A more mobile and flexible financial services industry seems inevitable, so what are the risks?
Every month it seems there is another story of a hapless civil servant leaving a dossier of sensitive information on a tube, train, bus, or bench. Take Richard Jackson, for instance, who escaped jail time but was fined £2,500 ($4,000) for leaving a bright orange envelope on a Surrey, UK-bound train in 2008, which contained operational information on al-Qaeda. More recently, a London police officer mislaid sensitive information about potential targets for terrorism in the upcoming summer Olympics, which reportedly also contained the names and numbers of an elite police unit's personnel.
Events like these frequently arise in discussions with industry participants about the future applications of mobile technology. What if, one compliance officer in Canary Wharf asked, one of his portfolio managers left their iPad on a train? If the device was capable of executing trades, the consequences could be disastrous. If it fell into the hands of a direct competitor, it could be even worse, given the information stored on it. Similar concerns have been voiced by sources at banks, vendors and more.
But how disastrous would the loss of a mobile device really be? Anyone with malicious intentions who came across such a device would have to overcome what would presumably be several lines of defense.
We’re nowhere near traders being able to input transactions and execute them at, say, Heathrow airport’s Terminal 5. It's just not likely to happen.
First, sensitive information would surely be protected by weapons-grade encryption. I’m not aware of apps containing sensitive information or executable functions that can simply be downloaded from an app store, installed, and then immediately ready to go. Some could even have biometric protections in place.
Second, as mentioned earlier, a misplaced device would likely have limited or no execution capability. We’re nowhere near traders being able to input transactions and execute them at, say, Heathrow airport’s Terminal 5. It's just not likely to happen. However, monitoring exposures, positions, risk, market data and other areas is a distinct possibility, particularly if an active trader is called away to travel in an emergency, for instance.
Third, it’s as easy as the push of a button at a computer to remotely wipe all data from an iPhone. And this functionality is available to all consumers, not just, say, tier-one investment banks.
Even if an enterprising thief is able to overcome all these obstacles, it’s unlikely they’d know what to do once they gained access. A Bloomberg terminal, after all, isn't the most accessible piece of technology ever created; it requires a certain level of knowledge and expertise to take adequate advantage of its functionality. And the Bloomberg Anywhere mobile app, for example, requires an existing login for a physical Bloomberg Professional terminal.
The Inevitability of Mobility
The way in which the world operates is changing. Mobility is happening, and it is making its way into financial services. It's an expected part of working lifestyles, but of course, it has to be accomplished in a sensible fashion. It offers a great deal of benefit for those who would like to have a glance at the state of their portfolios on the fly, but has promising applications for client relationship management (CRM) as well. An inevitable part of this will be the birth of mobility risk, but it can't be allowed to become a cancerous aspect of operational strategy, where paranoia overrides common sense.
Mobile security will be discussed in great detail during a webcast on March 28, at 10 a.m. EST/3 p.m. GMT. There is a great panel of speakers lined up, and it's sure to be an exciting conversation.
In the meantime, to share your thoughts on these issues, contact me on +44 207 316 9811 or [email protected].