Whether or not you are in a regulated industry, it’s important to know how mobile device usage can impact your security. Looking at the regulations that do exist is a great place to develop understanding around what you need to be protecting within your own company if you want to stay protected.
This will allow you to better protect customer information, keep your critical data safe from leaks or loss, accommodate the “mobile office” in a safe and forward thinking way, and, finally, to better grasp the impact that smart devices will have on how your company does business.
Here are a few mobile security regulations that you need to know, regulated or not:
If you’re in the health care industry, then the Health Insurance Portability and Accountability Act of 1996 directly impacts your business. You’re required to take serious IT measures to ensure that your patient information is protected.
If you’re not in the health care industry, you still need to be aware of HIPAA requirements, albeit to a lesser degree, because you still deal with employee health insurance coverage and are required to keep their information protected.
HIPAA infractions can lead to massive penalties and fines. Mobile device usage is a primary culprit of HIPAA penalties.
- PCI Standards
The Payment Card Industry Data Security Standard impacts any company that processes major credit cards. The standards are designed to protect consumer information from credit card fraud.
The latest 3.2 update was released in April of 2016. All businesses are encouraged to adopt these standards to prevent cyber breaches that can lead to a PCI infraction. However, businesses officially have until February 2018 before they are required to implement these new regulations.
Some of these new regulations include continual enforcement of compliance instead of a once yearly exercise, detection and reporting on failures of critical security control systems, penetration testing on segmentation controls every six months, and multi-factor authentication amongst others. Mobile Device Management is critical to ensure PCI standards are met.
- Sarbanes-Oxley Act
The Sarbanes-Oxley Act of 2002 protects investors from the possibility of fraudulent accounting activities by corporations.
This impacts mobile device usage. The SOX Act has mandated strict reforms to improve financial disclosures from corporations and prevent accounting fraud. Mobile applications security is critical to ensuring that the SOX Act regulations are met.
- GLBA Act
The Gramm–Leach–Bliley Act of 1999 legalized the mergers of commercial banks, investment banks, securities firms, and insurance companies. However, the act also served to address concerns related to consumer financial privacy.
All companies are handling consumer money in some form or another, typically in the form of credit card information. Any organization that receives customer financial information from a financial institution may be restricted in its reuse and redisclosure of that information.
While this act largely applies to financial institutions, a lot of organizations fail to realize this applies to the mobile devices they are using to conduct business, whether or not they are in financial services.
Mobile Device Management solutions help businesses in all industries stay protected and ensure they meet regulation and compliance requirements, without the headache of having to learn the ins and outs of each regulation. And whether you’re regulated or not, protecting customer and company data is critical to avoiding serious unexpected costs, downtime, and damage to your reputation.