Pub. 9 2020 Issue 2

March/April 2020 27 l e a d i n g a d v o c a t e f o r t h e b a n k i n g i n d u s t r y i n k a n s a s a minimum, a mobile device management solution should enforce these settings: Require a PIN It is vital to prevent unauthorized access to devices that have sensitive or confidential company information on them. The simplest way to enforce unauthorized access is through a personal identification number (PIN). PINs should be four characters at minimum, but six or more is even better. Many mobile device management solutions can prevent users from using simple passcodes (e.g., 1234, 0000). Most mobile devices can also use biometrics, which are an even stronger control than a PIN number. Set an Automatic Timeout Mobile devices should be set to automatically lock after a maximum of five minutes of inactivity. This will help secure devices that are left unattended. Encrypt Devices Some mobile devices come with built-in encryption, but some do not. It is best practice to encrypt all mobile devices and storage cards so that if it is lost or stolen, the information on them will not be accessible. Implement Remote Wipe Capabilities Another important feature that most mobile device management solutions support is the ability to remotely wipe a device. This is an important feature in the situation where a device is lost or stolen. The feature will allow you to delete the phone’s memory, which helps ensure confidential information is not disclosed. Wiping the device will also delete any personal information, such as pictures and text messages, so ensure all employees are made aware that if they misplace a device, it will be wiped. When implementing a mobile device management solution in a bring your own device environment, inform employees of the requirements for bringing their own mobile device. This can be done in the on-boarding process and through acceptable use policies. Train employees to promptly report lost or stolen mobile devices so that they can be remotely wiped in a timely manner. Due to the nature of people staying connected to their work even when they are out of the office, the security aspect of using mobile devices cannot be neglected. Using a mobile device management solution will help greatly to ensure that security controls are implemented and that they are enforced consistently across devices. Andrew Hettick is an Audit and Security Consultant for CoNetrix. CoNetrix is a technology firm dedicated to understanding and assisting with the information and cyber security needs of community banks. Offerings include: information security consulting, IT/GLBA audits, security testing, cloud hosting and recovery solutions, and Tandem software, a security and compliance software suite designed to help financial institutions create and maintain their Information Security Programs. Visit our website at www.conetrix.com. THE POWER OF PARTNERSHIP WORKING TOGETHER FOR YOUR HOMEBUYING CUSTOMERS For nearly 19 years, Mortgage Investment Services Corporation (MISC) has been a strong partner with Kansas community banks. MISC’s only purpose is to assist community banks to make home loans for their customers. We combine our high-tech features with your face-to-face customer service. Your bank and your customers benefit from this working partnership. • No cost to sign up. No risk to give us a try. • No software or hardware investment by your bank • Free training and ongoing support for your loan officers • Wide range of fixed rate loan products • Free marketing support to attract new families to become bank customers • MISC serves 240 Community Banks in OK, KS, MO & CO • Fannie Mae Approved Seller/Servicer. Call Andrew Holtgraves today to unlock the Power of Partnership! Andrew: (913) 390-1010 ext. 1019 Andrew@MISCHomeLoans.com