It’s no secret that cybercrime is a top risk in the financial industry. According to the Securities and Exchange Commission, 74% of firms have experienced cyberattacks. Fortunately, there are cybersecurity options that financial advisors can implement to protect their private client information. Here’s what you need to know.
Email Encryption at Transport
Transport Layer Security (TLS) is essential for financial advisors. This security measure works by encrypting data sent over the Internet to ensure that hackers are unable to see what you transmit. This security measure is already a feature of Microsoft Exchange 365, but you can also manually install other software programs to up the ante. Azure Rights Management is one of the popular ways to do so. This free plug-in is proprietary to Microsoft Exchange, so the programs are compatible. For Azure Rights Management to work, simply write the word “Encrypt” into the subject line of your outgoing email.
Email Encryption at Rest
Email at rest refers to any data that isn’t currently in transit. Fortunately for Microsoft 365 users, email encryption at rest is included with the software. To ensure that this service is working for you, use your search bar (on the taskbar) and type “Manage BitLocker” Next, select Turn on BitLocker, and then follow the instructions. The BitLocker 256 technology, created by Microsoft, meets FINRA’s industry standard for strong encryption, defined in FINRA Regulatory Notice 10-59 as “256-bit or higher encryption”.
Laptop encryption helps protect the data on your device so it can only be accessed by authorized users. If you are using Windows, simply go to Update & Security > Device encryption. From here, check that device encryption is turned on. If you are not using Windows PC, McAfee Complete Data Protection may be another potential solution.
For backing up your laptop, look into cloud storage services that offer encrypted cloud storage. You have a few options here including Carbonite, Microsoft OneDrive, and Google Drive.
Anti-Virus & Firewall
Firewall and anti-virus protection are essential and must always be up to date. When new updates are available, it is because updates were made to the anti-virus software to address weaknesses that might otherwise be exploited by cybercriminals. You have two options here: You can either manually update the software so that you can avoid updates occurring in the middle of your workday, or you can set your software to automatically update.
Smartphone Encryption & Passwords
It’s very possible that a cybercriminal may try to access your email through your Smartphone. It’s always best practice to ensure that everything on your phone itself is encrypted. You can also restrict access to certain files and documents by going into your settings and checking what permissions you have granted to downloaded apps on your phone. Remember, it’s wise to not keep client information stored on your phone for this reason. While convenient, every app you download on your phone is another gateway for cybercriminals
Private VPN for Wi-Fi
If you travel often, consider a private VPN service. Why? A private VPN service allows you to connect securely to other networks while you travel. Essentially, it hides your IP address and encrypts your online activity. If you accidentally use a malicious hotspot, your private VPN will block the hacker from monitoring your activity. With that said, if you want to stay safe and secure while traveling abroad, getting a private VPN is critical.
Document Storage and Software Solutions
Sharing Confidential Files
When it comes to sharing confidential files, eMoney Vault is one of the most popular options for financial advisors. Here, you can ask clients to upload all sensitive information–safely and securely. If your client gives a pushback on this and prefers to upload sensitive documents via their own method—most commonly DropBox–it’s important to caution them that their own solution may not be as secure as your own. Another alternative to safely and securely sharing files is creating password-protected documents using WinZip. After you send the file via email, you can then call your client to give them the password.
Disaster Recovery Plan
Per FINRA requirements, all financial advisors must have a Disaster Recovery/Business Continuity Plan (BCP). For a complete BCP checklist, please visit the FINRA to view Rule 4370. Here, you’ll find FINRA’s emergency preparedness rule which spells out the required BCP procedures regarding data backup and recovery, communications with regulators, and more. However, for starters, it’s wise to ensure that you have a backup available for your email, laptop, files, and texts virtually if anything were to happen to your electronic devices.
Stay in the Know
The reality is that as technology continues to evolve, cyber threats will follow suit. To keep your client’s private information protected to the best of your abilities, it’s essential to stay in the know with best practices. Remember to check SEC and FINRA regularly to view cybersecurity requirements and lists of expectations for protecting private client information.