Pub. 12 2017-2018 Issue 2

July/August 2017 19 Extraordinary Service for Extraordinary Members. Daniel Lindley is a security and compliance consultant for CoNetrix. CoNetrix is a technology firm dedicated to understanding and assisting with the information and cybersecurity needs of community banks. Offerings include: information security consulting, IT/GLBA audits, security testing, cloud hosting and recovery solutions, and tandem software, used by more than 1,400 financial institutions to help manage their information security programs, cybersecurity, and more. Visit the CoNetrix website at www.conetrix.com . 3. Device wipe. A maximum num- ber of attempts needs to be set be- fore the device wipes itself. This usually causes some concern, as it is far too easy for a smart device to end up in the hands of a curi- ous toddler (personal experience speaking), but understand that as the number of attempts climbs, so does the time required between attempts. As a result, a setting of 10 attempts is recommended but once again this can vary based upon organization needs. 4. Remote wipe. The device should be configured to allow remote wipe should it be lost or stolen. Remote wipe can result in full data loss, including pictures, videos, and apps, but there are ways to prevent personal data loss, depending on management method or software chosen as we discuss below. 5. Additional settings. Some op- tional settings that could be ad- dressed are: disallowing rooted or jailbroken devices, disallowing applications installed fromunap- proved locations (i.e., anything besides Google Play on Android or the official App Store on iOS), enforcing antivirus installation, and disabling Bluetooth. As previously mentioned, several methods exist for enforcing these rec- ommended settings. The first, and most common, method is to use Microsoft Ex- change ActiveSync. Bundled with various versions of Exchange Server, ActiveSync allows the standard recommendedmobile device settings to be enforced. The second method is commercial mobile device management software. There are a few options available, including AirWatch, MobileIron, and Maas360, and each op- tion has its own pros, cons, and costs. One benefit this third-party software can offer is containerization of data, which allows the selective wiping of devices (also referred to as enterprise wipe). With enterprise wipe, only company data is lost while personal data is retained just in case the device is recovered and the data has not been backed up. The last option, and perhaps the most secure, is email ac- cess software only, such as ZixOne. This WALENTINE O’TOOLE, LLP When time is of the essence, experience counts. Walentine O’Toole blends confidence, experience and knowledge with the personal attention you can expect from a regional law firm. www.w alentineotoole .com 402.330.6300 11240 Davenport St . • Omaha, NE 68154-0125 application allows access to email through the application but prevents any data stor- age on the device itself. One caveat to this approach, however, is that it is important for screenshot capabilities to be restricted to prevent local data storage outside of the application. In summary, mobile device usage is only going to increase and users are always going to misplace their devices or have them stolen at inopportune times. Organizations must ensure their infor- mation is kept secure on mobile devices, especially on those not owned by the busi- ness but instead allowed access to sensi- tive data through a BYOD (bring your own device) policy. Balancing security and privacy is not easy, but fortunately a number of software options and settings make this balancing act feasible. 