Advisers: Protecting information is part of your job

Make sure you and your staff employ good information protection practices, and make sure your clients are part of the effort.
OCT 17, 2013
By  dobrien
Financial advisers have a fiduciary duty to do what is in our client's best interest, always, which includes maintaining confidentiality at all times. This extends to protecting our client's identity, a function that is increasingly complicated as advisers and clients rely on an expanding range of technology tools. I encourage my clients to incorporate best practices for protecting sensitive data, too. Information protection is a team effort. Here are some important components of a well rounded approach: Physical security Information protection starts here. The best technology solution isn't worth much if hard copy files are left on your desk overnight or in a file folder left accidentally at a restaurant or cab. The same is true for computers, tablets and phones -- lock them down with a password-protected screen lock when unattended for even a short time. Passwords How many of our clients use the same password for every website -- from Craigslist to their account access? What about you and your staff? There are many good password vault tools on the market, such as 1Password, that will generate strong, lengthy passwords and synchronize across all of your devices. It is very important to make sure the password to open your vault is easy for you to remember, uses upper and lower case letters, numbers and special characters and is at least 14 characters long. Make sure you change this frequently and also change your passwords for all important user IDs, and don't use the same password for multiple websites and tools. Portability iPads and other portable devices are not less secure than hard copy files (it's very much the opposite). I have been challenged by a number of colleagues about using an iPad when meeting with a client away from my office. The concern is generally about having client data on the device. Sure, if I left my iPad in a public place it could be stolen. I am sure I would notice that I lost it, and could remotely wipe it clean and render it useless, all from my iPhone, MacBook Air or iMac. If a crook tried to access information before I had it self-destruct, they would have to crack a passcode to gain access to the device, then the user ID and passcode to access my business information. I would argue that the stolen manilla folder containing client information is far easier for the thief to access. The Cloud Keeping your client and other business information in reputable cloud-hosted tools conveys better security than keeping it on the server in your office, or worse, on your desktop or laptop computer. Some steps when moving to the cloud include making sure you obtain your cloud-hosted tool suppliers' privacy and disaster recovery policies annually, and make sure you read them. Who owns the information, and what happens to it when you part ways? Readers wary of cloud-hosted solutions should consider the measures best-of-breed technology firms employ: 256-bit SSL encryption (currently referred to as "bank-grade"), highly secure, multiple and redundant physical facilities with "high availability" (over 99.9% uptime) and protocols to make sure neither employees nor hackers can access your data. Is it perfect? Probably not, but can you say that your office or laptop offer all of that? Remote Access There is a healthy concern about accessing client information away from the office, especially while traveling, because a thief might gain access. That's why using public WiFi isn't a great idea. Mobile networks probably offer a more secure level of access, and using a VPN, or virtual private network, like StrongVPN or those available from Verizon and AT&T, allows you to access your data through a secure connection no matter where you have Internet access. Note, though, that while traveling in certain countries, you may not want to take your work with you, even if you use a VPN. Email & sharing files I received an email from a bank recently with my client's full name and account number as the subject line. When I (immediately) called the sender to find out what they were thinking, they were surprised I accused them of doing anything wrong. I'm sure that person also attaches files to emails with client social security numbers and other sensitive information, or shares the same on flash drives or CDs. Let's hope everyone reading this knows never, ever include client information in an email. When sharing a file, send a password-protected link to the recipient. I use SafeSync for Business and can easily share a file or folder with a recipient, provide a unique password, make the link expire and even set the link for one-time use. E-Delivery Clients should find electronic delivery of account statements to be a great benefit -- less mail, free online storage and one more way to prevent identity fraud. I hope that most advisers are encouraging their clients to embrace this approach, and request e-delivery for all financial correspondence and e-bill payment for recurring bills. An FBI agent once told me that identity fraud targeting mailboxes was so easy that"a red flag on the mailbox means a green light to identity thieves". Bottom line: make sure you and your staff employ good information protection practices, and make sure your clients are part of the effort. What do you think? What are some ways you are helping clients stay protected? Have any horror stories? Dave O'Brien, CFP® is a NAPFA-Registered Financial Advisor in Richmond, Virginia and owner of O'Brien Financial Planning, Inc., a Fee-Only Registered Investment Adviser. Prior to launching his firm in 2006, Dave spent 18 years at GE where he managed information technology and operations teams in several industries.

Latest News

LPL building out alts, banking services to chase wirehouse advisors, new CEO says
LPL building out alts, banking services to chase wirehouse advisors, new CEO says

New chief executive Rich Steinmeier replaced Dan Arnold on October 1.

Franklin Templeton CEO vows to "do what's right" amid record outflows
Franklin Templeton CEO vows to "do what's right" amid record outflows

The global firm is navigating a crisis of confidence as an SEC and DOJ probe into its Western Asset Management business sparked a historic $37B exodus.

For asset managers, easy experience is key to winning advisors' businesses
For asset managers, easy experience is key to winning advisors' businesses

Beyond returns, asset managers have to elevate their relationship with digital applications and a multichannel strategy, says JD Power.

Why retaining HNW clients ultimately comes down to one basic thing
Why retaining HNW clients ultimately comes down to one basic thing

New survey finds varied levels of loyalty to advisors by generation.

Stocks drop as investors digest Microsoft, Meta earnings
Stocks drop as investors digest Microsoft, Meta earnings

Busy day for results, key data give markets concerns.

SPONSORED Out with the old and in with the new: a 50% private markets portfolio

A great man died recently, but this did not make headlines. In fact, it barely even made the news. Maybe it’s because many have already mourned the departure of his greatest legacy: the 60/40 portfolio.

SPONSORED Destiny Wealth Partners: RIA Team of the Year shares keys to success

Discover the award-winning strategies behind Destiny Wealth Partners' client-centric approach.