About a third of companies have knowingly sacrificed security for expediency or business performance, according to a newly published study, and researchers said that bankers’ responses were consistent with the group as a whole, which included health care and other sectors.
An example of this is rushing a new app or product out before conducting thorough security tests.
“If you don’t have a detailed appreciation for the security risks, you’re more liable to make a trade-off that affects security,” said Justin Blair, executive director of business wireless services for Verizon, which sponsored the research.
“For instance," he said, "if you think the security risk is minor, you might be willing to go to market with something to meet a deadline at the end of the month when tightening up that security risk might take another three to six months.”
Twenty-five percent of bankers surveyed said they had experienced a mobile-related security incident in the past year.
Most banker respondents (93%) said the internet of things presents the biggest security threat. Blair speculated that the bankers were thinking of ATMs and other devices that are connected to wireless routers.
Overall, the study found that many companies fail to take basic security precautions to protect mobile devices used within their companies. Only 38% use strong, two-factor authentication on employees’ mobile devices. Less than half (49%) have a policy regarding the use of public Wi-Fi, and even fewer (47%) encrypt the transmission of sensitive data across open, public networks. And only 59% restrict which apps employees download from the internet to their mobile devices.
Blair does see signs that banks are beefing up mobile security. For instance, they are creating formal policies around employees bringing their own devices to work.
“We’ve had many conversations with financial institutions that have gone [bring your own device], and we’ve seen the pendulum swing from going full-blown BYOD, moving away from corporate devices, where lots of institutions were trying to reduce the amount of devices they had to manage, to a better balance of corporate-liable and BYOD [devices]," Blair said. "They’ve recognized that having corporate-liable allows them to have more control over security.”