Click to return to BOL home page
Banker Store Read A Reg Vendor Connect Career Connect Learning Connect Bankers Information Network
Home Compliance Lending Operations Security Marketing Technology/eBanking
Top Stories Bankers' Threads Background Checks BOL Conferences CrimeDex FREE Briefings Banker Tools

   

















    Site Map

    Our Sponsors

    Home


Print Friendly! Email This Article! Discuss NOW!

Going Wireless?
by Mary Beth Guard

There is important guidance from the FDIC on the risks associated with wireless technology and suggestions on managing those risks.

In FIL-8-2002, the FDIC tells banks to:
  • Carefully consider the risks of wireless technology;
  • Take appropriate steps to mitigate the risks before deploying either wireless networks or applications.
The Appendix to the FIL is divided into three major parts:
  1. Risks Associated with Wireless Internal Networks
  2. Risks Associated with Wireless Internet Devices
  3. Risks Associated with Both Internal Wireless Networks and Wireless Internet Devices
If your institution utilizes a wireless network or is going to be offering wireless customer access, someone in your institution should study the FIL (even if you aren't a state chartered bank, because it's still solid protective guidance, regardless of your charter type) and formulate a checklist from it of steps to take and points to consider.

FDIC suggests that appropriate steps to mitigate risk could include:
* Establishing a minimum set of security requirements for wireless networks and applications;
* Adopting proven security policies and procedures to address the security weaknesses of the wireless environment;
* Adopting strong encryption methods that encompass end-to-end encryption of information as it passes throughout the wireless network;
* Adopting authentication protocols for customers using wireless applications that are separate and distinct from those provided by the wireless network operator;
* Ensuring that the wireless software includes appropriate audit capabilities (for such things as recording dropped transactions);
* Providing appropriate training to IT personnel on network, application and security controls so that they understand and can respond to potential risks; and
* Performing independent security testing of wireless network and application implementations.

The original version appeared in the January/February 2002 edition of the Oklahoma Bankers Association Compliance Informer.

First published on BankersOnline.com 5/13/02



Home | Compliance | Lending | Operations | Security | Marketing | Technology | eBanking
BOL Archives    Privacy Policy    Important Disclaimer   Recommend This Site !   Contact Us


BankersOnline is a free service made possible by the generous support of our advertisers and sponsors. Advertisers and sponsors are not responsible for site content. Please help us keep BankersOnline FREE to all banking professionals. Support our advertisers and sponsors by clicking through to learn more about their products and services.