SlideShare a Scribd company logo

Mobile Devices for Today's Banking Environment

Download as PPTX, PDF
Scott Sharp
Scott Sharp

With the transition from mobile phones to mobile devices (such as iPhone, iPad, or Android) comes greater productivity with greater vulnerability. This presentation will explore the transition from phones to mobile devices along with the best practices in securing such devices and common uses in banking environments not yet commonly deployed. With proper compensating controls, the tactical advantages and productivity savings far out way the risks of deploying mobile devices, so why not explore the options that best fit your environment?

Technology
1 of 32
MOBILE DEVICES IN TODAY’S BANKING ENVIRONMENT Scott Sharp
SCOTT SHARP  Chief Technology Officer for Sharp BancSystems, Inc.  VP, Director of Information Security for First Baird BancShares, Inc.  CISSP, LPT, CHFI, CEH, MCITP, RHCSA, CCNA, etc…  Part Banker / Part Geek
OVERVIEW & INTENT  Overview  Mobile Use  Statistics  Scary Facts  Mitigation & Best Practices  Automated Tools  Intent  Not to Scare, unless it helps motivate  Inform
MOBILE DEVICES ON THE RISE  Smart Phones are rapidly replacing regular mobile phones; Gartner reported 85% year-over- year increase  Smart Phones and other mobile devices are smaller, lighter, and easier to take everywhere; with similar capabilities to PC’s  PC’s have long been the target of security audits while mobile is being overlooked
IMPORTANCE OF MOBILE  How Important are mobile devices to your organization?  Where do you fit in?  What about BYOD? Bring Your Own Device
MOBILE DEVICE TYPES  Smart Phones  Apple  Android (Google)  Blackberry (RIM)  Microsoft  Other  Tablets  Apple  Android  Other Source: comScore (February 2012)
COMMON USES In Financial Institutions: For Consumer:  Phones for Officers  Mobile Banking  Web Based, read your logs  Board Room Automation  App Based  Web Delivery or USB  Email - ALL  Meeting Notes  Text  Remote Workers  Contacts  Customer Service Terminal  Home, Mom, Hubby  Health  Customer Support  Social  Point Of Sale  Fun
CHALLENGES TO MOBILE  Security  Upgrades  Policy Enforcement  Consistency  Training  User  Tech
WHY DOES SECURITY MATTER?  Would you conduct online banking and shopping on a PC without an antivirus software installed?  Are you willing to remove antivirus, firewall, encryption and VPN software on your workstation?  In the transition from Phones to Smart Phones; Why weren’t we paying attention?
VULNERABILITY POINTS (1 OF 2)  Unencrypted Information  On Phone  Removable Memory Card  Responsible for data once received  Consumer Applications  Share more than needed  Unproductive behavior  Mobile Malware  Looks Fun, but designed to steal  Less on Apple, more on other  Weak Passwords or none at all  SMS Fuzzing  Discover device  Bluetooth/Wireless Interfaces
VULNERABILITY POINTS (2 OF 2)  GPS Location Services  Where are you now?  Camera, Video, Microphones  Theft from BYOD (Bring Your Own Device)  Internal Storage (USB or Cloud)  Equivalent to Thumb Drive, sometimes without plugging in!  Carrier Service Technicians  They have the key to the data!  Manufacturer Data Storage  Blackberry or others (banned in France)  Call Recording - SIP  Older Devices  Patched, Not Patched, Supported?
HACK DEMONSTRATION  Most Common Bluetooth Hack Tools:  Super Bluetooth Hack 1.08  Blue Scanner  Blue Sniff  BlueBugger  BTBrowser  BTCrawler  BlueSnarfing
TYPICAL DATA ON DEVICES  Loan Portfolios or Board Packages  Web Delivery or USB  Email  Different from PC, b/c of location  Contacts  Corporate Account Take Over (CATO)  Guidance – Reasonable Assumption  Certificates / Keys for VPN  Personal Data  Wait for later information  Blackmail
BREACH LAWS  http://www.ncsl.org/issues-research/telecom/security-breach- notification-laws.aspx  Where the Customer is Located!  For Texas: "breach of system security" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive personal information maintained by a person, including data that is encrypted if the person accessing the data has the key required to decrypt the data.
POST BREACH CLEAN-UP  Legal Representation  Investigation – Forensics  Regulatory  Reputational  Newspaper or Channel 5  Social Media / Internet  Identity Theft Solutions  Lawsuits
NOW FOR THE NOT SO SCARY PART  Mitigating the Risk  Business Case w Risk Assessment  Policy  Agreements  Device Selection  Device Management  Configuration  Applications  Automated Solutions  Audit & Update Risk Assessment
MITIGATING – BUILD A CASE  Build a Business Case to Permit and/or Use Mobile Devices  Cost of Device  Cost of Compliance  Identify Users  Implementation Staff  Training?  Get Approval?
MITIGATING – POLICY & AGREEMENT  Policy  Device Types  Control  Permission  Monitoring  Enforcement  Agreement  User Acknowledgement  Understanding  Acceptance  Annually!
MITIGATING – DEVICE SELECTION  Apple  iPhone  Encrypted by Default  Encryption uncracked, keys are easy to obtain: http://www.eweek.com/c/a/Security/iPhone-4-Encryption-Remains-Uncracked-But- Password-Keys-Easy-to-Obtain-686228/  Better App Controls in iTunes  Likes to add Cloud Sync  Remote Wipe Capable  iPad  Same as iPhone  Bigger target for theft
MITIGATING – DEVICE SELECTION  Android – Phone & Tablet  Currently the Most Popular  Offers more Control & Faster Innovation  Not Encrypted by default  No Remote Wipe by default – look for highly regarded ―Mobile Defense‖ app  Location Services from some Vendors  Inconsistent Implementation of features  Vendor’s Choice  Open Source, but Supported
MITIGATING – DEVICE SELECTION  Others  Blackberry  Losing Market Share FAST!  Banned for Government use in some countries  Stores data in transit for 7 days  Expensive to Control  Blackberry Enterprise Server  Other Solutions to fill Gaps  Microsoft  Newer / Less Market Share  Stigma from previous versions
DEVICE RECOMMENDATIONS  Stick with Apple and/or Android  The more devices, the higher cost of ownership  Use Third Party Software/Services to fill Compliance Gaps  At the Least:  Remote Wipe  Password Protection (more than 4 number PIN)  Encryption (all storage & transmission)  Update device every 2 years  Support, but more importantly, Vulnerability Management
MITIGATING – DEVICE MANAGEMENT  Common Configuration Controls for Devices:  Encryption (ENABLE, all Storage)  Allow or prohibit simple password  Remote wipe (ENABLE)  Password expiration (90 Days)  Enforce password on device  Password history (5) (ENABLE)  Policy refresh interval (Daily)  Minimum password length (8 or Optional: biometic)  Minimum number of complex  Maximum failed password characters in password attempts before local wipe (10-15)  Require manual syncing while  Require both numbers and letters roaming (ENABLE)  Allow camera  Inactivity time in minutes (1 to 5 minutes)  Allow web browsing
MITIGATING – DEVICE MANAGEMENT  Less Common Configuration Controls for Devices:  Block access from unapproved  App Management: devices  Whitelist Approved Apps  Block access from non-compliant  Prevent Removal of Antivirus, devices Firewall, etc.  Device Check-In Interval  Block Non-Approved Apps  Ensure Device not Lost  Manage App Access to Functions  Automatically Wipe  Disable Access to GPS for Social Apps  Prevent Wireless & Bluetooth  Enable/Disable GPS  Designated Staff Administer Bluetooth Devices only  Monitor Employee  Recover Phone
MITIGATING  Select the Controls that work best to protect your institution  Test Features & Controls  Monitor Usage & Compliance  Enforce Policy Not much different than a PC, is it?
MITIGATING – TOOLS & AUDITS  Automated Solutions:  Symantec Mobile Management: http://www.symantec.com/mobile- management  MaaS360 Mobile Device and App Management: http://www.maas360.com  Zenprise MobileManager: http://www.zenprise.com/products/zenprise- mobilemanager  Good for Enterprise (GFE): http://www.good.com/products/good-for- enterprise.php  Risk Assessment:  Consider New Controls  Before and After Audit  Audit:  In Scope Statement
CONCLUSION  Form an adoption Plan  Identify Users & Support  Agreements to Ensure Understanding  Identify Devices  Pick 1 or 2 devices to support at most  Identify Features  Control Device Features  Identify Apps  Require Security Apps for Antivirus, Firewall, Encryption, Remote Wipe, Tracking  Whitelist good, Blacklist everything else  Use Tools to Control and Monitor – Ensure Compliance  DOD Wipe prior to service or return  Test, Monitor, Audit
OUT OF SCOPE ADDITION  Note relating to Customers  Update Online Banking & Website Disclosures / Policies  PC/Computer = PC/Computer or Mobile Device  Additions to Website  Notification of Lost/Stolen Phone or other Device  Suspend Online Banking and Bill Pay Accounts  Change Password and/or Username  Invest in Mobile formatted Website  Quick links to ATM/Branch locations  Links to Online Banking Login  Even if Online Banking is not Mobile Enabled  Disclose mobile devices that work
ENDING REMARKS  Mobile is here to stay, will only increase  Secure through tools  through prohibition is only temporary
QUESTIONS ?
CONTACT ME http://www.linkedin.com/in/mscottsharp scott@firstbaird.com scott@sharpbancsystems.com scott@geekandahalf.com (972) 979-2680
REFERENCES Rashid, Fahmida Y. (2011) iPhone 4 Encryption Remains Uncracked, but Password Keys Easy to Obtain. Retrieved from http://www.eweek.com/c/a/Security/iPhone-4-Encryption-Remains- Uncracked-But-Password-Keys-Easy-to-Obtain-686228/ Parmar, Vivek (2010) 7 Most Popular Bluetooth Hacking Software To Hack Mobile Phones. Retrieved from http://techpp.com/2010/06/30/7-most-popular-bluetooth-hacking-software-to- hack-your-mobile-phone/ Notes on the implementation of encryption in Android 3.0. Retrieved from http://source.android.com/tech/encryption/android_crypto_implementation.htm Pinola, Melanie Install or Enable Remote Wipe on Your Smartphone Now. Retrieved from http://mobileoffice.about.com/od/mobilesecurity/qt/smartphone-remote-wipe.htm Bradley, Tony Lock Down Your Android Devices. Retrieved from http://www.pcworld.com/businesscenter/article/209597/lock_down_your_android_devices.ht ml Choudhry, Shahab (2012) iPad in Banking – 7 Important Considerations. Retrieved from http://www.propelics.com/ipad-in-banking-7-important-considerations/ Brownlow, Mark (2012) Smartphone statistics and market share. Retrieved from http://www.email- marketing-reports.com/wireless-mobile/smartphone-statistics.htm Oltsik, Jon (2010) Juniper Networks Bets on Mobile Device Security—and Beyond. Retrieved from http://www.enterprisestrategygroup.com/2010/08/juniper-networks-bets-on-mobile-device- security%E2%80%94and-beyond/ Shein, Omar (2012). Blackberry, Are we hacked?. Security Kaizen Magazine, Vol 2, Issue 5, 5-6.

Recommended

The product importance and involvement measurement
The product importance and involvement measurementThe product importance and involvement measurement
The product importance and involvement measurementBisola Eirene Efemini
 
Mobile banking project
Mobile banking projectMobile banking project
Mobile banking projectArfan Afzal
 
Virtualization in Community Banks
Virtualization in Community BanksVirtualization in Community Banks
Virtualization in Community BanksScott Sharp
 
Regulatory Hot Topics 2012
Regulatory Hot Topics 2012Regulatory Hot Topics 2012
Regulatory Hot Topics 2012Scott Sharp
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 

Recommended

The product importance and involvement measurement
The product importance and involvement measurementThe product importance and involvement measurement
The product importance and involvement measurementBisola Eirene Efemini
 
Mobile banking project
Mobile banking projectMobile banking project
Mobile banking projectArfan Afzal
 
Virtualization in Community Banks
Virtualization in Community BanksVirtualization in Community Banks
Virtualization in Community BanksScott Sharp
 
Regulatory Hot Topics 2012
Regulatory Hot Topics 2012Regulatory Hot Topics 2012
Regulatory Hot Topics 2012Scott Sharp
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture CodeSkeleton Technologies
 

More Related Content

Recently uploaded

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 

Recently uploaded (20)

Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024Manulife - Insurer Innovation Award 2024
Manulife - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 

Featured

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Applitools
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at WorkGetSmarter
 

Featured (20)

AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
Unlocking the Power of ChatGPT and AI in Testing - A Real-World Look, present...
 
12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work12 Ways to Increase Your Influence at Work
12 Ways to Increase Your Influence at Work
 
ChatGPT webinar slides
ChatGPT webinar slidesChatGPT webinar slides
ChatGPT webinar slides
 
More than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike RoutesMore than Just Lines on a Map: Best Practices for U.S Bike Routes
More than Just Lines on a Map: Best Practices for U.S Bike Routes
 

Mobile Devices for Today's Banking Environment

  • 1. MOBILE DEVICES IN TODAY’S BANKING ENVIRONMENT Scott Sharp
  • 2. SCOTT SHARP  Chief Technology Officer for Sharp BancSystems, Inc.  VP, Director of Information Security for First Baird BancShares, Inc.  CISSP, LPT, CHFI, CEH, MCITP, RHCSA, CCNA, etc…  Part Banker / Part Geek
  • 3. OVERVIEW & INTENT  Overview  Mobile Use  Statistics  Scary Facts  Mitigation & Best Practices  Automated Tools  Intent  Not to Scare, unless it helps motivate  Inform
  • 4. MOBILE DEVICES ON THE RISE  Smart Phones are rapidly replacing regular mobile phones; Gartner reported 85% year-over- year increase  Smart Phones and other mobile devices are smaller, lighter, and easier to take everywhere; with similar capabilities to PC’s  PC’s have long been the target of security audits while mobile is being overlooked
  • 5. IMPORTANCE OF MOBILE  How Important are mobile devices to your organization?  Where do you fit in?  What about BYOD? Bring Your Own Device
  • 6. MOBILE DEVICE TYPES  Smart Phones  Apple  Android (Google)  Blackberry (RIM)  Microsoft  Other  Tablets  Apple  Android  Other Source: comScore (February 2012)
  • 7. COMMON USES In Financial Institutions: For Consumer:  Phones for Officers  Mobile Banking  Web Based, read your logs  Board Room Automation  App Based  Web Delivery or USB  Email - ALL  Meeting Notes  Text  Remote Workers  Contacts  Customer Service Terminal  Home, Mom, Hubby  Health  Customer Support  Social  Point Of Sale  Fun
  • 8. CHALLENGES TO MOBILE  Security  Upgrades  Policy Enforcement  Consistency  Training  User  Tech
  • 9. WHY DOES SECURITY MATTER?  Would you conduct online banking and shopping on a PC without an antivirus software installed?  Are you willing to remove antivirus, firewall, encryption and VPN software on your workstation?  In the transition from Phones to Smart Phones; Why weren’t we paying attention?
  • 10. VULNERABILITY POINTS (1 OF 2)  Unencrypted Information  On Phone  Removable Memory Card  Responsible for data once received  Consumer Applications  Share more than needed  Unproductive behavior  Mobile Malware  Looks Fun, but designed to steal  Less on Apple, more on other  Weak Passwords or none at all  SMS Fuzzing  Discover device  Bluetooth/Wireless Interfaces
  • 11. VULNERABILITY POINTS (2 OF 2)  GPS Location Services  Where are you now?  Camera, Video, Microphones  Theft from BYOD (Bring Your Own Device)  Internal Storage (USB or Cloud)  Equivalent to Thumb Drive, sometimes without plugging in!  Carrier Service Technicians  They have the key to the data!  Manufacturer Data Storage  Blackberry or others (banned in France)  Call Recording - SIP  Older Devices  Patched, Not Patched, Supported?
  • 12. HACK DEMONSTRATION  Most Common Bluetooth Hack Tools:  Super Bluetooth Hack 1.08  Blue Scanner  Blue Sniff  BlueBugger  BTBrowser  BTCrawler  BlueSnarfing
  • 13. TYPICAL DATA ON DEVICES  Loan Portfolios or Board Packages  Web Delivery or USB  Email  Different from PC, b/c of location  Contacts  Corporate Account Take Over (CATO)  Guidance – Reasonable Assumption  Certificates / Keys for VPN  Personal Data  Wait for later information  Blackmail
  • 14. BREACH LAWS  http://www.ncsl.org/issues-research/telecom/security-breach- notification-laws.aspx  Where the Customer is Located!  For Texas: "breach of system security" means unauthorized acquisition of computerized data that compromises the security, confidentiality, or integrity of sensitive personal information maintained by a person, including data that is encrypted if the person accessing the data has the key required to decrypt the data.
  • 15. POST BREACH CLEAN-UP  Legal Representation  Investigation – Forensics  Regulatory  Reputational  Newspaper or Channel 5  Social Media / Internet  Identity Theft Solutions  Lawsuits
  • 16. NOW FOR THE NOT SO SCARY PART  Mitigating the Risk  Business Case w Risk Assessment  Policy  Agreements  Device Selection  Device Management  Configuration  Applications  Automated Solutions  Audit & Update Risk Assessment
  • 17. MITIGATING – BUILD A CASE  Build a Business Case to Permit and/or Use Mobile Devices  Cost of Device  Cost of Compliance  Identify Users  Implementation Staff  Training?  Get Approval?
  • 18. MITIGATING – POLICY & AGREEMENT  Policy  Device Types  Control  Permission  Monitoring  Enforcement  Agreement  User Acknowledgement  Understanding  Acceptance  Annually!
  • 19. MITIGATING – DEVICE SELECTION  Apple  iPhone  Encrypted by Default  Encryption uncracked, keys are easy to obtain: http://www.eweek.com/c/a/Security/iPhone-4-Encryption-Remains-Uncracked-But- Password-Keys-Easy-to-Obtain-686228/  Better App Controls in iTunes  Likes to add Cloud Sync  Remote Wipe Capable  iPad  Same as iPhone  Bigger target for theft
  • 20. MITIGATING – DEVICE SELECTION  Android – Phone & Tablet  Currently the Most Popular  Offers more Control & Faster Innovation  Not Encrypted by default  No Remote Wipe by default – look for highly regarded ―Mobile Defense‖ app  Location Services from some Vendors  Inconsistent Implementation of features  Vendor’s Choice  Open Source, but Supported
  • 21. MITIGATING – DEVICE SELECTION  Others  Blackberry  Losing Market Share FAST!  Banned for Government use in some countries  Stores data in transit for 7 days  Expensive to Control  Blackberry Enterprise Server  Other Solutions to fill Gaps  Microsoft  Newer / Less Market Share  Stigma from previous versions
  • 22. DEVICE RECOMMENDATIONS  Stick with Apple and/or Android  The more devices, the higher cost of ownership  Use Third Party Software/Services to fill Compliance Gaps  At the Least:  Remote Wipe  Password Protection (more than 4 number PIN)  Encryption (all storage & transmission)  Update device every 2 years  Support, but more importantly, Vulnerability Management
  • 23. MITIGATING – DEVICE MANAGEMENT  Common Configuration Controls for Devices:  Encryption (ENABLE, all Storage)  Allow or prohibit simple password  Remote wipe (ENABLE)  Password expiration (90 Days)  Enforce password on device  Password history (5) (ENABLE)  Policy refresh interval (Daily)  Minimum password length (8 or Optional: biometic)  Minimum number of complex  Maximum failed password characters in password attempts before local wipe (10-15)  Require manual syncing while  Require both numbers and letters roaming (ENABLE)  Allow camera  Inactivity time in minutes (1 to 5 minutes)  Allow web browsing
  • 24. MITIGATING – DEVICE MANAGEMENT  Less Common Configuration Controls for Devices:  Block access from unapproved  App Management: devices  Whitelist Approved Apps  Block access from non-compliant  Prevent Removal of Antivirus, devices Firewall, etc.  Device Check-In Interval  Block Non-Approved Apps  Ensure Device not Lost  Manage App Access to Functions  Automatically Wipe  Disable Access to GPS for Social Apps  Prevent Wireless & Bluetooth  Enable/Disable GPS  Designated Staff Administer Bluetooth Devices only  Monitor Employee  Recover Phone
  • 25. MITIGATING  Select the Controls that work best to protect your institution  Test Features & Controls  Monitor Usage & Compliance  Enforce Policy Not much different than a PC, is it?
  • 26. MITIGATING – TOOLS & AUDITS  Automated Solutions:  Symantec Mobile Management: http://www.symantec.com/mobile- management  MaaS360 Mobile Device and App Management: http://www.maas360.com  Zenprise MobileManager: http://www.zenprise.com/products/zenprise- mobilemanager  Good for Enterprise (GFE): http://www.good.com/products/good-for- enterprise.php  Risk Assessment:  Consider New Controls  Before and After Audit  Audit:  In Scope Statement
  • 27. CONCLUSION  Form an adoption Plan  Identify Users & Support  Agreements to Ensure Understanding  Identify Devices  Pick 1 or 2 devices to support at most  Identify Features  Control Device Features  Identify Apps  Require Security Apps for Antivirus, Firewall, Encryption, Remote Wipe, Tracking  Whitelist good, Blacklist everything else  Use Tools to Control and Monitor – Ensure Compliance  DOD Wipe prior to service or return  Test, Monitor, Audit
  • 28. OUT OF SCOPE ADDITION  Note relating to Customers  Update Online Banking & Website Disclosures / Policies  PC/Computer = PC/Computer or Mobile Device  Additions to Website  Notification of Lost/Stolen Phone or other Device  Suspend Online Banking and Bill Pay Accounts  Change Password and/or Username  Invest in Mobile formatted Website  Quick links to ATM/Branch locations  Links to Online Banking Login  Even if Online Banking is not Mobile Enabled  Disclose mobile devices that work
  • 29. ENDING REMARKS  Mobile is here to stay, will only increase  Secure through tools  through prohibition is only temporary
  • 32. REFERENCES Rashid, Fahmida Y. (2011) iPhone 4 Encryption Remains Uncracked, but Password Keys Easy to Obtain. Retrieved from http://www.eweek.com/c/a/Security/iPhone-4-Encryption-Remains- Uncracked-But-Password-Keys-Easy-to-Obtain-686228/ Parmar, Vivek (2010) 7 Most Popular Bluetooth Hacking Software To Hack Mobile Phones. Retrieved from http://techpp.com/2010/06/30/7-most-popular-bluetooth-hacking-software-to- hack-your-mobile-phone/ Notes on the implementation of encryption in Android 3.0. Retrieved from http://source.android.com/tech/encryption/android_crypto_implementation.htm Pinola, Melanie Install or Enable Remote Wipe on Your Smartphone Now. Retrieved from http://mobileoffice.about.com/od/mobilesecurity/qt/smartphone-remote-wipe.htm Bradley, Tony Lock Down Your Android Devices. Retrieved from http://www.pcworld.com/businesscenter/article/209597/lock_down_your_android_devices.ht ml Choudhry, Shahab (2012) iPad in Banking – 7 Important Considerations. Retrieved from http://www.propelics.com/ipad-in-banking-7-important-considerations/ Brownlow, Mark (2012) Smartphone statistics and market share. Retrieved from http://www.email- marketing-reports.com/wireless-mobile/smartphone-statistics.htm Oltsik, Jon (2010) Juniper Networks Bets on Mobile Device Security—and Beyond. Retrieved from http://www.enterprisestrategygroup.com/2010/08/juniper-networks-bets-on-mobile-device- security%E2%80%94and-beyond/ Shein, Omar (2012). Blackberry, Are we hacked?. Security Kaizen Magazine, Vol 2, Issue 5, 5-6.

Editor's Notes

  1. WelcomeThank you for attending
  2. When talking to auditors:Question – Mobile DevicesHow many answer No; knowing personal phonesAnswer Yes, but only address company devices
  3. No one should be in bottom 14% b/c of BYOD
  4. Stick with the most common
  5. Share Experience:Officer Phones with Exchange (no USB or Cloud) Issued by Techs & Returned to TechsBoard Meetings on iPad Techs Load to Newsstand Enforce Policy
  6. Email - explain, not a worry before, but once received, our responsibilityContacts - guidance suggests breach, reasonable to assume majority are customersgoldmine for CATO thieves