While this is great for productivity and saves the firm money, how are you securing mobile devices? Personal phones and tablets pose security risks. Mismanaged corporate devices present a similar problem.
Over 60 percent of the privacy breaches reported by the Privacy Rights Clearinghouse since 2005 involved compromised mobile devices.
Minimizing Risks Using MDM
When advisors have free access to the corporate network with their mobile devices, there is serious potential for company data loss any time that phone or tablet is lost or stolen. Even selling, upgrading, or exchanging the device can lead to catastrophe, as there will almost certainly be corporate information remaining on it.
Firm managers need to take a risk-based approach by deciding what data mobile devices will be allowed to access and store company information. Will it only be email, or will certain applications be permitted?
For maximum security, the firm will have to invest in a Mobile Device Management (MDM) platform that controls which phones or tablets can access certain applications on the network.
MDM plans can also configure both employee- and corporate-owned devices to resist hackers, implement data encryption and password protocols, and do a remote wipe and lock.
Establishing an Apps Download Policy
Apps can be tricky to control, and many of them can even be malicious. This is alarming when you consider that at one time, granting access to location data could also allow certain iOS apps to upload the user’s photo library. Android has similar vulnerabilities: any app authorized to access the Internet can potentially steal or damage files if it has been coded to do so.
Apps do present users with a list of requested permissions, but the problem is that the majority of advisors with their own devices will allow access to all so they can get on with using the app.
One solution is to impose restrictions on downloading apps to business devices. Many MDM packages support app whitelists and blacklists and can disable access to corporate data if suspicious activity is detected.
Conduct a Mobile Security Audit
All mobile security strategies need to include audits that examine the mobile infrastructure for loopholes and weaknesses. A typical methodology could include penetration testing on both the devices and the servers that control them and assessing their susceptibility to data breaches.
Detailed audits will also reveal any gaps between an advisory’s firm’s current procedures and established best practices.
Securing mobile devices should be part of your investment firm’s administrative and management infrastructure. Policies need to be reviewed at least twice a year and updated as the threat landscape changes.
Implementing a Mobile Device Management (MDM) package, coupled with employee training on best practices and annual device audits, can help companies make informed decisions on security investments as well as limit risk.
Has securing mobile devices become a priority for your LA investment advisory firm? Let us know your thoughts in the Comments box below.
And to follow-through on the tips introduced in this short article, be sure to download your free guide, Investing in High Net Worth Clients: The LA Investment Advisor's Guide to Using Technology to Manage and Grow Your Firm.