Advisers: Protecting information is part of your job

Make sure you and your staff employ good information protection practices, and make sure your clients are part of the effort.
OCT 17, 2013
By  dobrien
Financial advisers have a fiduciary duty to do what is in our client's best interest, always, which includes maintaining confidentiality at all times. This extends to protecting our client's identity, a function that is increasingly complicated as advisers and clients rely on an expanding range of technology tools. I encourage my clients to incorporate best practices for protecting sensitive data, too. Information protection is a team effort. Here are some important components of a well rounded approach: Physical security Information protection starts here. The best technology solution isn't worth much if hard copy files are left on your desk overnight or in a file folder left accidentally at a restaurant or cab. The same is true for computers, tablets and phones -- lock them down with a password-protected screen lock when unattended for even a short time. Passwords How many of our clients use the same password for every website -- from Craigslist to their account access? What about you and your staff? There are many good password vault tools on the market, such as 1Password, that will generate strong, lengthy passwords and synchronize across all of your devices. It is very important to make sure the password to open your vault is easy for you to remember, uses upper and lower case letters, numbers and special characters and is at least 14 characters long. Make sure you change this frequently and also change your passwords for all important user IDs, and don't use the same password for multiple websites and tools. Portability iPads and other portable devices are not less secure than hard copy files (it's very much the opposite). I have been challenged by a number of colleagues about using an iPad when meeting with a client away from my office. The concern is generally about having client data on the device. Sure, if I left my iPad in a public place it could be stolen. I am sure I would notice that I lost it, and could remotely wipe it clean and render it useless, all from my iPhone, MacBook Air or iMac. If a crook tried to access information before I had it self-destruct, they would have to crack a passcode to gain access to the device, then the user ID and passcode to access my business information. I would argue that the stolen manilla folder containing client information is far easier for the thief to access. The Cloud Keeping your client and other business information in reputable cloud-hosted tools conveys better security than keeping it on the server in your office, or worse, on your desktop or laptop computer. Some steps when moving to the cloud include making sure you obtain your cloud-hosted tool suppliers' privacy and disaster recovery policies annually, and make sure you read them. Who owns the information, and what happens to it when you part ways? Readers wary of cloud-hosted solutions should consider the measures best-of-breed technology firms employ: 256-bit SSL encryption (currently referred to as "bank-grade"), highly secure, multiple and redundant physical facilities with "high availability" (over 99.9% uptime) and protocols to make sure neither employees nor hackers can access your data. Is it perfect? Probably not, but can you say that your office or laptop offer all of that? Remote Access There is a healthy concern about accessing client information away from the office, especially while traveling, because a thief might gain access. That's why using public WiFi isn't a great idea. Mobile networks probably offer a more secure level of access, and using a VPN, or virtual private network, like StrongVPN or those available from Verizon and AT&T, allows you to access your data through a secure connection no matter where you have Internet access. Note, though, that while traveling in certain countries, you may not want to take your work with you, even if you use a VPN. Email & sharing files I received an email from a bank recently with my client's full name and account number as the subject line. When I (immediately) called the sender to find out what they were thinking, they were surprised I accused them of doing anything wrong. I'm sure that person also attaches files to emails with client social security numbers and other sensitive information, or shares the same on flash drives or CDs. Let's hope everyone reading this knows never, ever include client information in an email. When sharing a file, send a password-protected link to the recipient. I use SafeSync for Business and can easily share a file or folder with a recipient, provide a unique password, make the link expire and even set the link for one-time use. E-Delivery Clients should find electronic delivery of account statements to be a great benefit -- less mail, free online storage and one more way to prevent identity fraud. I hope that most advisers are encouraging their clients to embrace this approach, and request e-delivery for all financial correspondence and e-bill payment for recurring bills. An FBI agent once told me that identity fraud targeting mailboxes was so easy that"a red flag on the mailbox means a green light to identity thieves". Bottom line: make sure you and your staff employ good information protection practices, and make sure your clients are part of the effort. What do you think? What are some ways you are helping clients stay protected? Have any horror stories? Dave O'Brien, CFP® is a NAPFA-Registered Financial Advisor in Richmond, Virginia and owner of O'Brien Financial Planning, Inc., a Fee-Only Registered Investment Adviser. Prior to launching his firm in 2006, Dave spent 18 years at GE where he managed information technology and operations teams in several industries.

Latest News

Vanguard scores strategic wins with latest fee cuts
Vanguard scores strategic wins with latest fee cuts

The Pennsylvania-based fund giant stands to gain ground against rivals such as BlackRock while earning more goodwill from retail investors.

Duke’s Cam Harvey pegs cost of portfolio rebalancing at $16B
Duke’s Cam Harvey pegs cost of portfolio rebalancing at $16B

Research finds mechanical shifts in exposures have given an edge to hedge funds and other speculators, leading to steep costs for pension funds.

Empower extends health services for retirement plan clients
Empower extends health services for retirement plan clients

With a new suite of health and benefit services, the company has moved well beyond its beginnings as a retirement plan record keeper.

Altfest's president explains how advisors can use AI to their advantage
Altfest's president explains how advisors can use AI to their advantage

Using AI for tax and estate planning will enable advisors to spend more time with clients, Andrew Altfest says.

Mess with pay, and advisors walk
Mess with pay, and advisors walk

UBS is looking to boost the firm’s bottom line even as some financial advisors search for greener pastures.

SPONSORED Taylor Matthews on what's behind Farther's rapid growth

From 'no clients' to reshaping wealth management, Farther blends tech and trust to deliver family-office experience at scale.

SPONSORED Why wealth advisors should care about the future of federal tax policy

Blue Vault features expert strategies to harness for maximum client advantage.