5 minutes
According to the Identity Theft Resource Center, more than 169 million personal records were exposed as the result of 781 publicized security breaches across the financial, business, education, government and healthcare sectors in 2015. As shocking as these numbers are, they may not fully convey the scope of the threat: Any company or consumer that connects to the Internet is at risk of becoming a victim of a cybersecurity attack.
The challenge of protecting networks from these attacks has been exacerbated by the bring-your-own-device phenomenon, which opens the door to new vulnerabilities for many credit unions on a daily basis. More and more, business is taking place over personal devices as employees work from home or while traveling. For some staff members, relying on their own laptops, tablets and smart phones is simply a matter of personal preference.
The problem is that personal devices provide an easy entry point for attackers to gain access to valuable information. Credit unions struggle to develop device usage policies and protocol and, often with even more difficulty, to implement and monitor regulations around personal devices.
Managing BYOD has added extra stress to already maxed-out IT departments, which must take care not to infringe on personal privacy at the same time they work to protect credit union networks as more personal devices are connected.
Ninety percent of credit unions have no idea what is actually on their network, and knowing this should be the first step in network protection. The use of segmentation, virtual private networks and software tools are three ways credit unions can better protect their networks from uncertified devices but still move forward with the flexibility and convenience that the mobile workforce provides. Let’s take a deeper look at each of these.
Segmenting
An array of diverse information crosses credit union networks every day. A critical line of defense that all credit union IT departments should utilize to protect networks from BYOD vulnerabilities is proper segmentation. This separates highly sensitive member account information from less critical data like marketing documents. IT will typically allow BYOD connectivity only to information that’s necessary to perform job functions.
Before segmenting networks, IT departments must fully understand how information flows in and out of credit unions. They must also determine which data is critical to daily operations and develop a plan to protect it. Member account and personnel information should have extra protection.
Another segmenting strategy is to determine which employees need access to what information. Lenders and marketers have different access requirements. Networks should be segmented according to job functionality and leave little room for flexibility.
The key component in effective network segmentation is constant monitoring. As business needs change, making sure access is granted without compromising the overall segmentation plan is crucial. Continuous monitoring takes additional work for IT departments, which is why it often falls off the radar. Segmentation is not meant to be set up and forgotten; it requires vigilance and updating.
If an employee needs access to multiple areas of a network, building a firewall will help control incoming and outgoing BYOD network traffic based on a set of rules. IT departments can develop those rules and segment networks per user to give employees access to information necessary to perform specific job functions.
VPN
With a mobile workforce, business is often conducted from hotel rooms and coffee shops and on trains commuting to the office. If an employee on a business trip is connecting to the office network through hotel Wi-Fi shared by all guests, anyone who is on the hotel network and wants to gain access to the device could potentially do so.
It is difficult to manage devices and protect networks while allowing business to continue outside of credit union walls. Many organizations have found it beneficial to implement a virtual private network (VPN) to add security and privacy when using public networks. The Internet becomes the medium for transporting data over a secure, encrypted private network, allowing only authorized users to access the network.
Implementing a VPN requires some initial research to determine a balance of features, from connectivity protocols and price to server location. Credit union IT departments must do a full analysis of how employees will be connecting to the network before selecting a virtual private network to manage BYOD.
Software
Another way IT departments can tackle the challenges associated with BYOD is through mobile device management (MDM) software designed specifically to monitor devices. Mobile device management software, such as MaaS360 and AirWatch, can be used to ensure that employees are making proper security updates to their devices and meeting protocol designed for each credit union setting. IT departments use this software to monitor, manage and secure employee mobile devices.
Once MDM software has been selected, IT managers can use it to build profiles based on job function. If, for example, only a handful of employees require access to financial information, predetermined profiles help regulate accessibility to this data.
The benefit of MDM software is that it can run across many different operating systems and wireless carriers, reducing the time IT staff spend on determining how to manage numerous devices. Pricing and features of MDM solutions vary greatly so credit unions need to do their homework before signing on with a particular provider.
Although the ability to work from any device anywhere adds flexibility and accessibility for employees, the security considerations of BYOD are complicated and often difficult for IT staffs to manage. Advances in how business is conducted will continue to present new security threats, and IT departments will continue to be tasked with the challenge of keeping up with changing technology and business protocol, all while keeping data secure. The best way to manage devices is to monitor and know what’s on your network.
Adam Roth, is a cybersecurity specialist with Dynamic Solutions International, a Denver-based data storage company specializing in providing complete storage solutions to highly regulated environments