In the first two parts of this series, we discussed some basic yet overlooked security practices, as well as some specific threats that exist and ways to protect your data. In this third installment, we will take a deeper look at the physical security and compliance challenges associated with Apple’s popular iPhone and iPad handheld devices.
Most investment firms are at least somewhat familiar with the security risks that are involved when conducting business on traditional computers and laptops. However, much less thought tends to be given to the risks surrounding the use of smart phones and other mobile devices in business environments. This issue has taken on even greater importance as Apple’s iPhone and iPad continue to gain popularity in the corporate market.
Although these devices offer many benefits for busy investment professionals on the go, there are a few security considerations to be mindful of before purchasing an iPhone or iPad for corporate use. First, it is important to note that these devices contain only consumer-grade encryption features (whereas Blackberrys contain a more enterprise-level security). Even the latest iPhone operating system, which users can “lock” with a PIN, is not as secure as one might think. These devices can still be easily penetrated by anyone who gains physical access to your iPhone by simply hooking the device up to a computer or laptop.
Another item to keep in mind is that once a hacker has gained access to your device, he or she has the ability to pull data off of it and upload it onto his or her computer without leaving noticeable evidence of the intrusion. This also creates an opportunity for malware to be introduced onto the device, posing a threat to the entire network. To emphasize the importance of these security challenges, consider how easily a cell phone or PDA device is lost or stolen, creating a very high risk for someone to gain unauthorized access to your most sensitive data or infiltrate your network.
In addition to security threats, there is also an important compliance issue to note surrounding the use of iPhones and iPads in the investment industry. They currently lack the ability to archive email and instant message communications, which is required for compliance under certain NASD and NYSE regulations. While adding this feature is possible via third party vendors, it can be a costly and inconvenient process.
Essentially, remember that while these devices have many desirable features and benefits, they are designed to be consumer products, not business-grade tools. Your fund relies heavily upon its technology and network to carry out business operations. Therefore, it is important to understand all of the risks and challenges involved before selecting a mobile device.
Be sure to check out the other two articles in our security series:
To make things easy, you can always subscribe to Hedge IT so new articles automatically appear in your inbox.
Categorized under: Security