As tablet ownership continues to grow—doubling since 2011—and more than half of U.S. consumers owning a smartphone, according to a 2013 Forrester Research report, advisors need to be more vigilant about data security now more than ever. Below are 10 easily implemented safeguards that could prevent advisors becoming an easy target for cyber thieves.
1. Nothing Is Free—Avoid using public Wi-Fi whenever possible, warned financial services technology expert, Bill Winterberg. Using a smartphone’s cellular network—many of which have 4G service across the country—is more secure, he advised, saying that using a cellular network is going to make it more difficult for hackers to “snoop.”
2. Look Into VPN Options—VPNs, or virtual private networks, act like a tunnel through the Internet, remotely connecting your computer to a secure server. Using a VPN connection ensures that all Internet communication is encrypted and protected against unwanted probing.
Many companies offer employee access to an internal VPN, but advisors can also check out independent services including TorVPN and Private Internet Access. (For more information on VPNs, check out the How Stuff works article )
3. Stay Logged On At Your Peril—Many people forget or, for convenience, choose not to log out before closing out of an app. But not logging out means that cyber crooks intent on accessing your unprotected Internet sessions could stay on longer, increasing the potential danger, Winterberg says. “You don’t want to be the low hanging fruit,” he says.
4. Keep Up-To-Date—Advisors should be updating their software and apps as often as possible, especially when those updates that include security improvements. According to Symantec’s 2011 Internet Security report, approximately 50 percent of attacks are aimed at small and medium-sized businesses with less than 2,500 employees.
“It’s the rep’s and broker/dealer’s responsibility to ask the tough questions about security,” Winterberg said.
5. Forewarned Is Forearmed—A security system is only as good as its weakest link, says John Sileo, founder of Silio.com and a speaker on privacy and data security. Advisors should train staff to use best data security practices and recognize potential threats such as spear phishing attacks—emails that may deliver malware software to your computer or mobile devices.
“The number one way we see data stolen is that someone inside his organization is socially engineered out of the data,” Sileo says. Plus, staff training is comparatively cheaper than the estimated $300 per record lost in an average data breach.
6. Triple Check—Even with staff training, advisors should have redundancies in place to keep cyber thieves from impersonating clients, says Adam Levin, former director of the New Jersey Division of Consumer Affairs and co-founder of Credit.com and Identity Theft 911. Although many clients use email—which Leven calls an “inherently unsecure conduit”—to regularly communicate their advisor, there should be a system in place to verify the identity of a client, including follow-up phone calls or in-person meetings.
“As a financial advisor, it is very important to work out a security protocol with your client,” Levin says.
7. Responsible Safeguards—Despite the online dangers, advisors should also protect against the everyday loss and theft possibilities. Envision a “scorched earth” policy when it comes to password protection, as in, no device is exempt, including personal phones and tablets. Approximately 81 percent of employees use at least one personal device such as a tablet or smartphone for business use, according to a 2012 Harris Interactive survey.
Further, financial advisors should look into protecting their internal Wi-Fi with encryption software, Sileo said, noting that having a company set up a secure domain router with encryption could cost as little as $150-200.
8. Solid Defenses—Not only should advisors use passwords, they also need to use passwords that are long—generally at least six to nine characters—without having personal details such as birthday, age or social security numbers worked in.
Go beyond the typical 4-digit automatic password option available on smartphones, says Winterberg. While it’s inconvenient to have a long password, the 4-digit approach does not provide enough defense against a “brute force” attack.
9. Think Disposable—At the end of the day, smartphones and to some extent, tablet devices, should be treated as throwaway devices. All information stored on the device needs to be backed up in case something should happen, including loss and theft.
“The most important thing is that people need to look at their mobile device and realize that it is not a communication device, it’s a data storage device,” Levin says.
10. Wipe It Clean—While the Find My iPhone app is designed for iPhone users, there are also similar Android versions on the market. Every data security interviewed for this article recommended that advisors have a version on their mobile devices.
Not only can the app help find the phone or tablet if it’s activated, but the app has a “destroy after reading”-like capability that erase all data on the device in case of emergency.
“You can never be too safe,” Levin said, adding that cyber attacks are only going to become more sophisticated and more damaging as technology improves.