Retirement Planning > Social Security

How Data Security Is Like Personal Hygiene

Your article was successfully shared with the contacts you provided.

How much time do you spend thinking about data security?

Probably not enough, given the cyber-centered world we live in. Attacks on data continue to be in the headlines. In the past several months we have heard about issues at retailers like Target, Neiman Marcus, Michaels and others. What does this have to do with advisors and their technology? At a minimum they remind us that we too store and access sensitive client data. The crooks are not giving up, so let’s review actions that you should take to better protect your firm and your clients.

We must begin with a review of password requirements and best practices. It still amazes me that “123456” and “password” are among the most common passwords, according to SplashData. This is no joke, and I hope those passwords were not used to access financial information and critical business tools. Do you really want to make it extra easy for criminals to guess your login information? More complex passwords (upper and lower case letters, numbers, special characters, etc.) do make a difference in helping protect your information.

I understand that keeping track of all your passwords can be a challenge. Therefore, consider using a password manager program like Dashlane, RoboForm or iCloud Keychain. Remember, it is not a security plan if you simply believe that your login credentials will not be compromised so you figure, “Why bother with complexity?” If this is you, consider the extra work involved and potential loss if your credentials are compromised versus following these best practices to begin with.

Do you know exactly which products and systems store your client data and what kind of data they are storing? Check your in-house data server, desktop and laptop computers used by your staff, mobile and tablet devices, and cloud-based providers to determine exactly what data they store. Then, in the unfortunate event of a breach or theft, you know exactly what data could be compromised. Is it names and addresses, Social Security numbers, birthdates, family relationships? It sounds simple, but all too often a breach occurs and no one knows what was actually stored on the device or system.

How confident are you in the data security practices of the firms that have access to or store your client data? Advisors are using more cloud technology solutions than ever before, including platforms offered by your custodian, CRM, portfolio reporting, financial planning and other solutions. You know that your clients’ data is very valuable, so it is important that the data security practices of these providers are robust, thorough and tested frequently. You are usually the one who selects these providers, which means that in the very unfortunate event of a data security incident, you will have to explain to your clients what risk it presents to them. No system can provide a 100% guarantee that they will never have an incident. However, what really counts is what a company does (and spends) to realize this goal.

Some data security problems relate to employees. An example includes giving a third party your login credentials to financial websites and tools. In doing this, you give up a lot of control and unnecessarily increase your risk. It is understandable that third parties may need access to your data and client accounts in order to provide services to your firm. To meet this request, though, simply give them their own login credentials with access to only the data and tools they need. Many transactional type systems offer view-only access, which is often all that is needed for a third-party provider.

Just like personal hygiene, exercising and getting a good night’s sleep, following data security best practices is a never-ending requirement. I know that this is not the most exciting task. However, I hope staying focused and committed to protecting your client data will prevent a data security incident.