Technology

Intensify Your Mobile Security Mindset

It’s essential to educate both CU members and staff.

July 19, 2011
KEYWORDS mobile , security
/ PRINT / ShareShare / Text Size +

By Ondrej Krehel

In an emerging mobile ecosystem of mobile devices, smartphones, and media tablets, customer education will fortify your organization against mobile’s chief dangers: weak security measures and risky user behavior.

Whether your credit union is an active mobile banking player, phasing in mobile services, or taking a wait-and-see approach, now is the time to implement one of the most effective security strategies in mobile fraud prevention: member and staff education.

Cybercriminals are finding mobile fraud to be far more lucrative than traditional PC-based campaigns. Tricking consumers remains the easiest way for hackers to breach a credit union’s security network and steal treasure—your member and organizational data.

Customized viruses, designer malware, and man-in-the-middle or “sniffing” attacks via unsecured Wi-Fi networks target specific mobile platforms to steal banking and personal data.

Malware on Androids alone has jumped 400% since the summer of 2010. An Infosecurity report ranked apps and app stores as “the greatest malicious software delivery system ever invented.”

Mobile security coaches

Train all staff in secure mobile banking practices, proper payment procedures, and the latest threat risks. Share updates to maintain a security mindset.

Once trained, member-facing employees can proactively coach members on mobile banking services and offer practical tips on everything from basic password hygiene to verifying authenticity of third-party apps prior to installation.

Teach your mobile users to treat their devices like a credit card with the Internet attached. According to a 2010 SANS Institute report, 85% of smartphone users don’t employ an anti-virus solution to scan for malware.

Teach them about phishing. Train them to never click on a link sent from your credit union via e-mail or text.

Drill your members in the basics: Keep your phone safe, lock your mobile device when not in use, and use a strong password.

Urge members to not store sensitive information on a phone, such as credit card data, passwords, user ID details, or proprietary work information.

Encourage members to:

  • Activate effective security features such as encryption of a portable device, a time-out password, and remote wipe if a device is lost or stolen;
  • Install an updated antimalware program/solution on the mobile device to guard against spyware, malware attacks, or apps and infected SD cards;
  • Use an on-device personal firewall for interface protection;
  • Delete text/voice messages with financial or personal information; and
  • Follow these security tips.

CU security

To improve security, credit unions should centralize the administration of mobile device policies and enforcement; the ability to locate and remote-lock, wipe, backup, and restore facilities for lost and stolen devices; and monitor device activity for inappropriate use and data leakage.

Other essential precautions include the use of:

  • SSL VPN clients to protect data in transit and ensure secure network access and authorization;
  • Mutual authentication approaches that incorporate multifactor, multilayered security techniques; and
  • Antitheft and antifraud tactics such as online banking transaction confirmations via SMS or call back.

New mobile banking channels—mobile payments, near field communication (NFC), and person-to-person payments are also prompting a virtual third-party gold rush. Google Wallet is launching its mobile payment system this summer.

Visa Mobile, Isis, and Square have staked their own NFC systems, with Apple and Amazon yet to jump, and multiple players in the wings.

Whatever the near future holds, turning a phone into a wallet involves tapping into the liquidity and credit lines now parked in your credit union. At the very least, this presents an opportunity for substantive member education.

ONDREJ KREHEL is chief information security officer at Identity Theft 911, Scottsdale, Ariz. Contact him at 888-682-5911.

Post a comment to this story

heroes

What's Popular

Popular Stories

Recent Discussion

Great article! Unfortunately, most employees don’t feel valued or appreciated by their supervisors or employers. In fact, research has shown that the predominant reason team members quit their jobs is because they don’t feel valued. This is in spite of the fact that employee recognition programs have proliferated in the workplace – over 90% of all organizations in the U.S. has some form of employee recognition activities in place. But most employee recognition programs are viewed with skepticism and cynicism – because they aren’t viewed as being genuine in their communication of appreciation. Getting the “employee of the month” award, receiving a certificate of recognition, or a “Way to go, team!” email just don’t get the job done. How do you communicate authentic appreciation? We have found people have different ways that they want to be shown appreciation, and if you don’t communicate in the language of appreciation important to them, you essentially “miss the mark”. Additionally, employees need to receive recognition more than once a year at their performance review. Otherwise, they view the praise as “going through the motions”. A third component of authentic appreciation is that the communication has to be about them personally – not the department, not their group, but something they did. Finally, they have to believe that you mean what you say. How you treat them has to match the words you use. If you are not sure how your team members want to be shown appreciation, the Motivating By Appreciation Inventory (www.appreciationatwork.com/assess) will identify the language of appreciation and specific actions preferred by each employee. You then can create a group profile for your team, so everyone knows how to encourage one another. Remember, employees want to know that they are valued for what they contribute to the success of the organization. And communicating authentic appreciation in the ways they desire it can make the difference between keeping your quality team members or having a negative work environment that everyone wants to leave. Paul White, Ph.D., is the co-author of The 5 Languages of Appreciation in the Workplace with Dr. Gary Chapman.

Your Say: Who should be Credit Union Magazine's 2014 CU Hero of the Year?

View Results Poll Archive