As mobile banking transactions and enterprise mobility continue to dominate commerce in today’s digitally wired economy, banks and financial institutions around the world have had to sober up to the new harsh security realities, and have suffered damaging data breaches which hurt both their reputation and pocketbook – and it’s little wonder why. With all of that mobile financial data in constant motion between banks and their vastly growing mobile device network, a lucrative market has opened up for cybercriminals. They want their “piece of the pie”, and they’re not about to take no for an answer.
Hackers use an assortment of attack methods to pry client and business financial data from mobile devices, including malware, Distributed Denial of Service (DDoS) attacks, phishing, and keystroke logging amongst their most popular ways to break through security. Mobile devices are inherently more vulnerable to these attacks then well-fortified enterprise servers, as mobile banking employees store a wealth of information when using their personal email and favorite consumer apps. A study by Cisco revealed that while 83 percent of banking employees use their smartphone for work purposes, only 67 percent password-protect their device. These security gaps left open by employees are just one contributing factor which makes devices a relatively hack-friendly platform. The other major issue: Device security solutions can only offer a limited degree of protection, and when data is your most critical asset, that’s not nearly enough to prevent attackers from exploiting vulnerabilities and making their way to the corporate network. BYOD Smartphones and tablets have essentially become a fraudster’s paradise.
Banking security executives have come to realize the gravity of risks involved in rolling out mobile financial applications, both for consumers and for enterprise employees. Millions of smartphone users log in regularly to their banking accounts from their mobile devices, and banks have invested a great deal in innovating customer-facing apps in ways that save time, money and administrative overhead. These new features include being able to scan your cheque with your device and depositing it into your account. But the fear amongst C-level security officers is how these innovations can be hijacked from inside the user’s device and follow the data trail right on through to the enterprise network. The same fears hold true of enterprise apps residing on personally owned devices. It’s clear that a higher level of security is needed to protect data on BYOD devices.
As with many other sectors, financial firms have been using device-centric solutions such as MDM and MAM as part of their security strategy. While these approaches have been helpful in limiting the number of security attacks targeting devices, a higher level of security is needed for sensitive financial data, which when breached, can incur financial loss as well as stiff regulatory penalties.
The time for financial services to evolve in their mobile security approach is now, so that they can empower their professionals to compete and contribute to the bottom line from wherever they are, while being secure that their money is “in the bank”.
How do banks champion BYOD and support employees in using their preferred mobile devices while sealing off the entry-point to both proprietary and client financials? Make corporate data accessible, but keep it 100 percent separate from personal devices. This solution can be achieved by leveraging a relatively new and emerging approach known as Virtual Mobile Infrastructure. Under VMI, mobile enterprise apps and data are stored and managed from a remote server and transferred to devices as a display using one flat protocol. This turns the employee’s mobile device into a thin client with which employees access the reflected image of the apps from the server. Because a mobile OS is used to run apps which are optimized for a mobile interface, users can work with apps in the same way they use popular consumer apps on their personal device. But all corporate data stays where it can be best protected, the enterprise data center. If an employee’s device is lost or stolen, all IT has to do is disconnect its access from the network. Keeping these corporate and personal worlds separate also gains confidence with employees by removing fears of IT tampering with their personal devices and infringing on their privacy, which will boost compliance with BYOD policies all the more.
For banks and financial services firms, leveraging mobile data while ensuring it receives the highest possible level of security will be increasingly integral to their competitiveness in the market.
David Abbou