banking institutions should accept that BYOD is not simply a passing fad or an issue with just a handful of uncooperative employees. While there is certainly a strong demand for BYOD and banking industry firms are gradually accepting it, these companies are not always testing their networks to find the potential security problems that can come with BYOD.

BYOD does bring significant benefits, not just risks. It reduces equipment costs, can improve productivity and response times, and encourages employees to be more engaged with their work. According to research from audit, tax, and advisory firm Grant Thornton, more than 90% of senior executives and directors at the nation’s largest banks mark cyber security as their top concern. Given this concern, IT management should be doing more to protect their networks through testing.

Considerable risks
According to data from Longitude Research, the costs of loss of customer trust resulting from a cyberattack on a bank are nearly double the amount of any monetary damages incurred. Banks are naturally seen as bedrocks of security, so a breach becomes a branding nightmare and a legitimate cause for customer concern. An attack that shuts down a bank’s network can be crippling, with cost-per-minute downtimes reaching into the millions of dollars. Even if the network is simply slowed by malicious traffic, the effects can be very detrimental to banking and finance firms.

Enforcement challenges
Instituting a complete ban on BYOD is not likely to succeed, because the work/life barrier has shifted, and people will simply find workarounds in order to use their own devices. Remote wiping is obviously not okay when it comes to personal devices. IT staff also does not have enough time to check everyone’s devices (especially in bank branches where there might not be on-site IT). Employees might also engage in “jailbreaking” their devices so they can effectively hide their activities and work around corporate policy. Even with stringent protocols in place, employees will still use their devices, or services such as DropBox or iCloud to store documents.

Holes open quickly
With BYOD, breaches can happen quickly. Consider that an infected personal phone or tablet can jump defenses that might protect your corporate WAN link, but are easily defeated as soon as the device logs onto the corporate WiFi. IF IT does have good control of BYOD policy enforcement, they can still be thwarted by just one user that doesn’t perform a manual update or patch to an application, thereby opening up a security hole.

Testing is vital
Considering the risks and many avenues of potential breaches, proactive monitoring of the risks is crucial to protecting the network. A bank’s various network security components should be tested with large volumes of realistic traffic in order to best simulate breach attempts and needle-in-a-haystack scenarios. Advanced test solutions can produce traffic that represents millions of users and many different types of applications, which is vital given the increasing number of BYOD users.

Testing should be comprehensive and include the latest applications and updated malware definitions to ensure the latest threats are accounted for. Brute-force login attempts are on the rise, and DDoS attacks are increasing in both volume and severity, so testing needs to be robust in order to find these and other attack methods. Continuous testing should be in place to provide visibility to IT, with repeatable test scenarios running frequently so attacks are found as they happen, not days too late.

Banks should develop BYOD policies that allow employees to be productive and mobile while ensuring the network and customer data remains secure. Well constructed policies and in-depth training should complement proactive network testing which can find security holes before they are exploited.

Ankur Chadda is a product marketing manager at Spirent Communications covering the security and applications market. View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Threaded  |  Newest First  |  Oldest First
Brook Zimmatore
50%
50%
Brook Zimmatore,
User Rank: Apprentice
8/4/2014 | 6:01:12 PM
BYOD Policies and theft
Good points in this article. The primary concerns I see in BYOD are the obvious ones which have resulted in eventual security breaches. The first is malware as personal devices are much more prone to infection and targeting, especially when used in open internet locations. Android phones accounted for almost all phone malware last year. The next is theft as personal devices are constantly mobile.
Byurcan
50%
50%
Byurcan,
User Rank: Author
8/5/2014 | 9:33:21 AM
Re: BYOD Policies and theft
Interesting that the survey referenced indicates that 15 percent of employees are using their personal devices for work without IT's knowledge. This is a hige security risk, and illustrates why it's important for firms to have well-thought out BYOD policies in place.
Kelly22
50%
50%
Kelly22,
User Rank: Author
8/5/2014 | 12:49:41 PM
Re: BYOD Policies and theft
Just as (if not more) concerning is the 21% who use their own devices in spite of company policy. Seems that BYOD is here to stay, and firms should address the trend in order to best protect themselves from attacks. 
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
8/8/2014 | 2:53:07 PM
Re: BYOD Policies and theft
Any company that thinks that their employees aren't using personal devices for work at this point is pretty delusional. This is simply the new reality.
Byurcan
50%
50%
Byurcan,
User Rank: Author
8/8/2014 | 3:09:57 PM
Re: BYOD Policies and theft
Yes, companies that don't have BYOD policies at this point are behind the times.
KBurger
50%
50%
KBurger,
User Rank: Author
8/10/2014 | 7:47:39 PM
Re: BYOD Policies and theft
What????? Oh boy, are you in trouble Jon! JUST KIDDING.
Jonathan_Camhi
50%
50%
Jonathan_Camhi,
User Rank: Author
8/11/2014 | 3:37:00 PM
Re: BYOD Policies and theft
Good one Kathy.
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology Oct. 14, 2014
Bank Systems & Technology's new Must Reads is a compendium of our best recent coverage of customer analytics. Learn what big data means for banks, meet Wells Fargo CDO Charles Thomas, find out how to connect with your Gen Y customers, and more.
Slideshows
Video
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.