Private Devices Catch Companies Unaware

More than one in two organizations are unprepared to deal with security breaches to their corporate and employee-owned Bring Your Own Device (BYOD) notebooks, tablets and smartphones.

According to a recent study by ITIC, a research and consulting firm, and KnowBe4, which trains companies in security awareness, half of businesses also say their BYOD devices may have been hacked in the last year.

In “2014 State of Security,” the firms polled 250 companies worldwide. More than half the organizations surveyed (55%) have no plans to beef up security measures, despite the recent spate of security attacks against companies like Target, Skype Snapchat and others.

Want the latest retirement plan adviser news and insights? Sign up for PLANADVISER newsletters.

But BYOD is a fact of office life these days, and most businesses allow employees to bring their own devices to use as corporate desktop or mobile devices that are used to access work email, applications and sensitive data.

Approximately half the survey respondents said their employee and company-owned BYOD devices had not been hacked, compared with about 10% that indicated that desktop devices and smart phones were compromised.

More than two out of every five businesses (43%) have no designated BYOD security policies. Only 13% have policies in place to deal with BYOD deployments; another 9% are developing BYOD procedures. Two out of five businesses admitted they were “unsure,” “had no way of knowing” or “do not require employees to inform them” if their desktops or BYOD devices have been hacked.

Some 45% of businesses take additional security measures, including installing the latest security fixes and patches, conducting security audits and vulnerability testing and initiating computer security training for IT and end users.

Strong anti-virus, intrusion detection and firewalls are the most important/critical element, said 80% of the firms surveyed, and are the most effective mechanism to safeguard their networks, followed by endpoint security.

Some 60% cited physically limiting access to the server room/datacenter and providing end-user security awareness training as crucial to security.

Congressional Hispanic Caucus Weighs in on Fiduciary Rules

A group of 26 members of the U.S. House of Representatives, known as the Congressional Hispanic Caucus, threw its support behind expanded fiduciary rules pending from the Department of Labor (DOL).

The caucus expresses a strong interest in the upcoming fiduciary redefinition in an open letter sent to U.S. Secretary of Labor Thomas Perez, which reminds the DOL that many of the retirement-readiness challenges impacting workers in the U.S. are especially hard on the Hispanic community.

“We have an interest in the re-proposed definition of a fiduciary because of the unique circumstances of Hispanics in saving for retirement,” reads the letter, penned and signed by Ruben Hinojosa (D-Texas), caucus chair. “Recent studies have shown that low and middle-income Hispanics and other minorities have retirement plan savings that are almost 40% lower than other low and middle-income individuals. In fact, only 38% of Latino employees age 25 to 64 have access to an employer-sponsored retirement plan.”

Never miss a story — sign up for PLANADVISER newsletters to keep up on the latest retirement plan adviser news.

Antonio “Tony” Cardenas (D-California), also appears on the letter as a signatory. 

The fiduciary redefinition addressed in the caucus’ letter has been delayed multiple times since first being proposed in 2010. In a recent conference call with reporters, top DOL officials said they hope to have the final redefinition proposal ready by August of this year.

The caucus’ position in its letter is a nuanced one, considering the debate which has surrounded the pending fiduciary redefinition. While it’s still unclear what exactly the expanded fiduciary rules will look like, many in the industry have expressed concern that making fiduciary rules stricter will force some service providers to eliminate the less expensive forms of advice sometimes offered to low and middle-income workers. The idea is that such firms will not want to take on fiduciary responsibility for the workers to which they currently provide low-cost advice (see “Fiduciary Status Could Be a Big Rollover Plus”).

The letter doesn’t specifically mention this issue, but it does remind the DOL that, whatever service providers the final definition of fiduciary turns out to cover, Hispanic workers need better access to financial advice and education.

On the other hand, and more in line with points raised by the DOL regarding an expanded fiduciary definition, the caucus also writes that it is “critically important” that the new rule protects individuals from misleading or harmful advice. That argument lines up more with those who support a wider definition of fiduciary, who often argue that certain service providers, such as broker/dealers, should be held to a higher standard in terms of the products they promote to their clients to cut down on potential conflicts of interest. Current rules apply only a “suitability” standard to these providers, which is less strict than the fiduciary standard dictating all decisions must be made in a client’s best interest.

A full copy of the Congressional Hispanic Caucus letter is available here.

«