IT Examiner School eBook

Internal Use Only

Bring Your Own Device (BYOD) BYOD is becoming more popular because it reduces costs to the institution & enables employees to carry one device instead of two

Institution may not have the ability to configure the devices or perform remote wiping if lost or stolen

Firms should have an effective method or solution to ensure that personal devices meet defined security standards (e.g., operating system version, patch levels, anti-malware solutions) before such devices are allowed to log on to the network

Internal Use Only

Customer Remote Access to Financial Services • Firms should implement appropriate authentication techniques commensurate with the risk from remote banking activities • Remote access controls should also include some combination of:  Application timeouts with mandatory re-authentication  Fraud detection & monitoring systems  Dual customer authorization through different access devices  Positive pay, debit blocks & other techniques to limit transactions  Transactional value limits, restrictions on adding payment recipients  Account maintenance controls • Customer education can also be used to mitigate risk