Financial firms have been increasingly coming under siege from hackers. Intruders earlier this year hacked into Nasdaq's systems, Citigroup, the IMF and The New York Stock Exchange have all been under attack recently, as I note in Wall Street & Technology's upcoming 2012 Outlook issue (which will be out in November).
But while attacks against computers and servers have been well documented, mobile phones have been the forgotten child of data security.
Yet mobile devices are also increasingly coming under attack, particularly as more and more financial organizations allow their employees to bring their own personal mobile devices and use them at work. Today, mobile security has become an urgent concern, if not yet for consumers, for IT departments at the very least.
Few mobile users realize that their smart phones are actual computers, and contain lots of sensitive data ranging from corporate and other passwords, to data found in work emails. Yet cell phones have seen a dramatic rise in "smishing," where attackers send SMS messages with a link attached, urging a user to check out a picture or a game. When clicked, the link downloads malware on the phone and hackers can steal any information residing on your phone, notes Ben Knieff, director of product marketing, NICE Actimize.
Mobile apps have also come under fire: users rarely check out an application developer's credentials before downloading an "app". (I know I never check anything beyond a review when I download an app.) But you really need to see if these apps do what they say they're going to do. These apps could, if left unchecked, download malware on a phone. Android phones, which are more open to developers than Apple iPhones, are particularly at risk.
Today, financial corporations are increasingly putting the same security controls on mobile devices as on laptops, with lengthy passwords and the ability to remotely wipe out information from a stolen device. Some firms are also creating a white list for their employees, only allowing them for example to download five things onto an iPad they use for work, and nothing else, Mark Hansard, VP of security and systems at Virtela says. "But then it's all about enforcement of policies," he notes.
In the meantime, vendors are also experimenting with the opportunities that smart phones provide, including front facing cameras on phones such as the iPhone, which would enable iris recognition as a form of authentication, or finger printing scanners, NICE Actimize's Knieff says.
Other vendors are also coming up with new security solutions for mobile phones. While iPhones have been the target of fewer hack attacks than Android phones, (although there has been evidence of vulnerabilities with PDF files on the iPhone), the New York Times reports that a new vendor called Lookout is introducing an iPhone app that will alert people when their phones are "jailbroken," need software updates, use location services or access unencrypted Wi-Fi networks.
Lookout will also remind iPhone users to plug their phones into their computers to receive software updates, since many usually avoid dealing with this cumbersome, time-consuming and generally annoying task. Unlike Lookout's Android app, the iPhone app will not screen for malware, at least not for now.
Most importantly, smart phone users - myself included - should start using much more care downloading apps, opening applications or joining unencrypted Wi-Fi networks. And even if your company hasn't mandated you to do so (WS&T's parent company, UBM Techweb, which has a Bring Your Own Device policy, just forced us to), set up a secure password too, just like you would for your laptop.