Cybersecurity is more about your risk tolerance.
Your clients’ personal information is the currency of the digital world. Everything runs on data. Companies like Amazon, Facebook, and Google thrive because of the data you allow them to collect, both by consent and unknowingly through your interactions. That’s why it’s important to follow these cybersecurity tips for protecting client data.
Recent events prove that even the largest companies are vulnerable to a data breach. In 2018, Marriott revealed that a hacker had unauthorized access to the records of 500 million guests. Equifax, Target, and Yahoo have all suffered intrusions of their networks. If these companies can fall prey to hackers on the dark web, small business owners like financial service professionals are subject to even greater risk.
Related: The Equifax Data Breach…Now What?
Clients understand that advisors need information to provide them with excellent planning solutions. This information ranges from personal information to medical and financial data.
Clients are right to assume financial professionals will prevent their sensitive information from falling into the wrong hands. If you’re transferring client information to a third party for any reason, the burden is on you to keep it safe.
In fact, if your firm accepts client data over the Internet, you’re responsible for protecting it from the moment the client hits “send,” while it’s saved on your network, and until you delete it.
Protecting Client Data is Smart Business
People lose trust in companies that don’t protect their personal data, and untrustworthy companies lose business. Also, businesses are required by state and federal laws to provide certain privacy protections; think CFPB and HIPAA to name a few.
If data is lost through a security breach, companies are subject to penalties and hefty fines. Failing to protect client information could devastate a small business like yours.
Related: Fintech Security
Cybersecurity Tips for Protecting Client Data
There’s no such thing as too much protection, so the best course of action is to develop a multi-layered approach to your business’ security systems.
This would include a comprehensive system of behavioral, software, and hardware solutions. Using this type of system makes accessing client information more difficult, so hackers quickly move on to an easier target. You can take the following steps to safeguard client data and minimize risk to your firm.
1. Awareness and Training
Of course, all of these security measures are only as effective as the employees who use them. All employees must be trained on security procedures and how to correctly use the technologies to protect client data. Everyone should understand how important it is to protect clients’ personal information.
2. No Phishing!
Phishing is a fraudulent attempt to obtain your sensitive information by disguising as a known or trustworthy entity in any form of electronic communication. Phishing and malicious email attachments are the primary cause of data breaches. Educate employees on the warning signs of phishing attempts. If you’re not sure, a simple Google search will reveal the most common “tells”.
3. Update Software to Surf Safely
Phishing attacks will attempt to exploit software vulnerabilities. Keeping all software, including your web browser, up-to-date is the most effective way to combat phishing. Consider running a browser extension called HTTPS Everywhere that verifies the correct URL and security features for every web page. The “s” in “https” indicates it’s secure.
Note: A majority of advisors’ web sites I’ve visited are unsecured. Ask your web hosting service how to fix this!
4. Install Robust Anti-Virus Software
Most anti-virus software has the ability to keep your internet experience, email accounts, and other sensitive information safe. Many anti-virus software can also detect malware, phishing emails and websites.
5. Password Management is Essential
With so many online tools and platforms to use for your business, some may decide to use one password for all logins, but that’s a huge mistake. Also, never use a hardware’s default password like “admin”. It’s a pain, but best practice is to change your passwords every 90 days. For added security, change your user IDs every year. You may find it easier to use a password manager, like LastPass, to create randomized and complex passwords that help protect against phishing attacks.
6. Use Two-Factor Identification
Even with complex passwords, good hackers can still find ways to attack networks and foil account security. For this reason, most large companies, such as Apple, Google, and your bank, offer two-factor authentication (2FA).
2FA works when you sign in with a password and then a code is sent to your phone to verify the login attempt. Turning on 2FA adds an additional layer of security and helps protect your accounts from phishing attacks.
7. Secure Wireless Networks
Since Wi-Fi signals extend outside the office walls, your wireless network is vulnerable to attack. Avoid the older Wired Equivalent Privacy (WEP) protocol because it’s relatively weak and easily defeated.
Make sure your office wireless network is protected by the Wi-Fi Protected Access II (WPA2) protocol and a strong complex password. For added security, give your Wi-Fi network an obscure name that doesn’t identify the business. For instance, don’t call the network “Smith Financial Services”. Instead, call it something random, such as “Blue Suede Shoes”.
8. Use a Firewall to Restrict Incoming Connections
A firewall is either a software-based or hardware-based network security tool that is used to protect against a variety of threats. Most routers come out of the box with a software firewall, but a stand-alone appliance offers greater protection.
A unified threat management appliance (UTM) will handle intrusion detection and prevention, manage the internet gateway, and provide network anti-virus protection. A UTM for a small business starts at around $300. You’ll likely need an IT professional to properly install and configure the device.
Related: Compliance Corner: Cybersecurity
These cybersecurity tips for protecting client data are vital for you to follow. Advisors have an obligation to adequately protect the client data they collect. And it’s a safe bet that security requirements are going to get more stringent over time. Doing it right will not only protect the data, it will help protect your business. Providing data security has now become part of the cost of doing business.