In a world where each week seems to bring news of more and more data breaches, consumers’ concern for the protection of their private information is higher than ever before. Data security and cybersecurity are some of the top concerns with consumers. As a financial professional, you have access to some of the most sensitive information in your clients’ lives, and you have a responsibility to keep their data safe and private. But what are the best ways to protect client data?
Understanding Cybersecurity
Cybersecurity is the defense of software and technology against cybercrimes such as phishing, viruses, and data breaches. Small businesses are popular targets for cybercriminals, especially when it comes to credit card and banking information. As an entrepreneur and financial professional, cybersecurity should be one of your top priorities.
Improving Your Cybersecurity
When it comes to protecting your clients’ data, there are many actions that can help guard your practice and your clients’ information from would-be security risks.
1. Only collect necessary information
One of the first and easiest steps you can take is not collecting data you don’t need. Before you ask a client or prospect for a particular piece of information, ask yourself:
- Why do I need this?
- What will I do with it?
- Is it necessary to collect this information?
The less information you have, the less information can be potentially exposed in the event of a breach. Consumers today are used to forking over all sorts of personal information. It’s important that you only ask for what is strictly necessary, and, if you can effectively do your job without it, consider leaving it off of forms and paperwork. This also applies to data you may have already collected – once you no longer need it, destroy it effectively and efficiently. Consider a third-party shredding company to burn sensitive paper information and wiping hard drives on electronics after use. You could even host a shred event so your clients know for a fact that their info has been safely destroyed!
2. Limit who has access to sensitive information
Not everyone in your office needs access to all the information you collect. Information like full names, phone numbers, and email addresses are fine, but your administrative assistant or your marketing expert likely don’t need your clients’ Social Security numbers. By limiting how many people can access data, you limit the potential weak spots where breaches can occur.
Consider implementing a “clean desk policy” so client information isn’t left unattended. Screen any additional help or services utilized in your office; for example, use a bonded and insured cleaning professional.
3. Use smart passwords
Client information – and important business information – should be password protected. When you set up these passwords, be sure to observe password best practices.
4. Use cybersecurity protection like firewalls and encryption
Using a firewall adds a “barrier” between incoming and outgoing traffic, filtering data to help you protect internal communications. Encryption protects information by scrambling or decoding messages so they cannot be read by unauthorized parties.
5. Regularly update your security systems
If you’re using antivirus or other cybersecurity systems, make sure you stay on top of updates. Updates can remove outdated features and patch holes – like the one that led to the Equifax breach in 2017.
6. Have a contingency plan
Sometimes even the best laid plans fail. If you do experience a data breach or other security issue, you need to have a backup plan. A cybersecurity insurance policy might provide assistance in the event of a breach, hack, or attack so you can minimize the damage. Create a firm response plan to know what actions you need to take before you need to take them. If disaster does strike, every moment is critical, and you don’t want to waste time wondering how to fix it.
One of the most important steps of your contingency plan is when and how you will alert your clients. If a breach exposes sensitive information, you should let them know as soon as possible. Each state has guidelines on reporting timelines, so be sure to adhere to their requirements. You could make a formal, public statement if you like, or you could reach out directly to the affected clients. If you have a smaller practice, direct communication may be better. Your clients will appreciate the personal, honest message.
How you handle a security breach can make a huge difference for your business moving forward. Data breaches are bad and can lead to lost business – but covering it up is often worse.
If this all seems overwhelming, don’t worry. The SEC has several cybersecurity resources specifically for financial advisors to use to help protect their practices. Reviewing these resources and creating a cybersecurity checklist are excellent first steps to take toward protecting your practice.
1043844-1220
