It would be hard to imagine the workplace today without mobile technology, and yet, organizations continue to struggle to keep up with how to keep those devices secure and in compliance with industry regulations. This is especially true for the financial sector.
Smarsh recently released its Electronic Communications Compliance Survey Report. Smarsh surveyed compliance professionals in the financial industry and found that, as the electronic communications compliance landscape becomes more complex, organizations struggle to keep up.
According to the report, slightly more than half of respondents identified text/SMS messaging as the type of non-email content that poses the greatest compliance risk to their organization, quite a bit ahead of social media (33 percent), instant messaging (8 percent) and website content (7 percent).
However, among the firms that allow text/SMS messaging, almost half (48 percent) do not have a solution for retention and oversight in place.
Telling employees they can’t use their devices for work doesn’t work, either (nor would that be much of a policy), as the report stated:
Prohibiting the use of a communications channel is not an effective strategy for firms, either. Confidence in the effectiveness of prohibition policies is low. This confidence gap is reported by more than half of respondents for each of the top social media channels: LinkedIn (67 percent), Twitter (57 percent), Facebook (51 percent) and Instagram (52 percent).
As Stephen Marsh, CEO and founder of Smarsh, told SecurityWeek:
Firms need to leverage new and emerging channels to communicate with their customers and stay competitive, but they're failing to manage the risk.
Failing to manage the risk involving mobile devices has consequences. Security professionals already feel stymied by protecting mobile devices, especially those owned by employees. According to a study by Dimensional Research and Check Point Software, 64 percent of respondents don’t think their company can prevent a breach on those devices, even though a little more than half believe that a breach on a mobile device would be more devastating than a breach on a PC in terms of data loss. As Dimensional Research principal David Gehringer was quoted in eSecurity Planet:
Security professionals identified the risk of mobile devices, but focus and resources assignment seem to be waiting for actual catastrophes to validate the need to properly prepare their defenses. It's unfortunate that so many companies have not learned from the past and are doomed to repeat wasted costs and the customer outrage of being breached.
It will be interesting to see if, when Smarsh’s 2018 survey comes out, the financial industry will have learned or if mobile technology will continue to be a source of risk into the future.
Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba