BlackBerry Forums Support Community

BlackBerry Forums Support Community (http://www.blackberryforums.com/)
-   BES Admin Corner (http://www.blackberryforums.com/bes-admin-corner/)
-   -   Best Security Practices for a Bank Holding Company (http://www.blackberryforums.com/bes-admin-corner/243770-best-security-practices-bank-holding-company.html)

KapsBB 01-20-2011 07:07 AM

Best Security Practices for a Bank Holding Company
 
I work at a bank holding company, so we have many users with very sensitive data on their BlackBerry. I am wondering what would be the best policies and restrictions to implement in order to make sure all the data is secure on the BB especially if it is lost. These are our current security policies in place. We are running BES 5.0.

Password
Password Pattern Checks - No Restrictions
Maximum Password Age - 90 Days
Maximum Security Timeout - 15 Minutes
Minimum Password Length - 6
Password Required - Yes
Maximum Password History - 4
Suppress Password Echo - Yes
Maximum Password Attempts - 8
Password Timeout - 15 Minutes

Security
Disallow Third Party Applications Downloads - No

Dubdub 01-20-2011 07:55 AM

Re: Best Security Practices for a Bank Holding Company
 
Moved to the BES Admin section - probably a better spot for your question.

knottyrope 01-20-2011 10:05 AM

Re: Best Security Practices for a Bank Holding Company
 
Quote:

Originally Posted by KapsBB (Post 1695557)
I work at a bank holding company, so we have many users with very sensitive data on their BlackBerry. I am wondering what would be the best policies and restrictions to implement in order to make sure all the data is secure on the BB especially if it is lost. These are our current security policies in place. We are running BES 5.0.

Password
Password Pattern Checks - Set it so no simple pass like 1234 or qwer can be used.
Maximum Password Age - 30 Days
Maximum Security Timeout - 15 Minutes
Minimum Password Length - 6
Password Required - Yes
Maximum Password History - 4
Suppress Password Echo - Yes
Maximum Password Attempts - 8
Password Timeout - 15 Minutes

Security
Disallow Third Party Applications Downloads - yes

Just how sensative is it?

also might want to make sure they cant forward an email to another account as well.

maybe even disbale BBM or at least set a peer to peer encryption key so only BES users to BES users can BBM.

KapsBB 01-20-2011 10:40 AM

Re: Best Security Practices for a Bank Holding Company
 
Quote:

Originally Posted by knottyrope (Post 1695602)
Just how sensative is it?

also might want to make sure they cant forward an email to another account as well.

maybe even disbale BBM or at least set a peer to peer encryption key so only BES users to BES users can BBM.

Everything is regulated by the Federal Reserve. So it is mostly just making sure there are no incidents so we don't get fined.

I don't think it is necessary to disable forwarding as we can forward in Outlook. It seems to be more about making sure non-employees can't get any information from the device. Not stopping people from communicating with others in the company.

Although there are some groups that must keep all data in case there are legal issues. They aren't even allowed to use BBM.

DarthBBerry 01-20-2011 11:22 AM

Re: Best Security Practices for a Bank Holding Company
 
Password
Password Pattern Checks - No Restrictions
Maximum Password Age - 90 Days
Maximum Security Timeout - 15 Minutes
With sensitive data, you may want to change that to less; like 5 minutes of inactivity.
Minimum Password Length - 6
Password Required - Yes
Maximum Password History - 4
Suppress Password Echo - Yes
This is debatable. If your user can't remember the password, perhaps actually seeing it on the screen will help. (I've had users say they set the password to 1234567654321 when in actuality is is "wersdfzfdsrew". They were looking at the numbers but not using the ALT key.)
Maximum Password Attempts - 8
If the end user can't remember their password after 6 attempts, they sure as heck ain't gonna get it at 8. My policy is set to 6.
Password Timeout - 15 Minutes

I also recommend that you put a Forbidden Password policy in place. 911 is a no-no in my environment. If you happen to have 911 in part of your password, your device may call 911 Emergency.

Security
Disallow Third Party Applications Downloads - No
You may be opening up for some strange 3rd party apps on devices. I've seen some really bizarre things make an OS go "POOF."

You may want to add:
User Can Change Timeout: No
Content Protection Strength: Strong
External File System Encryption Level: Encrypt to User Password (including multi-media directories)

Some type of password/encryption requirement for Bluetooth if allowed. Otherwise, disable it completely.
Same goes for Smart Card Readers.


KapsBB 01-20-2011 12:37 PM

Re: Best Security Practices for a Bank Holding Company
 
Quote:

Originally Posted by DarthBBerry (Post 1695625)
Password
Password Pattern Checks - No Restrictions
Maximum Password Age - 90 Days
Maximum Security Timeout - 15 Minutes
With sensitive data, you may want to change that to less; like 5 minutes of inactivity.
Minimum Password Length - 6
Password Required - Yes
Maximum Password History - 4
Suppress Password Echo - Yes
This is debatable. If your user can't remember the password, perhaps actually seeing it on the screen will help. (I've had users say they set the password to 1234567654321 when in actuality is is "wersdfzfdsrew". They were looking at the numbers but not using the ALT key.)
Maximum Password Attempts - 8
If the end user can't remember their password after 6 attempts, they sure as heck ain't gonna get it at 8. My policy is set to 6.
Password Timeout - 15 Minutes

I also recommend that you put a Forbidden Password policy in place. 911 is a no-no in my environment. If you happen to have 911 in part of your password, your device may call 911 Emergency.

Security
Disallow Third Party Applications Downloads - No
You may be opening up for some strange 3rd party apps on devices. I've seen some really bizarre things make an OS go "POOF."

You may want to add:
User Can Change Timeout: No
Content Protection Strength: Strong
External File System Encryption Level: Encrypt to User Password (including multi-media directories)

Some type of password/encryption requirement for Bluetooth if allowed. Otherwise, disable it completely.
Same goes for Smart Card Readers.


Thanks! That is some good information.


All times are GMT -5. The time now is 01:18 PM.

Powered by vBulletin® Version 3.6.12
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.