Symmetrium Supports Deployment Across 5G Networks

Read more

SEC Issues Over $2bn in Fines to Crack Down on Use of WhatsApp and Other Messaging Apps

With financial institutions struggling to meet their regulatory obligations regarding messaging apps, the sector could have saved billions of dollars by using Symmetrium to minimize their exposure.

When JPMorgan was hit with $200 million in SEC fines in Dec 2021, for letting employees use WhatsApp, it should have been a warning sign. Less than a year later, the US Securities and Exchange Commission (SEC) struck again, fining 16 Wall Street firms $1.8B for using private text apps

This avalanche of fines was imposed on banks and financial institutions for allowing employees to discuss business via unapproved and unmonitored messaging systems, such as WhatsApp. Such discussions are legally required to be recorded, stored and available to government authorities to review when required.

The sector has been cracking down heavily on the use of unsecured messaging apps for business. In 2020, for example, a senior credit trader at JPMorgan was suspended for communicating via WhatsApp with colleagues at Jefferies, KPMG, and VTB Capital. 

 

Financial Institutions Struggling to Meet Regulatory Requirements

With the pervasive use of mobile phones as hybrid work policies become more normal, the exposure firms face has risen sharply since the time when only email was being used. All email messages could be stored and archived on corporate email servers to meet regulatory requirements, but now with BYOD (Bring Your Own Device) policies and the widespread use of messaging apps, banks are struggling to meet SEC requirements. 

WhatsApp remains the most popular messaging app, but more than a half dozen others are regularly used, such as Facebook Messenger, iMessage, WeChat and Telegram. Their prevalence is giving Compliance Officers at financial services firms sleepless nights as workplace smartphones and BYOD policies create a perfect storm for users to intentionally or even accidentally breach SEC rules. 

 

How The Sector Could Have Avoided Billion-Dollar Fines

Sharing data using unauthorized messaging apps and personal email accounts not only flouts SEC regulations but can also expose sensitive data to security risks. Symmetrium’s zero trust mobile access solution has been specifically designed to help organizations operating in highly regulated sectors to remain compliant by keeping data protected, particularly in BYOD environments. 

Symmetrium is device agnostic, and works by the creation of virtual mobile devices (VMDs) within the organization’s own IT environment. These VMDs sit within this protected environment and when remotely accessed these virtual devices act as extensions of all organizational security and compliance policies using end-to-end encrypted streaming. So when messaging using Symmetrium’s mobile access solution, all regulatory obligations are adhered to in this highly controlled environment. The result is a completely secure, compliant and native mobile experience with seamless deployment and management.

 

Ensuring All Data Remains SEC Compliant

With messages sent by authorized users virtually accessing Symmetrium via the organizational network, the messages and any associated data never sits on the user’s actual device. The result is that data remains secure and archived to meet SECs requirements.

Each mobile device acts as an on-prem laptop, allowing for full control over employee messaging to shield financial institutions from any risks associated with using messaging apps, such as WhatsApp. 

This allows for minimum-resources mobile messaging management via a central management console for all devices, OS and brands. All is integrated smoothly into existing security and GRC data access protocols through one single app. The result is organizations can finally be confident their data and messaging remains secure and compliant at all times, avoiding crippling fines and potential data breaches. 

Discover how Symmetrium can keep your data and employee messaging compliant by booking a demo here.

 

2023’s Potential Big Compliance Flaw — Bring-Your-Own-Device (BYOD) Policies

Trying to safely manage a BYOD policy is a minefield of risks, which is why organizations are turning to an innovative zero trust mobile access solution to instantly resolve security flaws.

Almost 80% of US-based companies have used BYOD since 2018, but a growing number are discovering BYOD can often stand for “Bring Your Own Disaster.” This is because BYOD essentially extends the company’s network out into the world and exposes firms to risks related to client, employee, or corporate data. 

For most organizations the decision to implement a BYOD policy has lots to do with productivity and flexibility, but little to do with security. So while it can help organizations to be more efficient and effective, the security implications can quickly outweigh the benefits. Securing BYOD is a headache, and far more complicated and problematic than corporate-owned endpoints. This is why even the biggest corporations are at risk. 

 

Significant BYOD Data Breaches 

Global consulting firm, Deloitte suffered a substantial data breach in 2017, which was attributed to an administrator’s account being accessed after using an unprotected device. This impacted their email system and exposed highly sensitive client data, including that of the US Department of Defence. 

LastPass, an award-winning password manager, which saves passwords and gives secure access from every computer and mobile device, had its systems breached in 2022 after a hacker stole source code and technical information from a home computer belonging to one of the company’s DevOps engineers.

The growing culture of BYOD devices in healthcare is now also one of the biggest security threats facing the sector, according to the Cybersecurity and Infrastructure Security Agency (CISA).

 

Key BYOD Vulnerabilities 

 The underlying concerns of security professionals regarding BYOD deployment are data leakage (62%), users downloading unsafe apps or content (54%), and lost or stolen devices being compromised (53%), according to Bitglass’s 2021 BYOD Security Report

While many businesses have specific BYOD policies in place to guard against security vulnerabilities, enforcing them is problematic. This leaves organizations and their data at risk due to: 

Poorly secured Wi-Fi networks: When employees are working remotely using their own devices to connect to unsecured public Wi-Fi networks they can expose sensitive data to potential security threats. 

Not updating software: Personal devices may not contain the most up-to-date software and security patches. This can leave them vulnerable to hacking attempts. 

Unauthorized apps: Unknowingly downloading and using unauthorized applications on personal devices provides a significant threat of malware or spyware compromising company data. 

Sharing unsecured data: Sharing data using unauthorized messaging apps and personal email accounts can expose sensitive data to security risks. 

Data at rest: When an employee accesses confidential content in a BYOD environment, the data leaves the corporate network and rests on their device, even using the most advanced data protection solutions and authentication protocols.

 

The Solution for All BYOD Threats

Symmetrium’s zero trust mobile access solution has been designed to help organizations keep data protected in a BOYD environment. It works by the creation of virtual devices that reside within the organization’s own IT environment. 

When remotely accessed these virtual devices act as extensions of all organizational security and compliance policies using end-to-end encrypted streaming. The result is a completely native mobile experience with seamless deployment and management.

Corporate data is always accessed virtually using Symmetrium via the organizational network, and therefore at no time sits on the user’s actual device. The result is that data remains secure and is never put at risk.

With each mobile device acting as an on-prem laptop, it allows for full control over the data employees access and shields this data from any risks associated with the BYOD device being used to access it. 

This allows for minimum-resources BYOD mobile management via a central management console for all devices, OS and brands. All is integrated smoothly into existing security and GRC data access protocols through one single app. The result is organizations can finally be confident their data remains secure and protected at all times regardless of the device being used to access it. 

Isn’t it time you reconsidered your approach to BYOD? Book a demo with Symmetrium here.

 

The Challenges in Creating a Secure Zero Trust Environment

Most organizations will struggle to implement and securely manage zero-trust environments, due to the many challenges involved, without the adoption of Symmetrium’s Virtual Mobile Device solution. 

The traditional perimeter of organizational networks has been obliterated by the rise of remote work and SaaS services, forcing the implementation of zero-trust environments. This is necessary to cope with the unprecedented growth in endpoints and data sources operating beyond the confines of the traditional organizational network.   

Zero trust provides a more comprehensive approach to security than traditional methods. The core principle of zero trust is to trust nothing and verify everything. This means that all users, devices, apps, software and data both inside the network and outside must be verified and protected. Organizations can therefore, in principal, mitigate the attack surface nefarious actors target to steal data, compromise passwords and other malicious activities. 

 

Problems Implementing Zero Trust

While zero trust is a key strategic focus for most organizations to reduce risk, according to Gartner, very few organizations have completed the scope of their zero-trust implementations.

Many of the associated challenges to implementing a true zero-trust environment are linked to the hybrid work culture, which has become a significant obstacle in securing this model. With more employees working outside the boundaries of the corporate network, using their own devices to connect to sensitive business data, security vulnerabilities have spiked. 

The use of non-secured mobile devices has resulted in an entire stack of identities and end-points that require a full set of resources to continuously secure, protect and manage it. This requires mapping how users and their devices access and interact with sensitive data. Solutions focus on managing these users and devices to help increase cyber resiliency and remote access. 

 

Zero Trust’s Fundamental Flaw

This exposes a fundamental flaw in their approach — a focus on users and devices, and not on data. So once users are granted access the data they access using their mobile comes to rest on that device. Thus the data is no longer in the secure confines of the corporate network environment and is exposed and vulnerable on the device it is now residing on.

Security will always be maximized when there is no data at rest and therefore no data at risk. This is how Symmetrium, a zero-trust data mobile access solution, enables productive collaboration while dramatically minimizing the risk of data breaches. It achieves this by turning any mobile device, managed or unmanaged, into a virtual extension of an organization’s network, with all its compliance, security, and IT. 

 

The Only True Zero-Trust Approach

Using Symmetrium means organizations don’t have to ditch and replace technology to implement a secure zero-trust environment. This is because Symmetrium creates virtual mobile devices (VMDs) that sit protected within the perimeter of an organization’s network and therefore adheres to all existing enterprise network security protocols. 

These VMDs use P2P encrypted streaming to allow authorized remote and third party users to view data using their own devices. This view-only data never leaves the protected organizational network and therefore is never transferred to an external device. This ensures the data at all times remains secure and never comes to rest on external devices.

With zero trust now vital for organizations to survive digital transformation it is critical to overcome the associated challenges. In a world where data, resources and employees are outside the enterprise perimeter, the only true zero-trust approach is to ensure “no data at rest” and Symmetrium’s VMDs are the perfect solution to make this happen.

So, isn’t it time you reconsidered your approach to zero-trust security? Book a demo with Symmetrium here.

close-tag

We’re proud to be the ones making TPRO, CISO, IT and vendors - happy

by ramping up zero-trust mobile access.