Wall Street & Technology is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk Management

05:55 PM
Connect Directly
RSS
E-Mail
50%
50%

Minimize the Data, Maximize Laptop Security

Few would disagree that the securities industry has benefited immensely from the advent of the mobile workforce. But the proliferation of mobile devices among financial professionals has vastly increased the points of access for sensitive customer data -- for employees and criminals alike. Incidents of lost laptops have highlighted this vulnerability and the need for firms to reconsider the value of convenience.

In the interest of improving ease of access and usability for employees, financial firms historically have been careless in handling customer data on laptops and other mobile devices. "We retain a tremendous amount of sensitive data on consumers that we don't need to have," argues Troy Allen, chief fraud solutions officer, Kroll Fraud Solutions, a New York-based risk consultancy. "We transfer it and use it in inappropriate and unprotected ways, and we have built our business processes around its use."

Allen advocates implementing data minimization best practices among mobile employees. Data minimization includes collecting only data that is absolutely necessary to the business, keeping data for only as long as it's needed and purging it as soon as possible. Limiting the locations of sensitive data and securing them appropriately also are critical.

Given the encryption and secure networking capabilities available, Allen questions whether there ever is any excuse for storing unprotected data on mobile devices. Firms are trying to walk the line between employee convenience and customer security. But, he contends, all too often they fail.

In June, ING U.S. Financial Services learned this lesson the hard way. The firm realized that two laptops stolen in December 2005 contained sensitive customer data, and a third laptop was stolen from the home of an ING financial advisor. In total, as many as 21,500 records are estimated to have been exposed, although none of this information has been used for fraud or identity theft purposes, reports ING CIO Steve Van Wyck.

As a result, Van Wyck says, "We went through a lockdown process once we found that not all of our laptops were at the level of encryption and protection that we thought was required." All mobile devices were restricted to use on ING premises while they were updated with hardware encryption from Foxboro, Mass.-based Utimatico, he explains.

ING now encrypts every bit on their mobile hard drives, rather than relying on application-level encryption, adds Van Wyck. This, he contends, is an absolute necessity as the problem of laptop loss is perpetual. "We still continue to lose laptops," he concedes. "Anyone that tells you that they're not losing laptops is not aware of the fact that they are." --C.L.

Select Chronology of Laptop Losses

DATE FIRM INCIDENT NO. OF RECORDS EXPOSED
June 29, 2005 Bank of America Stolen laptop 18,000
Aug. 30, 2005 JP Morgan, Dallas Stolen laptop Unknown
Late December 2005 Ameriprise Financial Stolen laptop containing Social Security and account information Unknown
Mar. 23, 2006 Fidelity Investments Stolen laptop containing information of HP, Compaq and DEC retirement account customers 196,000
June 16, 2006 ING Miami Firm reports two laptops stolen in Dec. '05 8,500
June 17, 2006 ING Washington D.C. Laptop stolen from employee's home 13,000
July 7, 2006 NASD Ten laptops stolen on Feb. 25 from investigators 73
July 25, 2006 Old Mutual Capital Laptop stolen in May 6,500

Source: Privacy Rights Clearinghouse

Back to the article The Trouble With Customers and Their Data

Register for Wall Street & Technology Newsletters
Video
Inside Abel Noser's Trading Floor
Inside Abel Noser's Trading Floor
Advanced Trading takes you on an exclusive tour of Abel Noser's New York trading floor, where the agency broker known for transaction cost analysis, is customizing algorithms for the buy side, while growing its fixed income trading and transitions business.