Skip to content
 

PDA Policy

Answered by: 
Andy Zavoina

Question: 
My bank currently assists several officers in synchronizing Palm type devices and laptops with their desktop PCs. We do not have a policy for this and wonder now what requirements should be in place?
Answer: 

As a officer in a small bank, I'd hate to have lived by the rules I think need to be in place. However, if there will be data that you do not want to print and leave in the "take-one" brochure rack, there needs to be security, control and encryption.

The first question is, is it necessary, or just cool? It will be a lot of work to do it right, but with security being such a hot button, this isn't something to take lightly. Because there will be a lot of work outside that user's office, there should be some real justification needed to warrant the efforts. If you opt to allow this practice of connecting personal devices to bank equipment, you need to know that the device is virus free. So you should impose restrictions and periodic testing.

You need to know what data will be transferred to the PDA/laptop/thumbdrive/etc. How would you rate this data? Is it public, private or confidential? What encryption restrictions will you impose as a result of this? We hear regularly of a laptop being stolen from a car, as one example. What if that happens here and your customer records are now needlessly exposed?

If the device is connected to the Internet, you must be cautious of Trojans, security breaches and keyloggers. Say the officer isn't using his laptop at home tonight so his teenage son uses it to surf MySpace. What data may be exposed in this scenario? What restrictions do you have when the personal laptop is re-synced with the home computer? Now you have even less control over your data.

You go to great lengths to protect your equipment and network from a compromise. Personal users do not often go to the same level of security. If you allow these devices you must control how they are connected and the integrity of the device. You should also monitor for compliance with your policy. Ensuring that firewalls are in place, virus programs remain up to date and systems are not easily compromised is a daunting task, made even more so when you have no control over the system with the data. These are some of the key areas you need to address and consider in your policy.

First published on BankersOnline.com 3/20/06

First published on 03/20/2006

Filed under: 
Compliance
Security
Technology
Filed under compliance as: 
Internet
IT
Security
Filed under security as: 
Internet
IT
Security
Filed under technology as: 
Internet
IT
Security

Report a problem with this page

Search Topics