In a world where each week seems to bring news of more and more data breaches, consumers are more protective of their private information than ever before. Data security and cybersecurity are some of the top concerns with consumers today. As a financial professional, you have access to some of the most sensitive information in your clients’ lives, and you have a responsibility to keep their data safe and private. But what are the best ways to protect client data?
Understanding Cybersecurity
Cybersecurity is known as the defense against cybercrimes, of which there are many different types. Phishing, viruses, and data breaches are all types of cybercrimes. Small businesses are popular targets for cybercriminals, especially when it comes to credit card information. As an entrepreneur and financial professional, cybersecurity should be one of your top priorities.
Taking Steps Toward Cybersecurity
When it comes to protecting your clients’ data, there are many steps you can take.
1. Only collect necessary information.
One of the first and easiest steps you can take is not collecting data you don’t need. Before you ask a client or prospect for a particular piece of information, ask yourself:
- Why you need it
- What you will do with it
- Whether it’s necessary
The less information you have, the less information will be potentially exposed in the event of a breach. Consumers today are used to forking over all sorts of personal information. It’s important that you only ask for what is strictly necessary, and if you can effectively do your job without it, consider leaving it off of forms and paperwork. This also applies to data you may have already collected – once you no longer need it, destroy it effectively and efficiently. Consider a third-party shredding company to burn sensitive paper information and wiping hard drives on electronics after use.
2. Limit who has access to sensitive information.
Not everyone in your office needs access to all the information you collect. Things like full names, phone numbers, and email addresses are okay, but your administrative assistant or your marketing expert likely do not need your clients’ Social Security numbers. By limiting how many people can access data, you limit the potential weak spots where breaches can occur. Consider implementing a “clean desk policy” so client information isn’t left unattended. Screen any additional help or services utilized in your office; for example, use a bonded and insured cleaning professional.
3. Use smart passwords.
Client information – and important business information – should be password protected. When you set up these passwords, be sure to observe password best practices. Before you share access, keep in mind tip #2.
4. Use software protection like firewalls and encryption.
Using a firewall adds a “barrier” between incoming and outgoing traffic. They filter traffic to help you protect internal communications and data. Encryption protects information by scrambling or decoding messages so they cannot be read by unauthorized parties.
5. Regularly update your security systems.
If you’re using antivirus or other cybersecurity systems, make sure you stay on top of updates. Updates can remove outdated features and patch holes – like the one that lead to the Equifax breach in 2017.
6. Have a contingency plan.
Sometimes even the best laid plans fail. If you do experience a data breach or other security issue, you need to have a backup plan. A cybersecurity insurance policy might provide assistance in the event of a breach, hack, or attack so you can minimize the damage as much as possible. Create a firm response plan to know what actions you need to take before you need to take them, so if disaster does strike, you don’t waste time wondering how to fix it.
One of the most important steps of your contingency plan is when and how you will alert your clients. If a breach exposes sensitive information –– you should let them know as soon as possible. Each state has guidelines on reporting timelines, so be sure to adhere to their requirements. You could make a formal, public statement if you like, or you could reach out directly to the affected clients. If you have a smaller practice, direct communication may be better. Your clients will appreciate the personal, honest message.
How you handle a security breach can make a huge difference for your business moving forward. Data breaches are bad and can lead to lost business – but covering it up is often worse.
If this all seems overwhelming, don’t worry. The SEC has created cybersecurity guidelines specifically for financial advisors to use to help protect their practices. Reviewing these guidelines and creating a cybersecurity checklist are excellent first steps to take toward protecting your practice.
1043844-1220