Getting hacked is one of the most feared outcomes for anybody who is doing business on or through the Internet. The bad news is there are always people trying to hack systems and get access to sensitive, private or confidential data. The good news is that the tips a financial advisor should follow to safeguard sensitive client information are well documented and easy to accomplish.
Here are a few important tips that every financial advisor should be following:
Email is both friend and foe
- Don’t open attachments from anybody not intimately known or attachments that seem odd
- Even if the person is known, screen it with antivirus before opening
- If sensitive data has to be transmitted in email, either obfuscate or encrypt the data
Backup data frequently so a system can be wiped clean to “start over” quickly
- Backup the data to a separate device
Use encrypted file storage devices or technology so that even if a hack is successful the data is protected
Consider using secure cloud based storage instead of local system storage.
- Allow regular system OS and software updates and patches
- Use antivirus that scans emails and Internet URLs and looks for malware
- Use unique passwords and change them regularly
When dealing with an advisor or other professionals that have access to sensitive information, there are a few basic questions you can ask that will determine if there are any red flags:
- Does the advisor share their work system or resources with other businesses or family?
- Are they using current systems and applications or outdated or unsupported services?
- Do they use public Wi-Fi Internet as part of doing work?
- Do they access client data remotely, if so, how is the data protected?
Brad Johnson is Vice President of SystemExperts Corporation and has been a leader of the company since 1995. He has participated in seminal industry initiatives including the Open Software Foundation (OSF), X/Open, the IETF, and has published many articles on open systems, Internet security, security architecture, ethical hacking and web application security.