Personal Phones, iPads at Work: Convenience or Cyber Threat?

Personal devices can pose a serious threat to businesses if strict policies and preventative cybercrime measures are not put in place, according to a study. Advisory firms may be wise to maintain a watchful eye on employee communication.

Thirty-one percent of companies allow employees to access work devices for personal use and that percentage will likely increase, according to a study by ThreatMetrix. 

While it may be a convenient way to reduce costs, the negative implications are numerous. As technology innovations increase, advisors and their firms must be careful about maintaining a level of oversight over their employees' devices and communication in a world of information-overload, says Bill Winterberg, a technology consultant to financial advisers at FPPAD.com. 

"When sensitive information is loaded, an advisor's list of contacts for example could get into the wrong hands," he says. "But there are things advisors can do to secure their mobile devices, whether it's a work one or a personal one." 

Winterberg suggests advisors put a passcode on their mobile devices. He also says they should install mobile management tools, such as Symantec's Mobile Management, MobileIron, or Zenprise.

"They also need to know how to locate a lost or stolen device and know how to wipe their data remotely if needed," he says. "I don't think adviors are being cavalier about it, but when I talk at conferences I get the sense advisors didn't realize the risks of not adequately protecting the information on their mobile devices. 

ThreatMetrix, which specializes in cybercrime prevention, discovered that while one in four retail and financial service employees participate in bring-your-own-device, 15% of companies have no policy in place.

“While BYOD often enables a more efficient and productive workplace, businesses cannot ignore the additional risk of unknown devices connecting to corporate networks,” Andreas Baumhof, chief technology officer of ThreatMetrix, said in a statement. “As BYOD becomes commonplace across industries, a layered security approach, including device identification and malware protection is crucial to protect corporate and customer data.

The study surveyed U.S. business managers and IT executives within retail and financial services organizations on their level of cybersecurity planning and fraud prevention solutions.

"Without a layered approach to cybersecurity, employees’ personal devices can unwittingly expose corporate documents to fraud and malware," a release by the firm stated.

For companies that allow personal devices, most surveyed permit employee access to email (70%) and websites (53%), while few allow access to more sensitive data such as file servers (16%) financial records (13%).

“Retail and financial service organizations need preventative measures in place to protect both corporate and employee-owned devices from today’s highly sophisticated cybercrime threats,” continued Baumhof. “Ensuring that every device can be safely used in the workplace is a challenge for which few organizations are prepared. However, implementing robust BYOD policies and cybercrime prevention solutions can stop cybercriminals in their tracks and protect sensitive data.”

This is not the first time the threat of cybercrime in the financial industry has been closely examined. Last year, a survey by PricewaterhouseCoopers showed that cybercrime has become the second most common type of economic crime being experienced by financial services firms, after asset 'misappropriation'. 'Two-thirds of firms said at the time that they’ve been hit by the theft or ‘misappropriation’ of financial assets, according to the global survey of 3,877 respondents in 78 countries across multiple industries.

“We have found that highly regulated industries, such as financial services, typically? report more economic crime,’’ said Tony Parton, partner in Forensic Services for PwC UK, at the time of the study. “Their procedures and systems require greater levels of transparency, which increase? the likelihood of detecting incidents of fraud.’’

Read more: 

 

For reprint and licensing requests for this article, click here.
Practice management Technology
MORE FROM FINANCIAL PLANNING