Credit Unions going forth with BYOD

Credit unions and other organizations in the financial services industry are increasingly embracing bring-your-own-device policies in an effort to improve employee flexibility and operational efficiency. While this movement offers significant gains, it also creates risks. According to a recent Credit Union Info Security report, overcoming the risks of BYOD is dependent on implementing solutions that give the organization control over devices.

The freedom to work where and when employees want is one of the important gains that can be realized with a BYOD policy, but companies should be careful to accompany that sense of openness with the controls necessary to secure operational flexibility. According to the news source, credit unions can accomplish this by identifying all personally-owned smartphones and tablets operating on the company network and developing strict guidelines pertaining to the activities performed on these devices in the workplace. Training workers is also essential.

The right mobile device management systems combined with adequate policies can help secure mobile devices to the point that they can be safely used in credit unions. This is evidenced by the recent efforts of federal CIO Steven VanRoekel, who recently announced a new Federal Mobile Strategy that is set to change how the government uses smartphones, tablets and other innovative solutions, according to another Credit Union Info Security report.

Within this plan, the government will work to enable more widespread mobile device use, but did little to address security. The news source suggests that VanRoekel is treating the need for security as such an inherent part of such a plan that it is not worth mentioning. Otherwise, the government could create significant risks because security and control need to be considered essential parts of mobile device deployments, not afterthoughts.

While some credit unions may be tempted to see the risk associated with mobile devices and avoid BYOD policies, a recent Credit Union Magazine report warned against such a policy. Citing a newsletter from a Scott Sysol, vice president of information technology and chief information security officer for CUNA Mutual Group, the news source explained that employees will soon begin using smartphones and tablets for work tasks regardless of whether or not their IT department allows it, making investments in mobile device management software an essential consideration in the sector. Whether the mobile device policy is official or users go against company policy, the technology can present major PCI DSS compliance risks. Financial institutions need to carefully plan how they are going to secure data on mobile devices as part of their compliance strategy.