With the recent GDPR (General Data Protection Regulation) rules going into effect on May 25th, 2018, many business owners are asking themselves whether they’re compliant. Of course, for financial advisors here in the United States, the GDPR isn’t something to be overly concerned with. Unless you do business with EU citizens, it doesn’t apply to you at all. However, the GDPR has sparked a valuable conversation around client privacy – and what advisors can do to improve.
Cybersecurity is a necessary part of our business climate today, but it’s especially critical for financial advisors. When you’re charged with not only protecting your own data but that of your business and the personal finance data of your clients, you need to make sure you have an airtight game plan. A data breach for you could potentially be catastrophic for both you and the clients you’re serving.
So, what can you do to up your security game? And what tools should you be using?
Use SSL for Your Website
Wondering what SSL is? A Secure Sockets Layer is a method for establishing an encrypted link between your web server and a user’s browser. You may know of it as the difference between http:// and https://. An SSL certificate ensures that any data transmitted to users on your site (including clients) is kept safe.
Implement Strong, Individual Passwords (And Store Them)
We all know the importance of having strong passwords. But a lot of us fall down in this department. “Change them [passwords] frequently, use a password manager, use long, meaningful sentences, and do not duplicate,” says Chris Moschovitis, author of Cybersecurity Program Development for Business.
Even if we have surprisingly strong passwords, we often use the same one for multiple logins. To avoid this, why not have a password generator do the work? The password will be comprised of a random set of numbers, figures, and letters – and the best part? Some password generators, like LastPass, also store your passwords for you. This ensures that you’ll have unique, safe passwords and you won’t forget them perpetually.
We also love LastPass’s “Security Challenge” feature. Once you begin to generate and save your passwords into the system, run the Security Challenge to quickly see if you have any weak or duplicate passwords. We recommend you run this process once every 1-3 months.
Think About How You Store Your Files
How do you store your files? While it’s tempting to use a service like Google Drive for all client files, there are better ways to keep your data safe. Storing your documents and files in a secure, cloud-based file manager is key. In general, Dropbox is an ideal system to use. Dropbox encrypts your files before synchronizing and uploading them to your individual “Dropbox” making them significantly harder for hackers to access, as they’d need your unique encryption key to do so.
Some advisors go one step further and encrypt the files on their hard drive before uploading to Dropbox by using tools such as Boxcryptor. This adds another level of security and privacy; however, a word of caution. Should you lose the encryption key for your files, you will lose the ability to access your files all together.
Don’t Ignore Backups and Updates
As an advisor, you can’t afford to lose your data. By backing up specific folders on your hard drive, you essentially make a copy of the files to be stored somewhere else in case something happens to your computer. Although backups may be part of your regularly scheduled programming as a financial advisor, it’s important to take it a step further and test your data backups once every 30 days. If you can’t recover your data, it’s time to find a new system.
At New Heights Solutions, we use a program called iDrive to automatically copy files from our computers to servers in the cloud. This process runs overnight and catches any new files we’ve saved. We barely even notice!
You also need to be paying attention to software, application, and computer updates. Many of these updates contain fixes to bugs that could expose your personal data, passwords, and more. “Your firewall, anti-virus, and anti-malware needs to be up to date on all devices,” says Moschovitis. So, update regularly or when your computer prompts you!
Use a VPN While On WiFi
A VPN helps encrypt any data you transmit online while using WiFi. This includes public WiFi, which makes it possible to work anywhere while still staying protected. VPNs shield your information from hackers and malware, and act as a separate, direct line to the internet no matter where you are and what internet source you’re using. Some VPN services, like NordVPN, also allow you to protect your mobile devices.
Encryption is a process where your regular, readable data is converted to a coded, secure data. It can only be decoded using a decryption key. Earlier, we briefly discussed encrypting documents, but you should also use encryption for email, especially when sending sensitive data to your clients or other advisors (including CPAs and attorneys!) Erado offers email encryption that is also compliant with other needs – like archiving – for advisors.
Pay Attention to the Basics
Some cybersecurity measures you should be taking seem obvious – yet often act as the biggest threat to advisor security. “Do not click any links you don’t know, on any device. Ever.” Chris Moschovitis continues, “And always verify communications with clients. Think like you’re in the X-Files: Always verify. Always call back.”
Moschovitis also suggests that you “segregate” when using personal and corporate technology, passwords, software, etc. There should be no cross-over between your personal data and corporate data – including on social media.
Finally, Moschovitis says, “Understand that cybersecurity is a shared responsibility! Clients need to buy into additional security measures and accept the “inconvenience” of two-factor authentication, phone verification, and more.”
If you’re feeling overwhelmed by the idea of updating your cybersecurity practices as a financial advisor, you’re not alone. It feels like there is a new data breach at a major company or organization every week – and if they can’t get it right, how can you? Unfortunately, improved tactics being used by cybercriminals make the job of creating a secure business difficult. But that’s not a reason to take your hands off the wheel.
With these simple steps, you’re already putting yourself in an incredibly secure position as an advisor. As you continue to increase your practice’s security, feel free to reach out to a professional and ask questions. Whether you contact a virtual assistant with experience creating a security plan for financial planning practices, or you connect directly with a cybersecurity expert, the more information you can gather, the better!