Year End Operations Housekeeping

Security of Practice Data

Get off on the right foot and head of forthcoming state-level statutes on data security and encryption. Walk through an inventory exercise with your team. If you do not have a technical resource on staff - you may want to bring in a trusted technical resource for this exercise):

  • Identify all mobile phones capable of carrying client  data - from phone numbers to advanced smart phones carrying detailed records
  • Identify all USB storage devices brought into and out of the office by staff (including you!) and don't forget about MP3 players
  • Review how computers are backed up and on what media and how that media is stored (external hard drive, tape drive, online backup, etc.)
  • Verify your network connections to the Internet (wireless routers, wired routers, etc)

With this information in hand - go through these steps.

  1. Insure all mobile phones have a startup or unlock password to access and use information stored on them.
  2. Consider a service like SmrtGuard - which can backup, find and destroy data stored on Android and Blackberry devices (if you use iPhones, Palm Pre or select Windows Mobile phones - they come with similar services) 
  3. Have folks using MP3 players manage their music and audio/video from a personal computer and not plug them into work computers. Please don't stop enjoying the music at work - just separate these devices from work systems!
  4. Only purchase and use external USB devices with built in encryption tools - thus the loss of a portable thumb drive does not necessarily mean you have had a data disclosure event (check with your attorney on that). Example devices include Kanguru Flash Drives and Kingston Secure Flash Drives.
  5. Verify either yourself or via your provider or technician - that your data backups are securely stored as well as confirm the backup integrity by testing a recovery of data.
  6. Have a qualified technician review your network security and insure your security is solid. This includes both wired and wireless connections to the Internet and your local network of systems. 
  7. Lastly - please make certain you have a software security suite installed on each business computer AND that they are configured to auto update as needed.

As a follow up to these exercises - you can also reach out to your service providers for affirmations (or updates) on their data security and encryption practices for their product(s). Additionally, consult with your compliance and/or legal counsel to determine if you need to specifically reference these updates in a policy affirming your new security practices.

This Website Is For Financial Professionals Only