Financial service providers are increasingly deploying mobile applications to better serve their clientele and promote productivity among their employees. According to a recent report, over a third of customers at major US banks now regularly use mobile banking. In addition, half of the top 25 financial institutions in the US are offering more advanced mobile application features, including p2p transfers and remote deposit services.
These advancements in mobility are delivering a host of benefits to the financial services sector. Mobile apps provide seamless access to information, reduce customer service costs, and increase client engagement. However, there remain significant security concerns and an increasing need for organizations to ensure that their mobile applications comply with the industry’s strict security standards.
We recommend making data security the cornerstone of any mobility program in the financial services industry, starting with the following five best practices:
Establish secure network communication
Financial service providers need to secure all communication between servers and client and employee devices by adhering to the industry standard, HTTPS/SSL. By limiting connection to servers with trusted SSL certification, organizations can significantly reduce the risk of unauthorized users gaining access.
Enforce data encryption
To protect client information and corporate data, all communications involving server location, user ID information, downloaded documents, and mobile device must be encrypted. This measure, coupled with secure network communication, will best mitigate the organization’s risk of data loss. In addition, we recommend blocking the ability to store enterprise data on mobile devices and instead making this information available on an as-needed basis.
Guard against malware
The reality is that all operating systems – including iOS, Android, and Windows – are at risk for malware. And although native applications often offer superior protection against malware, there is still the risk of employees inadvertently using infected third-party applications.
To best protect your organization, we recommend routinely upgrading anti-malware software and maintaining a blacklist of third-party applications that employees are prohibited from using due to their inherent security flaws.
Leverage remote wipe and lock
If a mobile device is reported lost or stolen, the organization must be able to wipe and lock the device remotely, as well as disable any associated applications. This best practice helps to prevent data loss and unauthorized access.
Make mobile application management part of the bigger picture
We recommend making deploying, securing, and managing mobile applications part of the financial service provider’s larger Enterprise Mobility Management (EMM) strategy.
For example, Calero’s application management service is a core component of our broader managed mobility services. By managing devices, data, content, services, and apps, we holistically address the organization’s mobility needs and enhance information security.