Advisors today have access to more client data than ever before. This includes Social Security numbers, multiple addresses of record, beneficiary information, salary, employment data, net-worth details and tax returns. Recently, new laws and regulations have been promulgated by states and federal authorities that govern how personal data must be handled. How well you safeguard your clients’ valuable data can be either a selling point or a trouble spot for your firm.
Perhaps the device that stores most of your clients’ confidential financial information is a server in your office. Basic safety guidelines should lead you to house the server in a separate room and protect it in a locked server cage. In addition, the data on the server should be encrypted. Many firms use the capabilities inherent with Windows Server 2008 R2 for encrypting data. It is not a difficult process to establish, but I do recommend that you work with your IT consultant on the effort. The most challenging part of this task is making sure that all associates can still access the same files after their server is encrypted. Another important factor to understand is that each time the server is rebooted, the encryption key code (a distinct PIN) must be entered in order to unlock the data on the server. This is how encryption provides additional security in the unfortunate event that your server is stolen.
You should also consider encrypting confidential data stored on any computers used by your firm. Keep in mind that encrypting data on your server does not also encrypt data stored on desktop or laptop computers, even though they may be connected to the server. The best practice is to not store any confidential information on desktops, laptops or mobile devices, especially considering how easy it is for these devices to be stolen. However, if this is unavoidable, the Windows 7 Ultimate version provides encryption capabilities.
There are firms that outsource their technology infrastructure and data storage to firms such as Barracuda, Egnyte or Evault. Essentially, confidential data are stored on servers at the outsourced company’s facilities. These outsource data companies implement sophisticated security systems and policies to protect the data that they maintain on behalf of their clients. However, don’t forget to document on a regular basis (perhaps annually) that they are continuing to meet their obligations and that they have not had any data breaches. Consider sending a simple email to the provider asking these questions and then documenting the response.