Commonwealth Bank of Australia Risk for Devices-myassignmenthelp

Question: Discuss about theCommonwealth Bank of Australia Risk for Personal Device. Answer: Review Of The Project Financial services refer to a range of financial services provided by various players in the financial industry. They include services provided by banks, insurance companies, and government-sponsored enterprises among others. In broad terms, institutions operating in the financial sector are regarded as highly sensitive especially with regards to the security of their systems. Financial service providers are virtually present all over the world even in remote areas to satisfy the financial needs of individuals, groups, companies and other institutions (Gustav Kabanda,2016). The intermediary role played by financial service industry in Australias economy is quite significant. Individuals, government agencies, businesses and nonprofit organizations rely on this sector to either get funds when need be or dispose of excess cash which is then lent out to those who need it, technologists play a significant role in facilitating this transaction. Clients .Clients are the most important asset to the Commonwealth Bank of Australia. The bank is focused on establishing lasting cordial relationships with its various clients both depositors and debtors. The bank's clients include retail clients, institutional investors, financial sponsors, entrepreneurs, and corporations. Implementation of the project would mean that these clients needs attended to at any given time and with much efficiency (Felt,et al,2011) Employees. Employees are an important shareholder and an important asset to the bank. The company is focused on nurturing and developing the professional capability of their employees. The project might be limiting to employees to employees without such devices and an opportunity for those with the devices to enhance their professional prowess There are some legislation that would determine the ability of Commonwealth Bank of Australia to implement the project which includes Archives Act 1983, Privacy Act 1988 and Freedom of Information Act 1982 which were established as a necessity as a result of the risks that emanate from allowing employees to bring own devices at the workplace. If it can implement the project, the Bank will, therefore, be required to put in place certain control measures to ensure that it meets all legal obligations (Watkins, 2014). The bank would, therefore, be required to examine the implications of the project to both the business and its overall security. As per best standards requirements, commonwealth bank of Australia would be required to determine the implication of the project by analyzing an already existing real example, identify the existing regulations and legislation to facilitate compliance, put in place various support measures, both financial and technical and finally roll out the proj ect. The realization of this is solely dependent on the ICT department or the technological department of the Bank. Financial institutions are affected by many risks which can be categorized into. Credit risks Credit risks occur as a result of failure by debtors to pay what they owe a bank. Failure to pay can be as a result of inability by the debtor or unwillingness to pay. Credit risks are likely to affect Banks operations, its shareholders as well as its ability to issue fresh loans (Acharya, et al,2017) Legal risks Legal risks occur as a result of violation of legal standards set by government institutions as well as other regulatory bodies in which financial institutions are supposed to abide by. Legal risks affecting financial institutions include violation of security and fraud laws. Legal risks can have adverse effect towards the operation and the reputation of a financial institution like the Commonwealth Bank of Australia. Systematic risks Systematic risks occur as a result of changes in the value of an organizations assets. Systematic risks occur mostly a s a result of changes in the prevailing economic conditions such as changes in interests rates, changes in foreign exchange among others. Systematic risks can also have a significant impact on the operations of Bank (Acharya, et al,2017) With the possibility the occurrence of many risks therefore, any Financial Institution is therefore required to be aware of these risks among others so that it can put in place policies of identifying and addressing the risks before they can have a significant impact on their operations. Security Posture Modern organizations are faced with a myriad of challenges which continue to threaten their survival. While challenges can present an opportunity for an organization to put in place measures to avoid more devastating challenges, the emergence of serious challenges that can lead to ultimate incapacitation of an organization. Of major concern is the financial service sector whose data security is paramount especially due to the adverse effects that can result from any serious threat through infringement of banks systems and databases. Such data these would adversely affect not only the bank but also its various stakeholders who depend on the services offered by the bank (Shim, et al,2013)The management of Commonwealth Bank of Australia especially those in the IT department are tasked with the responsibility of ensuring that such threats are mitigated. It is their sole responsibility to protect the Banks systems, data and the privacy of its clients by adequately managing the bank's fina ncial information. Amid the increasing level of competition in the Australian financial sector, the Bank has no option but striving at providing the best data security measures in the industry. Commonwealth Bank of Australia has been viewed to be way ahead of its main competitors in as far as information security is concerned. With the many strategies undertaken by the Bank, implementation of the project allowing employees to bring their devices to the workplace is likely to have huge implications on its operations because employees might have unauthorized access to some of its crucial information from their devices which might lead to loss, damage or manipulation of data. While the project might have both positive and negative implications, it will be necessary for the Bank to undertake sufficient research to find out whether the benefits surpass the negative outcomes (Thomson,2012). Monitoring is key in managing any sensitive data or information form an organization. By allowing employees to bring their own devices this practice which is highly encouraged at the Bank is likely to be affected. Among the implications of this project to the bank is the reduction of system security assurance. The bank will also be able to monitor the working of their employees because the use of personal devices makes it relatively hard for the management to distinguish when employees are using the devices for personal undertakings or work-related tasks. The project will also facilitate deviation from the banks secured use of sensitive information to the unsecured use of such information. It is also possible that such devices might be stolen thus risking the Banks sensitive information. The project also comes with an additional budget for the company, implication on its human resources, compliance regulations as well as legal obligations and liabilities. To regulate such implication s, Commonwealth Bank of Australia will need to put in place regulatory policies stipulating the terms of use of personal devices (Miller,Voas Hurlburt,2012). Reasons for implementing a BYOD Policy There are numerous reasons to why an organization can organization can adopt the use of a BYOD policy which include improving the real time productivity and engagement of employees because the policy makes them more satisfied and provide results from any location, creating a smarter and skilled labor force, to introduce a more flexible strategy at the work place, reduce hardware investment by a company among other benefits. Return on Investment is used to ascertain the cost reduction achieved by a project over certain duration of time. This method can be used by Commonwealth Bank of Australia to analyze the long-term impact of implementing a BYOD policy. Return on Investment is calculated as follows Net Profit / Total Investment * 100 Commonwealth Bank of Australia must, therefore, undertake an evaluation of the merits and demerits of the project and its overall implications on the Banks' goals and mission. This will then be followed by formulation of policies to regulate the use of personal devices and the general security of the Banks systems. The Bank may also hire the services of solution providers whose main responsibilities will be assessing the risks associated with the project, formulation of different projects to govern the project as well as coming up with control measures to facilitate implementation of these policies. Commonwealth Bank of Australia will, therefore, be required to notify their employees on what to expect upon implementation of the project regarding the privacy of their personal information which might need to be subjected to company monitoring (Pillay,et al,2013) Implementation of BYOD project will require the bank to consider its ability to remove the banks information from employees devices upon their departure from the bank, clarify on what devices, platforms, and networks that can be used in these devices including any associated prohibitions to use such devices, avail a procedure to address possible theft of these devices in order to protect Banks Information and clarifying on the consequences of any violations from employees regarding the use of personal devices. The bank should also establish its ability to access and have control over information belonging to it including the use of mobile device management system as well as identify support limitations resulting from these devices to ensure that they are addressed. Before implementing the Common program wealth Bank is also required to analyze how the project is likely to affect the various stakeholders and the bank at large and therefore it should solicit views from its employees, th e finance department, its legal advisers and finally its technological team (Ghosh, Gajar Rai,2013). The solution lies in the Banks ability to use smart policies and compliance; such policies would include an adoption of a formal mobile policy that stipulates consequences of violation, sufficient security measures use of training programs to solve mobile liabilities. A mobile policy would include ensuring that each device that is being used by an employee is remote wipe enabled. Although the process might require much time and resources, it will save the Bank a significant amount of resources that it might incur in an instance where these devices are used to break the law (Moyer,2013). Threats, Vulnerabilities, And Consequences Although highly considered for their useful functionality and high efficiency at the workplace, technological devices such as iPads, mobile phones, laptops, and ipads have come with numerous challenges that continue to affect not only employees but also their employers. Recent studies have shown an increase in the usage of usage of own smart phones and tablets for business with the number expected to keep rising (Morrow,2012). The number of Companies allowing employees to make use of their devices for business has also continued to rise with a recent research predicting that at least 38% of global companies will have implemented Bring Your Device into their operations. This is also a trend that has been witnessed 2017 which has recorded a significant increase in the level of usage of personal devices by employees at the workplace. This is to signify perhaps the Importance that some employers attach to the use of personal devices for business. However, adoption of BYOD Policy requires employers to shift their focus to remain updated on changes in technology as well as being mindful of data security and privacy issues (Lebek, Degirmenci Breitner, 2013). For the Commonwealth Bank of Australia, the implementation of the project allowing employees to use their devices for business will, therefore, come with threats, vulnerabilities, and consequences for both the Bank and its Employees. As such, the Bank will find it necessary to focus on changes in technology and regularly address security and privacy issues arising a result of the project (Garba,et al,2015) There are various risks associated with the implementation of the project. By allowing its employees to use personal devices for official purposes, the Bank will commit itself to any violations committed by their employees through the use of personal devices, For any offense broken by their employees, Commonwealth Bank of Australia will be held responsible (Ghosh, Gajar Rai, 2013). A good example of such risks would be where a driver of the bank causes an accident because of using a cell phone while driving as it was the case of the COCA-COLA Company driver who hit a woman while on the phone in 2016. The cases of Employers being sued for employee use of personal devices have been on the rise in the recent past ( Bzur, 2013).There, therefore, some risks that Commonwealth Bank of Australia will be faced with as a result of implementing this project. Abstracted driving Distracted driving is one of the most common risks that result from the use of personal devices at work. The impact of this can be quite huge for a company. The use of mobile phones by drivers while driving can result in unwarranted legal battles as well as penalties due to injuries or deaths of road users. Risks associated with distracted driving is, therefore, one of the risks that Commonwealth Bank of Australia is likely to be faced with as a result of allowing employees to use their devices at work (French, Guo Shim,2014). Loss of devices with unsecured data Lost devices can pose risks not only for Companies but also for individuals. Due to the sensitivity of information handled by monetary institutions, loss of personal devices such as phones or tablets used by employees in their daily duties may lead to leaking out of secrets and sensitive information about the Banks Clients and employees. Such information may end up being used against the company in legal suits (Burt,2011). Sexual Harassment Sexual harassment at the workplace is one of the major risks of allowing employees to bring their devices. Sexting is the most common form of sexual harassment used by adults. It is the process where someone sends another person sexually explicit messages or photographs through mobile phones. Sexting is classified together with speaking inappropriately to a colleague at the workplace (French, Guo Shim,2014). However, unlike the use of inappropriate language at the workplace done orally, Sexting using personal devices at the workplace presents concrete evidence that can be used against the Bank. Content posted on social media The final risk that the Bank is faced with has to do with the content posted on social media using employees devices. It is a common practice by some companies that social media sites be blocked from the companys network; however, with the adoption of this project, it might be difficult to regulate what is posted on social media by employees. Some of the risks associated with social media might include racist comments posted on Facebook by an employee using a BYOD device or an inappropriate photo such as that of an employee trespass (Guan, 2012). All these can be used against the Bank in legal suits and therefore making the Bank liable for violation of the Law. Companies cannot afford to ignore the increasing rates of adopting BYOD that has been caused by the rise in the use of technology. By implementing the project, Commonwealth Bank of Australia will allow usage of employees devices such as smart phones, laptops, and tablets for official duties instead of company-provided devices. Among the information stored in such devices might include inventory, mobile schedules, photos and training videos among others to facilitate easy access of data. While the practice of allowing employees to bring their own devices at eth workplace is becoming a norm, there are many consequences that Commonwealth Bank of Australia might be subjecting itself to by implementation of the project (Mansfield-Devine,2012). Resentment by employees By implementing the project, the Bank will force its employees to incur extra costs to acquire the requisite devices for those who might not be having them. Requesting employees to purchase new devices for work purposes might, therefore, leave them unhappy. Additionally, the costs of usage and transportation are also likely to be pegged on employees (Scarfo,2012) It is likely that employees will be unwilling to shoulder this cost. Too much usage of personal devices for work-related tasks also makes them depreciate within a short period. Among the considerations that The Bank might be considered before implementation of the project will be determining who will be responsible for any repairs on the personal devices. Additionally, the issue of costs associated with the loss of the device while at work can also lead to resentment on the part of employees (Zahadat,et all,2015) Reduced productivity Another consequence of the use of personal devices by employees can be associated with their distractive nature. By using their devices at the workplace, employees are more likely to spend a considerable amount of their productive hours on social sites such as Whatsapp, Facebook Instagram, and Twitter. While the Bank desires to maximize profits, the implementation of the project will result in a distraction of employees from their primary duties which will directly affect their productivity. The small amount of time spent by one employee to send a text message to a friend or surf the web can collectively lead to wastage of so much time which will reduce the overall productivity of the Bank (Mitrovic,et al,2015) Little Control over the Device By allowing the use of personal devices, the bank will also have little control over them. Although the Bank might result in restrictions on the files that can be activated by the device there some employees as a result of their technological prowess might jailbreak such restrictions and gain access to restricted content (Wiech,2013). Data Security Risks Increased entry points for hackers The use of personal devices in the workplace increases the chances of hacking of an organizations systems. While hacking in a situation where all the Banks desktops are within its premises might be relatively difficult, having employees work from their mobile phones or laptops makes it possible to hack from multiple points thus making it easier for hackers to get hold of sensitive information from the bank (Downer Bhattacharya, 2015) Access to Unsecured Wi-Fi Accessing of unsecured Wi-Fi can be quite risky to the bank's data. Allowing use of personal devices would mean that employees will use the same devices that they use to access unsecured Wi-Fi Connections at restaurants, their homes or even at the Airport. Such unsecured networks can facilitate easy hacking of the Banks systems (Suby,2013). Discoverability of data This can be the case where there is a loss of the devices. Any loss resulting from theft or employees carelessness puts the employers data which is stored on the device at risk. Additionally, the project also means that the privacy of employees will also be at stake. For example, in the case of any legal proceedings, personal devices being used by an employee might b explored by the employer or a third party if need be. Some of the personal information that could be explored includes information contained in social media accounts, geographical location or even private photos. This could be against the wishes of the employee (Song, 2014). People leaving the Bank Sometimes employees might leave a company abruptly without prior notice. In such a situation where employees leave the Bank without notice, the management might not have time to remove the bank's information and passwords which might facilitate unauthorized access to the Banks systems by former employees (Vijayan Hardy,2015). Creation of a data classification scheme is the first step in the process of classifying data .It is then followed by the creation of security standards which set the appropriate practices of managing data. The following is an example of a data classification scheme Category 1: This category of data is available for public display, and may include a companys contact information. Category 2: This category represents internal data that can be accessed by Companys stakeholders such as an organization chart. Category 3: Under this category is sensitive organizations data whose leakage to unauthorized persons can significantly affect an organization. Example include a companys contracts with third parties Category 4: This category represents highly sensitive data such as customers account information. Its disclosure can lead to legal tussle for an organization Category 4: highly sensitive data that could put the company in legal of financial risk if disclosed, for example, customer account information and employee social security numbers. Data classification Risks Risk Mitigation Category 2 data loss, defective deletion employee education Category 3 data loss digital signatures, encryption, Category 4 Theft Authorization, digital signatures and biometrics Risks and Risk Mitigation for various data categories Conclusion In conclusion, BYOD Policy is a concept that has gained momentum in the recent past as per the recent statistics of the number of organizations that are embracing it. Commonwealth Bank of Australia intends to join the list of companies that use this policy by implementing its project that will require their employees to use personal devices to be used as the main devices for performing their work tasks. However, successful implementation of the program will depend upon an analysis of numerous factors as well as the inclusion of various shareholders within the Organization. Commonwealth Bank of Australia will, therefore, be required to conduct a cost-benefit analysis of the proposed project before its implementation as well as the various considerations and measures that will be laid out to facilitate successful implementation of the project. Among the considerations that the Bank will need to look at are the various laws governing the use of personal devices at the workplace by emplo yees to facilitate co0mpliance by both the employees and the management. However, the implementation of the project will come with many challenges that the company will be required to mitigate. The associated threats, vulnerabilities, and consequences will affect both employees and the management. Among the risks that the Bank will be faced with are legal liabilities in case of violation of the exciting laws regarding the use of personal devices by the employees, abstracted driving, increases of sexual harassment among employees, associated risks of social media content ,possibility of loss of devices with unsecured data resentment by employees, loss of productivity for employees and the bank and Managements loss of control over devices used by employees in performing their work tasks. The Bank will also be faced with many data security risks including the risk of its systems being hacked from multiple points, the risk of former employees of the bank being able to access the Banks c onfidential information and the risk of discoverability of data. References Gustav, A., Kabanda, S. (2016). BYOD adoption concerns in the South African financial institution sector. InCONF-IRM(p. 59). Acharya, V. V., Pedersen, L. H., Philippon, T., Richardson, M. (2017). Measuring systemic risk.The Review of Financial Studies,30(1), 2-47. Zahadat, N., Blessner, P., Blackburn, T., Olson, B. A. (2015). BYOD security engineering: A framework and its analysis.Computers Security,55, 81-99. Song, Y. (2014). Bring Your Own Device (BYOD) for seamless science inquiry in a primary school.Computers Education,74, 50-60. Guan, L. (2012). Established BYOD management policies needed.Government News,32(2), 9. Bzur,A.,(2013).4 Risks When Employees Bring Their Own Devices to Work.Inc. Ballagas, R., Rohs, M., Sheridan, J. G., Borchers, J. (2014, September). Byod: Bring your own device. InProceedings of the Workshop on Ubiquitous Display Environments, Ubicomp(Vol. 2004). Moyer, J. E. (2013). Managing mobile devices in hospitals: A literature review of BYOD policies and usage.Journal of Hospital Librarianship,13(3), 197-208. Lebek, B., Degirmenci, K., Breitner, M. H. (2013). Investigating the influence of security, privacy, and legal concerns on employees' intention to use BYOD mobile devices. Suby, M. (2013). The 2013 (ISC) 2 Global Information Security Workforce Study.Frost Sullivan in partnership with Booz Allen Hamilton for ISC2. Mitrovic, Z., Veljkovic, I., Whyte, G., Thompson, K. (2014, November). Introducing BYOD in an organisation: the risk and customer services view points. InThe 1st Namibia Customer Service Awards Conference(pp. 1-26). Burt, J. (2011). BYOD trend pressures corporate networks.eweek,28(14), 30-31. Shim, J. P., Mittleman, D., Welke, R., French, A. M., Guo, J. C. (2013). Bring your own device (BYOD): Current status, issues, and future directions. Smith, A. D. (2009). Internet retail banking: A competitive analysis in an increasingly financially troubled environment. Information Management Computer Security, 17(2), 127-150. Ghosh, A., Gajar, P. K., Rai, S. (2013). Bring your own device (BYOD): Security risks and mitigating strategies. Journal of Global Research in Computer Science, 4(4), 62-70. French, A. M., Guo, C., Shim, J. P. (2014). Current Status, Issues, and Future of Bring Your Own Device (BYOD).CAIS,35, 10. Garba, A. B., Armarego, J., Murray, D., Kenworthy, W. (2015). Review of the information security and privacy challenges in Bring Your Own Device (BYOD) environments.Journal of Information privacy and security,11(1), 38-54. Zahadat, N., Blessner, P., Blackburn, T., Olson, B. A. (2015). BYOD security engineering: A framework and its analysis.Computers Security,55, 81-99. Watkins, B. (2014). The impact of cyber attacks on the private sector.Briefing Paper, Association for International Affair, 12. Ghosh, A., Gajar, P. K., Rai, S. (2013). Bring your own device (BYOD): Security risks and mitigating strategies.Journal of Global Research in Computer Science,4(4), 62-70. Downer, K., Bhattacharya, M. (2015, December). BYOD security: A new business challenge. InSmart City/SocialCom/SustainCom (SmartCity), 2015 IEEE International Conference on(pp. 1128-1133). IEEE. Vijayan, J., Hardy, G. M. (2015). Security Spending and Preparedness in the Financial Sector: A SANS Survey. Morrow, B. (2012). BYOD security challenges: control and protect your most sensitive data.Network Security,2012(12), 5-8. Chin, E., Felt, A. P., Greenwood, K., Wagner, D. (2011, June). Analyzing inter-application communication in Android. InProceedings of the 9th international conference on Mobile systems, applications, and services(pp. 239-252). ACM. French, A. M., Guo, C., Shim, J. P. (2014). Current Status, Issues, and Future of Bring Your Own Device (BYOD).CAIS,35, 10. Mansfield-Devine, S. (2012). Interview: BYOD and the enterprise network.Computer fraud security,2012(4), 14-17. Thomson, G. (2012). BYOD: enabling the chaos.Network Security,2012(2), 5-8. Felt, A. P., Chin, E., Hanna, S., Song, D., Wagner, D. (2011, October). Android permissions demystified. InProceedings of the 18th ACM conference on Computer and communications security(pp. 627-638). ACM. Wiech, D. (2013). The benefits and risks of BYOD.Manufacturing Business Technology. Zahadat, N., Blessner, P., Blackburn, T., Olson, B. A. (2015). BYOD security engineering: A framework and its analysis.Computers Security,55, 81-99. Scarfo, A. (2012, November). New security perspectives around BYOD. InBroadband, Wireless Computing, Communication and Applications (BWCCA), 2012 Seventh International Conference on(pp. 446-451). IEEE. Pillay, A., Diaki, H., Nham, E., Senanayake, S., Tan, G., Deshpande, S. (2013). Does BYOD increase risks or drive benefits.Melbourne, The University of Melbourne. Miller, K. W., Voas, J., Hurlburt, G. F. (2012). BYOD: Security and privacy considerations.It Professional,14(5), 53-55.