Join the conversation!

Mobile Compliance

Trends in Electronic Communication Compliance

Which records do we need to keep, and how long do we have to keep them?

In the past several years, large and small businesses alike have wanted to know which records they need to archive based on regulations and certain policies. Since the 2006 amendments to the Federal Rules of Civil Procedure, the legal literature has extensively covered electronic record retention requirements, with particular scrutiny on retention and retrieval of email. Yet, legal literature often overlooks other forms of electronic records impacted by the 2006 amendments and federal and state regulatory schemes. Voicemails, instant messages, text messages and other forms of alternative communications are electronic records subject to preservation and production by regulatory requirements and for discovery in certain circumstances.

The increasing number of federal and state regulations requiring businesses and local governments to retain text messages, voicemails, instant messages and other forms of alternative electronic communications will lead to more litigation. Businesses throughout the United States need to know the new regulations addressing discovery and retention of electronic communication records. As well as keeping up with the recent changes in regulatory enforcement and the evolving archiving standards.

Perhaps the most extensive and significant electronic record retention requirements are contained in the Dodd-Frank legislation and regulations.Financial institutions must ensure that they have the capability to archive and maintain all types of electronic communications. Therefore, the installation of text message archiving, voicemail archiving, instant messaging archiving, voicecall archiving and email archiving may be necessary.

As consumer technology becomes increasingly present in the corporate environment, a proper information governance strategy is paramount to ensure valuable business information is retained while stale data is purged to reduce legal and regulatory risk exposure

The Need for Chief Mobility Officers

Compliance regulations are in the process of finally grasping control over new technologies affecting their corresponding industries. People may accomplish a task like check a status, find an expert, receive an alert, make a purchase, answer a question, share an opinion, or send a message with their mobile phones. This shift will lead to 350 million employees using smartphones and business spending billions of dollars on mobile projects. Employees prefer to text and call each other on their mobile devices instead of their desk phones.
This chief mobility officer position should oversee not only the bank’s consumer-facing apps, but also its B2B and employee apps that mobilize back-office processes. Deploying multiple mobile apps without a central coordinating function can be very costly in terms of time, money and security risks. There are many different tools that can be used to help ensure secure enterprise mobility at the device, app and data levels. For example, while basic Mobile Device Management solutions include policy management for devices, corporate data and content or applications, only some high-end solutions also include security mechanisms like data encryption, user authentication, malware protection or security regulation compliancy.
Security fears are one of the main reasons banks and other enterprises have slowly waded into the mobility waters rather than diving in head first. The right application and integration platforms can also help ensure compliance with regulations.

Managing the Risk of BYOD ( Bring Your Own Device )

BYOD refers to the policy of allowing employees to use their personal mobile devices to access their employer’s information systems and applications for business purposes. In recent years, there has been a fundamental shift in the way people understand and interact with electronic information. Employees expect to be able to work with the device of their choice and dislike the inconvenience of maintaining separate mobile devices for business and personal use.

As with any technology, there are risks associated with implementing a BYOD program. There are legal risks, such as the ability to access information responsive to a document requests for preservation or production; there are regulatory risks associated with information on those devices that may be subject to regulatory retention and supervision requirements; there are information security risks associated with lost or stolen devices, as well as many different devices having access to the organization’s networks; and there are data privacy risks associated with the mix of personal information with business information on one device. Consider the use of text messaging in a BYOD program. With an organization-owned device, the organization has the option of centralizing control of its employees’ text messaging by disabling text or instant messaging capabilities on the device or capturing such messages for business purposes on the organization’s centralized infrastructure. With a BYOD program, however, an organization loses its ability to easily block or capture business-related text messages, and is forced to rely more heavily on employee participation and compliance with policies to manage risk.

Configure policies to prevent data collection from personal email, content or applications on an employee-owned device. GPS location, personal user information and telecom data can also remain private, and employee-owned devices can be protected from a full device wipe or remote control. With custom Terms of Use (TOU) agreements based on user role, organization group and device platform, users can be informed about data that will be captured and what they are allowed to do with the device.

Monitor Employee Text Messages

How much privacy do you have on your company owned smartphone?

There have been many cases that have clarified an employer’s ability to monitor e-mail on workplace computers, but monitoring employee text messages has now become common practice. Industries notorious for their extensive practice of employee monitoring include financial services, telecommunications, pharmaceuticals, insurance and government sector jobs. Surveys have shown that more than three quarters of bosses think employees should be allowed to send personal e-mail or texts from employer-provided equipment, as long as it isn’t excessive and doesn’t interfere with work.

That said, half of employers say they monitor employee email use, and about a quarter have fired workers for violating e-mail or text policies. However, unlike e-mails that are stored on the company server, cell phone companies store text message records–and many companies do not pay for access. The company has the legal right to put a monitoring software on your phone. The phone is company property, after all. Public entities should be cautious in reviewing employee communications based on the assumption that they are not private.

Employers should avoid giving employees any reasonable expectation of privacy as such course of conduct could undermine an employer’s computer usage policy. Some states don’t require a warning to employees that this extensive monitoring is in effect; you can find out by asking your human resources department. Employers, and in particular public employers should be ready by having clear and precise monitoring policies that are consistently followed and effectively enforced. Text messages, no doubt, should be included in such monitoring policies.

Mobile Security Market Set To Hit 2 Billion Including BYOD

When it comes to protecting the enterprise, IT departments are looking beyond the basic, simple security applications, the firm found, with the demand for specialized services beginning to drive the market. In particular, network security, managed security and professional services are set to become the biggest categories for business-to-business mobile security.
Bundled network security, which includes unified threat management, deep packet inspection, virtual private networks and remote device management, will become ever-more important. Increasingly, mobile security is concentrating on services for mobile device, identity and authentication management, as well as for audits, certification and consulting.
The market will continue to tick upward as mobile threats proliferate, and proliferate they have: the number of unique mobile threats has grown by a whopping 261% in just two quarters.
Those companies who have yet to face up to the BYOD challenge and determine who in their organisation is currently engaging in BYOD are potentially going to face real problems very soon. But the future of BYOD depends upon the viability of long term plans regarding security. The risk of data loss is enormous and there are many industries where this is simply not a risk which can be taken. The loss of personal information for instance can be a major cause of legal action and because so many companies now hold private details of clients (including financial information) this is an important reason for taking BYOD and security very seriously.
Each company will have their own and very unique set of needs regarding BYOD and as long as there is a need for BYOD, then there will be the need to create effective solutions for all eventualities. Companies need to assess different providers and work together to create the best solutions for all concerned.

Compliance Challenges For Communication

Today’s new environment shows a marked shift of responsibility from the regulator to the regulated. Until now, the obligation for understanding communications media used in the negotiation of each transaction was firmly with the authorities, with requests often media-specific, and targeting individuals, rather than transactions. However, the change in the processing, analysis and recovery of data retained by regulated firms is happening now. The Dodd-Frank Act, and the interpretation of the ‘intention’ of the rules by the CFTC, means firms must produce communication records relating to specific transactions, and in the future, the industry should expect to see requests that target individual trades.
In the US, mobile recording has not been the norm, and systems have not been designed to cope with the massive increase in volume that tracking mobile and voice in conjunction with email conversations will bring.
Now with the increased privacy and security awareness among businesses, customers, and elected officials, traditional best practices are being incorporated into new laws, regulations and supervisory guidance that define a higher security standard that all affected organizations must achieve. Information security is no longer only a prudent business decision, it is mandated.
Legal mandates require organizations to maintain the confidentiality of sensitive information. The growing number of laws and regulations that mandate effective electronic security steps make management and control critical to any business that plans to allow the use of electronic messaging and communication tools in conducting business.
The ability to search for keywords and phrases has been an integral part of the compliance officer’s monitoring and retrieval process─regular searching of users’ email, Bloomberg and other text-based messages is now commoditized, and forms part of almost all retention platforms. However, the ability to search for keywords in voice recordings and integrate them within the lifecycle of a specific trade is a challenge that compliance officers are about to face.
Banks are now starting to deploy systems to allow them to meet the challenges of increased retention and retrieval challenges. A correctly deployed and targeted system is able to increase productivity and reduce false positives for the monitoring and retrieval of messages.

How to Avoid Fines & Lawsuits by Making Your Mobile Communications Compliant

MobileGuard, a New York City based mobile phone compliance technology company, announces its latest webinar, How to Avoid Fines & Lawsuits by Making Your Mobile Communications Compliant, scheduled for January 23, 2014 at 11:00 AM EST.

The unprecedented fines, penalties, and law suits faced by major financial institutions in 2013 clearly demonstrates that the government is not averse to aggressively investigating and prosecuting organizations for noncompliance with regulations and rules. While a large number of organizations have implemented solutions to comply with regulating bodies, studies indicate that mobile recording is still an open issue. More than 50% of the mobile workforce falls short of FINRA requirements.

The one-hour webinar will address the challenges faced by organizations, due to the rapid growth of smartphones in the workforce plus the increasing BYOD (bring your own device) policies. These trends pose new threats of security breaches, data corruption, fraud, legal infractions, and regulatory violations, causing FINRA and the SEC to continue to enforce its regulations of electronic communication. Participants in the webinar will also gain insight into how companies are deploying solutions to comply with these financial regulations.

MobileGuard, one of the first firms in the mobile compliance space with patented technology, will present in detail its mobile recording solution, which includes text recording, archiving, logging, monitoring and analytics; called MessageGuard. Provided as a client or on-premise solution, MessageGuard is a feature rich and user-friendly system that archives sms text messages in a format that is easy to access. The webinar will demonstrate MessageGuard’s unique value in enterprise, what to do with iPhone enterprise , and why have leading financial institutions have chosen this solution. Mobile regulation is key!

Avoid security breaches, client lawsuits, government fines and a damaged reputation due to the misuse of mobile devices in the workplace. How to Avoid Fines & Lawsuits by Making Your Mobile Communications Compliant is free to attend. To register simply visit www.MobileGuard.com/mobile-compliance-webinar.

Samsung Quest for Enterprise

The timing couldn’t be better for Android to increase its penetration into the enterprise, especially with Android mobile devices, as of the third quarter of this year, representing 81.9% of total market share (consumer and business) and with BYOD policies becoming increasingly prevalent. Also, as recently as 2010, Blackberry dominated the enterprise in smartphone sales, but since then, its market share has plummeted, creating a huge opportunity for Android. Likewise, the iPhone (iOS), experiencing great success in consumer markets sales in recent years, found its way into the enterprise, and in 2011 became the leader in enterprise market penetration. However, that too is projected to change by year end, with Android overtaking the iPhone with an estimated 50% of enterprise market share. (Source: line graph by IDC).

mobile enterprise

 

 

South Korean-based Samsung, the worldwide leader in Android mobile phones, has led the charge in seizing the opportunity for Android mobile device penetration of the enterprise market. Understanding that security is perceived to be the greatest concern among IT managers, particularly with Android devices, the company launched its Knox security platform, which provides security from the hardware through the application layer. The objective of Knox was to provide greater management and control over employees’ Samsung mobile devices, enabling IT managers to disable any devices that are lost or stolen and receive alerts when a device has been hacked or decoded.

Despite upgrades to Knox security as recently as three months ago, Samsung has encountered some problems serving its large business customers, including the US government. Some of the problems have come in the way of delayed roll outs of Knox in its popular models, like the Galaxy S4, due to deficiencies and bugs detected in the software. For that matter, Samsung didn’t launch any device pre-loaded with Knox until September, when the Galaxy Note-3 phone tablet was launched.

By most accounts, enterprise customers seem willing to work with Samsung developers in meeting their stringent demands in both security and customer support, despite a rough start in both of these areas. And despite Blackberry’s recent decline, Blackberry is still heralded as the standard for enterprise mobile systems, especially in security, against which Samsung’s success will continue to be measured. Progress is being made, but Knox will likely need more refinements before it is at enterprise grade security.

Realizing the challenges of conquering the enterprise and representing enterprise sales as its highest priority, Samsung released a public statement two weeks ago, stating the company had received strong interest and positive feedback from its customers about Knox, adding that it is working with several Fortune 500 and government customers on deploying the security system and expected large scale success in 2014. (Source: WSJ, “Samsung’s Next Challenge: Selling Phones to Business,” 12/04/13.)

No doubt, Samsung has a ways to go to become the dominant player in the enterprise for mobile devices. As an ISV partner of Samsung, we at MobileGuard are confident they will succeed.

 

Android For Enterprise

A confluence of market dominance by Android and the growth of BYOD policies (bring your own device) in the enterprise suggests that Android will be making its way into the enterprise in a big way. Android, Google’s open source mobile operating system, clearly has become the leader in the world of smartphone OS, recording an 81.9% market share in the third quarter of this year. By comparison, iOS (iPhone), for all of its popularity, represents a meager 12.1% market share. android blog 1
However,the iPhone is still the top company-owned smartphone, but Android devices used in companies are increasing and are most likely to be brought to work by staff, according to IDC. Also IDC calculated that during 2012, 87.7 million Android devices would be shipped to businesses and 15.1 million to individuals who would take their devices to work. (Source: Steve Ranger, “Are Android smartphones finally poised to conquer the enterprise?” www.zdnet.com, Feb. 18, 2013). At the same time, the widespread growth of the overall smartphone market and the subsequent desire of employees to use their smartphones in the workplace have prompted greater BYOD acceptance within the enterprise, with additional theoretical benefits to the business, such as lower capital costs and maintenance expenses of mobile devices. According to Gartner, the momentum growth in BYOD policies will be unstoppable in the future, as their graph below suggests. bring your own device android
All of this suggests that Android will soon have a significant role in mobile business communications. Anticipating this phenomenon and in an effort to make the Android phone more enterprise acceptable, smartphone companies like Samsung, the worldwide leader in Android mobile phone sales, have been addressing some of the concerns of IT managers with Android, the greatest of which is security. For example, in September, Samsung announced its plan to add additional security for its Android mobile phones that support its Knox security technology, which provides security from the hardware through the application layer, while retaining compatibility with the Android OS. The latest release of Android 4.0 in late 2011 does support device encryption on smartphones, but the vast number of pre-existing Android releases on several different device types that lack security will still require IT to take extra precautions in managing these devices.
According to TechCrunch, “Each version of Android has improved management and security capabilities, but the vast array of devices on the market means it’s unlikely that enterprises will ever deal with only one device type. This doesn’t negate the prominence of Android in the enterprise, it simply means CIOs must arm themselves with the right protective measures.” (Source: Neil Florio, “Enterprise Android Adoption: A CIO’s Big Dream or Worst Nightmare?” www.techcrunch.com, Nov. 17, 2012). Within specific markets, like financial services, insurance, healthcare and government, wherein mobile phone communication is regulated, enterprise IT managers are faced with additional challenges with Android devices. In addition to addressing mobile device management, including security, they must also have a compliance solution which captures, archives, and monitors text and voice messages.

BlackBerry: We Are Committed to Reclaiming our Success

Blackberry has high hopes for John Chen, by offering the interim CEO $85 million worth of restricted stock. Seems like that might just be the best idea for the trailing mobile provider.

Blackberry stock has started to rise as the company decided to stay public and acquired $1 billion from Fairfax Financial Holdings and other institutional investors. John Chen declaired “not dwelling on the past and has financial strenght for the long-haul” about BlackBerry. BlackBerry has mostly succeeded in cracking out a technically advanced product, but it has paid no attention to having a relateable business system that can influence consumers when choosing one device over the other. He underlined three assets the struggling phone maker is leveraging to plow ahead: BBM, the BlackBerry network, and QNX.

Blackberry’s Enterprise Mobility Management (EMM) for Blackberry 10 is being utilized throughout Europe for all its new devices. Blackberry previously claimed that it wishes to focus more on its services than its actual devices. BlackBerry is reinventing EMM by bringing together Device Management, Security, Unified Communications and Applications. Blackberry is now embracing its competitors by allowing Blackberry Messenger on iOS and Androids. Also on the new BlackBerry Enterprise Service 10, they can manage Android and iPhone devices as well as their tablets.

Organizations around the world rely heavily on Blackberry and their services, and they are ready for the positive change.