Digital technology can be an efficient and powerful tool for communicating with your clients. It can also be a risky place if you don’t take precautions to protect your clients’ privacy and security.
Here are 11 things financial advisors should be doing to protect the security of the people they advise and serve:
1. Always use strong pass phrases instead of weak passwords.
People are often the weakest link in protecting data because they choose weak passwords. Strong passwords use more characters and mix letters, numbers, symbols and varying case. Strong pass phrases are even better because they are memorable for you, but hard to guess. Consider using a password manager program for managing multiple strong passwords and pass phrases.
2. Avoid sending private client information via public email.
Email is not secure. The content of messages sent over the public Internet email can be intercepted and viewed. Never send account passwords via email. Nor should you send PDF files with personal information, such as your client’s health history, financial statements, product applications, or KYC forms.
3. If you must send private information via email, encrypt it with a prearranged passphrase known only to you and the recipient.
Many document formats such as PDFs, Word documents and spreadsheets now have password protection features that allow you to secure the contents of the files for public email transfer. Make sure to communicate any password or passphrase to the recipient via a more secure channel such as a text message or a simple phone call.
4. Avoid storing private client data on mobile devices that can be lost or stolen.
Mobile devices can include notebook computers, tablets/iPads, smartphones, USB thumb drives and external hard drives. If a mobile device is lost or stolen, then the data it contains becomes vulnerable. You can configure your smartphones to allow remote wiping, so in the event it goes missing you can remotely delete its contents. For notebooks and other portable storage media, consider storing data in encrypted files. If you must store confidential data on a laptop or other portable device, always keep the device secured and if you must leave it in your car, leave it securely locked in the trunk. Note: Deleting files from some storage media does not remove them permanently. In order to permanently delete private data, you must reformat the storage media.
5. Never leave your computer unattended and unsecured.
Set a strong password or passphrase to access your computer. And make sure to physically secure your notebook or tablet in a locked cabinet or desk. For more information on prevention of security breaches, see the Treasury Board of Canada’s suggestions for the management of information technology security.
6. Only use web-based services that employ secure socket layer (SSL) encryption for entering, communicating or storing client data.
Websites employing SSL encryption have URLs that start with “https”, not just “http”. This security protocol protects data transmission between your computer and the website you are using. However, it doesn’t protect data stored on the remote computer.
7. Encrypt any files or documents you store on a cloud-based server with a passphrase known only to you.
If you are storing client documents containing personal or private information in the cloud, you should encrypt the files with a strong pass phrase. Even simple password protection of PDFs and Word files is considerably more secure than none.
8. Install anti-virus and anti-spyware software and keep the definitions up to date.
Computer viruses are programs designed to install themselves on your computer without your consent and spread across networks. Spyware programs can be installed on your computer and can track what you are doing on your system, including tracking the data you enter. Keep any security program subscriptions up-to-date as new threats are appearing all the time.
9. Update your software regularly to patch security holes.
All software is human-created and people can make mistakes when programming. Ensuring you’re using the most up-to-date software is one of the best ways to protect against any unintentional and known vulnerabilities.
10. Do not transmit private client information when you are using a free wifi service.
Free wifi at coffee shops and other businesses is increasingly popular and very convenient, but not a secure environment. Virtual private network (VPN) services allow you to secure your smartphone, tablet and/or notebook connection in these settings.
11. Beware of phishing scams and help your clients to do so as well.
“Phishing” refers to the spoofing of a legitimate email or server identities in order to trick people into providing their private data. Educate yourself and your clients about phishing scams such as the recent FATCA scams. Establish and communicate clear guidelines for your clients in order to ensure they know that you will never ask them to provide any account information via email.
Even if you are not applying all of these suggestions to your current procedures, applying any one of them will increase the level of protection for your clients’ security.