Three Data Security Best Practices For Financial Advisors

 

Security Policies. Advisors must have written security policies signed by employees annually. Policies will include minimum password complexity that your firm will use, whether employees can log in to your network or web-based apps with their own devices,  prohibiting employees from looking at porn and social media sites that often are used to pass viruses, trojans, and other malware, and procedures to be followed when employees are terminated. Brian Edelman, a blogger on A4A and owner of Financial Computer Services, provided a sample security policy document to advisors that advisors can use as a template. (It’s available to A4A members in the "Rewards" section of your profile if you have paid the $60 annual fee for full access to our content.)
 
Buy A Password Manager. Roboform, LastPass and 1Password are good choices of password managers. Passwords managers protect against key loggers, which are malware programs that track every keystroke you make. When you use a password manager, you’re not keying in your passwords or your user names. They’re filled in for you without keystrokes. And that’s only one thing these programs do.
 
I have about accumulated about 200 passwords to different sites in Roboform over the last 14 years or so that I’ve used the program. How could I possibly remember all of them? Most people use one or two passwords for all their secure sites. That’s just not smart for a fiduciary who’s reposnible for protecting client data.
 
When you use a password manager, not only do they remember all your passwords but they also remember the URL of the site where the password must be entered. So you don’t have to key in the password. Just point and click to a password on a list in the password manager. Again, that defeats key loggers. In addition, all the passwords are encrypted on your computer and can be stored in the cloud by these password manager apps. That’s good because you can synch your passwords with your mobile devices easily.
 
To use any of your passwords, you must submit your “master” password. Roboform actually lets you use your fingerprint reader instead of inputting your master password. These apps also have virtual keyboards for inputting your master password, so you’re inputting your master password using keystrokes that a key logger will pick up. These programs will also generate strong passwords for you.
 
WPA2 Encryption For Wireless Networks. If you’re not using any encryption security on your WiFi access point (or router), you’re just asking to be hacked.  Anyone can drive up to your office and join your network.  
 
All of your wireless access points should be secured and if your devices support it, you should always use WPA2 encryotion. WEP is an older technology and can be cracked in minutes. Although WEP is better than nothing, you should avoid using WEP.  WPA is a much better option, but was it only created as an interim solution until the finalization of the WPA2 standard was released. 
 
Some older devices may only support WEP and WPA and in that case. See if you cold update the devices or get rid of them. WPA2 is the best choice for wireless security as it includes the robust AES encryption algorithm. As always, a strong password is critical.  A weak password can be cracked with software in as little as 1 minute no matter what wireless security you use.
 
These security tips were complied by me with the help of security experts, Brian Edelman of Financial Computer Services and Jason Fogelson, IT Manager at Advisor Products.I am indebted to them and other security experts who provided me with best practices for advisor data security. 
 
Brian Edelman and Andy Gluck will be hosting a webinar for A4A members Friday, Feb. 8 at 4 ET on Security Best Practices For Advisors.

 

This Website Is For Financial Professionals Only