5 Rules for protecting client data
With cybertheft rampant these days and regulators keeping watch, financial advisors must be sure that clients’ information is secure.
In April, the SEC issued a risk alert notifying advisors that it will be looking at assessing advisor cybersecurity preparedness.
The SEC initiative will cover the following: “The entity’s cybersecurity governance, identification and assessment of cybersecurity risks, protection of networks and information, risks associated with remote customer access and transfer requests, risks associated with vendors and other third parties, detection of unauthorized activity, and experiences with certain cybersecurity threats.”
Here are five precautions that advisors can take to better protect sensitive client data:
1. ENCRYPT EMAILS
Encrypt emails with sensitive data. In some states, this is the law.
2. UPDATE DEVICES
Properly maintain and update all electronic devices to reduce the risk of infection or intrusion. Kip Gregory, a principal at the Gregory Group, a Washington-based consulting firm that works with advisors, suggests that they alert clients to free security programs such as Malwarebytes and Microsoft Security Essentials, and when traveling use an aircard–sometimes referred to as a personal “hotspot”–that can offer private Wi-Fi access to the Internet.
Most smartphones allow the ability to access the Internet more securely, Gregory says. “You don’t ever want to use public Wi-Fi,” he says. “It opens you up to potential asset intrusion.
3. REVIEW PASSWORDS
Frequently change passwords and make them long and hard to guess to reduce the risk that an intruder may gain access. Also, don’t store lists of passwords on a computer or in a non-secure location. “A unique, strong and frequently changed password ensures the best frontline defense against unwanted intruders,” says William Hines, communications technology manager at Portland, Ore.-based FolioMetrix, an investment advisor.
As a warning of what can happen if a business isn’t password-protected, David Schneider, a principal at Schneider Wealth Strategies in New York, cites the recent cases of hackers gaining access to large databases of passwords at retailers Home Depot and Target.
4. SECURE PHYSICAL DOCUMENTS
Don’t leave confidential information sitting around the office. “We all want to believe that our employees, cleaning crew and other office visitors are honest and ethical; some aren’t,” says Schneider, who suggests locking up any paper files with client data when not in use.
5. BACK UP DATA
Have a comprehensive, dependable backup system in place. Enterprise cloud file storage services can make securely archiving and storing data relatively easy, Hines says. The company’s files can then be organized according to the desired data structure and maintained and automatically backed up through the cloud.
Because they are on the front line and help clients handle sensitive information, advisors are in a unique position to help protect clients’ data. Having a better-safe-than-sorry policy about verifying the validity of any requests for wire transfers can add another level of security and reassurance for both clients and advisors, Schneider says.
Bruce W. Fraser is a financial writer in New York who contributes to Financial Planning magazine. He can be reached at email@example.com.