Clients must trust their financial advisor for the advisor/client relationship to work. If you’re an advisor, that means handling your clients’ money responsibly, but in this day and age, it also means protecting your clients’ data. The problem is that keeping clients’ data secure isn’t always easy, and best practices are always evolving. Here’s how you can stay up to date on the best ways to protect and securely share data with clients.
What Data Must Advisors Protect?
Before we talk about protecting client data, we first need to take a step back and discuss what sort of data requires protection. Personally Identifiable Information (PII) is information, either sensitive or non-sensitive, that either on its own or in combination with other information, can be used to identify an individual. Social security numbers, driver’s licenses, and financial information are all examples of sensitive PII. Other types of PII are non-sensitive, but when used in conjunction with other data could also identify an individual. Date of birth, zip code, and place of birth are all examples of non-sensitive PII. Ideally, advisors will protect all PII, but sensitive PII is especially important to protect and should only ever be shared securely.
Sharing Files Securely
The nature of the financial advisory business requires the sharing of much PII and other sensitive information. Therefore, one of the hardest parts of protecting client data is figuring out how to send and receive data to and from clients. To make clients more amenable to any additional steps imposed by your cybersecurity policy, instead of framing cybersecurity as a regulatory requirement or a hassle, frame it as another aspect of your excellent customer service – something you want to go above and beyond on because you value securing the data of your clients.
1. End-to-End Encryption
One of the most common ways to protect data is through encryption. To send and receive sensitive information, you need encryption on both ends, which is called end-to-end encryption. This method of sharing data works so well because only the sender and receiver can decrypt the shared information and therefore are the only ones who can view the contents. While end-to-end encryption is a great option, it’s largest drawback has typically been that implementation is required on both ends, meaning that to share information with a client, that client must sign up for the encryption service. While not terribly difficult, this process may prove time consuming for the client.
Presults offers an innovative approach to this obstacle by utilizing a combination of auto-expiring pages and one-time verification codes that don’t require client registration.
2. Cloud Storage
Another option for sharing information with clients securely is through cloud storage. The point of storing documents on the cloud is to keep those documents from being stored on your computer’s hard drive (which is typically more vulnerable). The benefits of cloud storage extend beyond more securely sharing and protecting data. When documents are stored on the cloud you can access them from any device with an internet connection, which allows for easier collaboration on documents and eliminates the risk of losing documents if a specific computer is damaged, lost, or stolen.
3. Client Portal
The final option for securely sharing sensitive data with clients is a client portal. A client portal is a centralized, secure area where clients can login to view communications, reports, invoices, contracts, etc. A client portal is a great option from a customer service perspective since the burden on clients is minimal. The only downside is that not all portals allow for two-way communication, though some do. If you value two-way communication, you’ll therefore want to find an option that includes this offering.
Train Employees on Client Privacy
According to a report by the Financial Planning Association’s Research and Practice Institute, 44% of advisors say they don’t understand the risks and issues of cybersecurity. This is especially concerning considering that while 48% of data breaches were due to malicious or criminal attacks, a full 27% of data breaches were due to human error. Proper training is therefore necessary both to decrease the risk of human error, and to make it harder for hackers to take advantage of weaknesses in your cybersecurity. While education obviously can’t eliminate human error, it can help decrease the chances of it.
The proper training for you and your employees will depend on the various roles of those in the firm. Mandatory training should be required for everyone, which goes over the firm’s procedures for protecting client data. The reason why these procedures are necessary should also be included in the training. How do your procedures help limit the chances of a data breach? What would a data breach mean for the company? What would a data breach mean for the information and assets of clients?
Create a Plan for a Data Breach
No matter what precautions you implement or how well you educate your team, a data breach is still possible, which is why every firm should create a data breach emergency plan. Every plan will be unique, but should include the following:
• Data recovery procedures
• How you will notify clients of the breach
• Procedures for compensating clients impacted by the breach.
For a more personalized plan, work with your IT team or IT consultant. The more quickly you can react to a data breach, the better, both for your firm and for your clients. Becoming aware of the breach quickly, notifying clients immediately, and communicating exactly how you will handle the data breach can help maintain clients’ trust in you and your firm.
Another option that may be worth considering is cybersecurity insurance. Depending on the specific plan, this type of insurance could help you cover costs related to data recovery and compensating clients.
Advisors have a duty to their clients, and that includes doing their best to protect client data. Presults takes protecting client data seriously, which is why its unique software flags emails containing PII and keeps them from being sent out. Unlike most other email archiving systems on the market, which only notify you after PII has been sent out, Presults gives you the ability to proactively protect the valuable data of your clients.