For many practices, things quiet down a little between Thanksgiving and New Years. This is an ideal time for you and your operations team to run through a checklist of year end tasks.
These tasks revolve around business continuity and recovery, security (both in office and on the road) and general review of your practice systems.
This Website Is For Financial Professionals Only
Security of Practice Data
Get off on the right foot and head of forthcoming state-level statutes on data security and encryption. Walk through an inventory exercise with your team. If you do not have a technical resource on staff - you may want to bring in a trusted technical resource for this exercise):
- Identify all mobile phones capable of carrying client data - from phone numbers to advanced smart phones carrying detailed records
- Identify all USB storage devices brought into and out of the office by staff (including you!) and don't forget about MP3 players
- Review how computers are backed up and on what media and how that media is stored (external hard drive, tape drive, online backup, etc.)
- Verify your network connections to the Internet (wireless routers, wired routers, etc)
With this information in hand - go through these steps.
- Insure all mobile phones have a startup or unlock password to access and use information stored on them.
- Consider a service like SmrtGuard - which can backup, find and destroy data stored on Android and Blackberry devices (if you use iPhones, Palm Pre or select Windows Mobile phones - they come with similar services)
- Have folks using MP3 players manage their music and audio/video from a personal computer and not plug them into work computers. Please don't stop enjoying the music at work - just separate these devices from work systems!
- Only purchase and use external USB devices with built in encryption tools - thus the loss of a portable thumb drive does not necessarily mean you have had a data disclosure event (check with your attorney on that). Example devices include Kanguru Flash Drives and Kingston Secure Flash Drives.
- Verify either yourself or via your provider or technician - that your data backups are securely stored as well as confirm the backup integrity by testing a recovery of data.
- Have a qualified technician review your network security and insure your security is solid. This includes both wired and wireless connections to the Internet and your local network of systems.
- Lastly - please make certain you have a software security suite installed on each business computer AND that they are configured to auto update as needed.
As a follow up to these exercises - you can also reach out to your service providers for affirmations (or updates) on their data security and encryption practices for their product(s). Additionally, consult with your compliance and/or legal counsel to determine if you need to specifically reference these updates in a policy affirming your new security practices.