Business
Managing the risks of mobile devices
Failure to keep customer data safe and secure can result in severe penalties for financial services firms. For example, this year saw Welcome Financial Services (WFS) being fined £150,000 after losing the personal data of half a million of its customers.
Other high profile incidents include the case of two backup storage tapes that were lost by Cattles Group, containing the data of 1.4 million people, mainly customers of Shopacheck loans.
BYOD Checklist
Before employees use private devices for work, they should ask some important questions and clarify these issues with their company’s IT department:
- Backup Responsibility: As soon as company data is involved, certain compliance requirements apply. Is it the employees’ responsibility to save their own data at specific intervals or do the company’s IT specialists take care of that? What tool is used to conduct the backup, who makes it available and who monitors compliance?
- Data Loss: Mobile devices are not robust and the memory is easily damaged. If there is no backup and the data is important, a professional expert may be able to help. But who has to arrange for this and who will foot the bill? In addition, many people don’t realise that it is not possible to distinguish between company and private data during the data recovery process. When a data recovery is performed, data will simply be restored. Often times the file names can no longer be read, so all files have to be opened and checked in order to disentangle private and company data. In this case, privacy cannot be maintained.
- Loss of the Device: Two main issues arise if the device is lost or stolen – first, who will replace it, and second, the obligation to inform the employer. Are there rules as to how soon the company must be informed about the loss? Does the company intend to take quick action, such as remotely blocking access or deleting data?
- Remote Deletion: Some companies require employees to install a program on their device that allows data to be deleted remotely in case of loss or theft before they may use the device for company purposes. Many people do not realise that the deletion is not specific to company data, but affects personal data as well. In other words, if employees don’t regularly save all their personal contact information, photos etc. – via their provider’s online services, for example – they may lose them all.
- End of the Employment Contract: Most people change employers sooner or later. What happens to the company data on the private device in that case? Who checks that it has been deleted? Will care be taken to ensure that private data is not lost during the process?
- Convenience or Privacy: Of course it’s convenient to have just one device for both private and professional purposes – only one password, only one charging cable, etc. However, it is still not possible to separate the different kinds of data precisely, so companies often save employees’ private data as well, depending on backup and logging requirements. BYOD often means sacrificing privacy and everyone has to decide for themselves whether it’s worth it.
-
Finance4 days ago
Innovation and Customer-Centricity Are Powering the New Finance Industry
-
Top Stories4 days ago
Gold marches higher as US jobs data boosts bets of early rate cut
-
Interviews4 days ago
The Transformative Power of Open Banking for E-commerce: an interview with Anastasija Tenca, Chief Operations Officer at Noda
-
Banking17 hours ago
Hyper-personalisation and data-driven decision-making can boost the global banking sector