IT GRC Forum

Cloud computing continues to have a significant impact on the way enterprises operate, and companies are increasingly migrating to the cloud as a result of its value. But security and data privacy concerns are critical issues to consider before adopting cloud-computing services. Security Considerations for Cloud Computing, a new book from global nonprofit IT association ISACA, presents practical guidance for IT and business professionals to help them securely move to the cloud. 

Most of us have heard the saying “It’s 2am, what are your kids doing?” and you may know, but do you know what your mobile apps are doing? I know before I started working in the industry, I would not have given a second thought to this, but consider this.

If you told me 10 years ago that mobile phone security was going to be a huge issue I would have told you to put down your cocktail and give me your keys. Back then all we had was feature phones or “dumb phones” and your phone was high tech if it had games on it or you could get pictures via text message.

The past 24 months have seen a number of man-made and natural disasters bring risk management demands to the forefront of executives and board directors. Whether these have been natural disasters, such as the Japanese Tsunami or man-made disasters, such as the Gulf of Mexico oil spill, fat-tail disasters have created a renewed interest in enterprise risk management (ERM) practices.

In the United States, our credit and debit cards still rely on outdated magnetic stripe technology. The magnetic stripe is the black or brown band on the back of your credit or debit card. The stripe stores data, such as your account number, via tiny, iron-based magnetic particles. When you swipe your card through a card reader, the device accesses the data stored on the magnetic stripe. A quick YouTube search yields numerous vendors offering to sell skimming devices, which can be used to steal data from credit cards as they are swiped in an ATM.

The old magnetic stripe technology currently used in credit and debit cards in the United States is inexpensive and readily available, making our cards highly vulnerable to fraud. It’s understandable then that credit and debit card fraud is Americans’ primary fear, with 68% of those surveyed describing themselves as extremely or very concerned about the security of their credit or debit card data and 66% as extremely or very concerned about identity theft.

Contactless payment, also known as NFC or near field communication, is a technology that allows electronic devices to communicate wirelessly. In the case of a mobile wallet application, those devices would typically be a mobile phone and a point of sale terminal at a checkout counter. (NFC has other uses beyond credit card transactions: it can integrate with hardware—to unlock a door, for example—or it can activate software.)

Frequent fliers accustomed to traveling internationally for business are helping drive demand for EMV cards within the United States. Business travelers who have found it increasingly difficult to use their magnetic stripe cards while abroad are now requesting that American banks provide EMV, or chip and PIN cards, which are used more commonly in Europe and around the world.

Have you ever thought about what would happen if you lost your mobile phone? These days we rely on our mobile phones more than ever. For a lot of us, it can also be a nightmare if it’s lost, stolen or hacked, especially since today it’s become our most personal computer,

An employee may pay for their device and its monthly plan, but employees who use their personal devices at work should be required to adhere to a Bring Your Own Device (BYOD) policy that sets the ground rules. If you choose to use your personal device for work purposes at any time for any reason, then your employer will more than likely want control over that device. This means like in a company mobile liability policy, the employer may have remote capabilities to monitor activity and in the event of loss or employee termination, wipe the data.

Yahoo reported the theft of some 400,000 user names and passwords to access its website, acknowledging hackers took advantage of a security vulnerability in its computer systems.

NFC is an acronym for near field communication, a wireless technology that allows devices to talk to each other. In the case of a mobile wallet application, those devices would be a mobile phone and a point of sale device at a checkout counter.