We read about all the large data lapses in the news—credit card info for thousands of TJ Maxx customers stolen, Countrywide losing mortgage application data for thousands of people, etc. Unless you’ve actually been a victim or know one, it sounds scary—but a rather distant problem. The issue hits closer to advisors when a brand-name financial services company loses a disk or suffers a data hijacking.
On a much more personal scale, however, what would a data leak do to your practice? If a hacker breaks into your data files or if you lose a laptop at the airport (where over 10,000 laptops are lost or stolen each week, according to the Ponemon Institute), it wouldn’t be just the local police or FBI that would be notified. Every current or former client who had one single bit of data in your files would need to be contacted and alerted to what happened.
All of the work you invested in relationships to build trust could be jeopardized by a hacker breaking into your files—or someone in your firm leaving a laptop unattended for a minute while using the free Wi-Fi at Starbucks.
While trust is the heart of client relationships, for those who work with high-net-worth and ultra-high-net-worth clients, the stakes are even greater and that trust even harder to earn given that the complexity of the wealth holdings can have implications for extended family members, multiple generations, and even partners and employees if a business is on the list of assets.
When an advisor participates in an advanced planning team, all members must earn the trust of each other—and the client. If one member does something to have others question his trust, the reputation of the whole team is an issue—especially in the eyes of the client. When it comes to protecting the personal information of clients, even a small lapse or loss can force hundreds of clients to question their relationship with the advisor.
Data At Risk
The threats to client data come in many guises, according to Perimeter, a security consultant. Hackers breaking into data systems are the leading cause of incidents in the financial services industry, as well as the reasons that most records are compromised.
If you’re an independent with only a couple of employees, don’t assume that hackers aren’t interested in your data. They are always on the hunt and can feed 24/7. They don’t necessarily go after specific machines, they just scan hundreds or thousands of machines automatically, looking for a way past the safeguards.
“The Internet today is like a walk through a vineyard, with the attackers stopping here and there to pick a grape at their leisure,” Sun Microsystems’ Security Chief Brad Powell has stated. “The feast is seemingly never-ending.”
Even if you follow top level security guidelines, your clients could be at risk from other businesses that have access to their personal information. In the event of exposure, you could be pulled in to help with remedial efforts.
The types of private personal information lapses include:
Hacker directly gains access to your office computer system. A Malaysian hacker was indicted in November for breaking into the Federal Reserve Bank’s computer network and taking more than 400,000 credit and debit card numbers. When he was arrested at JFK airport by Secret Services agents, they seized his laptop, which was “heavily encrypted,” a security step highly recommended to prevent easy access by an unauthorized person.
Computers infected by malware, malicious software typically installed from an e-mail or a downloaded file with hidden computer code that’s designed to secretly capture data and send it to a criminal. In early December, a laptop at the Pentagon Federal Credit Union became infected with malware, which allowed unauthorized access to a database with Social Security, account, credit and debit card numbers, and more. In another case, a major insurance company discovered that the login credentials for an independent sales professional were being used by an unauthorized person. The Secret Service investigated and concluded that the person used keylogger software, which secretly hides on a computer and records every key stroke and sends the record over the Internet to the criminal.