There's no doubting that technology has made the lives of independents easier. The ease with which computers and other devices can be untethered from a home office give indie reps more autonomy than they've ever enjoyed before.
Without the right security, though, technological innovations can introduce as much risk as reward to an independent practice.
One advisor in Colorado learned just how susceptible she was on this account when she contacted a technology consultant to assist her with a networking project. The advisor had set up multiple workstations in her home and office, says Susan Bateman, the consultant with CM IT Solutions in Denver.
“She wanted a wireless system, and although it was easy to set up and implement out of the box, it wasn't secure,” Bateman says. “Unfortunately, many people don't read the fine print when they set up systems, and they're vulnerable without realizing it.”
In order to protect the advisor's data, Bateman set up encryption capability on the network and created password protection for its use. She was also able to set up address filtering, which ensured that only computers belonging to the broker's office were able to use the system.
Important When It Fails
For most professionals, computer security isn't a consideration until problems come up. But ask anyone who's lost everything on their computer to a virus, and they'll tell you how high the stakes are.
Many of the services and technologies indies need are provided by their broker/dealer, and many b/ds seem downright obsessive about certain aspects of data security.
“What we're really concerned about is client data,” explains Roger Ochs, president of HD Vest, a financial services firm with a focus on tax-related issues. “Safeguarding client information is the priority for us, and that means password-protected access to our advisor platform, encryption that protects the transmission of data as it's transferred through the Internet and making sure that all client data is stored on our servers here, rather than in an advisor's office.”
In the past, most b/ds were willing to transmit client data back and forth over the Internet, but now many are looking to more secure avenues, such as private or encrypted network connections.
“The more data we can store for our advisors, the less they have to worry about their own vulnerability,” Ochs says. “We want to take that burden away from advisors as much as possible. I know how expensive that is, and a lot of the problems we can handle more effectively and cost-efficiently than they can.”
Still, independent advisors' offices are inevitably going to be home to much sensitive data, and that means the advisors should know a thing or two about how to bulletproof their practices.
“In California there's a law that if client information is breached, the financial institution is required to send out a letter informing clients that their personal information may have been compromised,” says Ochs. “That's not a pleasant message.”
Experts say there are several measures independents should consider implementing to ensure their data and offices are protected from hackers, malicious programs and technical disasters. With the right procedures in place, it takes just a few minutes a week to minimize the risk of a practice-damaging technology fiasco.
Stay on Top of Computer Viruses
The absolute minimum an advisor must do to protect his practice is installing (and updating) antivirus software. Unfortunately, many advisors ignore this most basic and simple defense against computer problems.
“We get calls on a regular basis from people who are having problems with their computers, and the first thing we ask is what kind of antivirus software they're using,” says Bateman. “Most of the time they say they're not using any.”
The two leaders in this area are Symantec's Norton AntiVirus (symantec.com) and McAfee VirusScan (mcafee.com). Both programs are available on CD in retail stores, as well as in downloadable formats from both companies' Web sites, and include a year's worth of updates. Multiple-user versions are also available. Antivirus software should be updated annually, and virus definitions should be revisited weekly. The best way to do this is to allow the program to update itself automatically, which means the program connects to the manufacturer's Web site and downloads updates whenever they come available.
Get a Firewall
The next step in protecting an advisor's computers is a valuable piece of hardware that can be bought for under $100. It's called a firewall, and it sits between the computer and its Internet connection. Hackers usually do their dirty work via the Internet, but before they can do much, they need a computer's IP address (a 12-digit number that identifies your computer on the Web).
Firewalls stop hack attacks by hiding the IP address, rendering the computer invisible to the Web and would-be intruders.
In the unlikely event a hacker finds a way to attack the computer anyway, the firewall acts as a doorman, stopping the intruder from getting to the hard drive. Firewalls are also useful for creating a network, which can allow other PCs access to designated files. This is very useful if, for instance, an advisor wants to allow an assistant access only to a select group of folders on his computer.
The best part about firewalls is that they're easy to find and can be installed within minutes. Popular companies such as D-Link (dlink.com), Linksys (linksys.com) and SOHOware (sohoware.com) offer firewalls at affordable prices.
A great tutorial on firewalls and how they work is available from SOHOware at sohoware.com/docs/sohoguide.pdf.
Look Out for Spyware
The majority of security problems facing advisors come from spyware — programs that install themselves on a computer and run without the user's knowledge. Ever noticed a toolbar on the browser that you didn't install, or that your home page has changed by itself? If so, you've been the unhappy host of spyware.
“We've seen a huge spike in spyware problems over the past few months,” says Bateman. “In fact, we installed a spyware program on a broker's computer, and the first time we ran it, we found that spyware had been installed to record the keystrokes on her computer and send them to an email address over the Internet. So everything she'd been typing for months was being sent to someone — client information, passwords, everything. It was frightening.”
Spyware often originates on Web sites a user visits. The software automatically installs on a user's computer without his knowledge. The programs can be difficult to get rid of, since they usually create a backup that reinstalls itself once you restart your computer.
Fortunately, there are programs that not only eliminate spyware from the hard drive, but also stop its new programs from installing.
Ad-aware (available from Lavasoft at lavasoftusa.com) is considered the top spyware software available, and costs just under $40 for a professional version (a free version with limited capabilities is available for home users). When run on a regular basis, Ad-aware checks your hard drive for spyware and erases it from your computer.
Another popular spyware program is Spybot Search & Destroy (safer-networking.org/). Created by a programmer in Germany, the software is free, although donations are accepted.
Bateman recommends both programs and suggests installing and running both on every computer in your office, since some malicious programs are found by one but not the other.
Have a Backup Plan
Part of protecting an office means having emergency procedures in place in the event problems do arise. This means backing up data, protecting against power surges and outages and being able to restore a computer in the event it crashes.
Of course, a b/d is responsible for client data and transactions handled through the firm's platform, but what about the information stored in an advisor's office?
There are plenty of companies offering off-site storage of data and files in an electronic format, and many can be set up to back up your data automatically via the Internet. Of course, it is also possible to back up your data manually using CDs and other local storage devices.
According to SEC regulations, all electronic documents must be kept in a nonrewritable, non-erasable format with a time-date stamp. Further, duplicates of every file must be kept, and 90 days notice must be made before making the transition to electronic data storage. SEC Rules 17a-3 and 17a-4 explain these requirements in more detail.
Get a Ghost
In the event your computer does crash, it's wise to have a snapshot of your settings and programs. Creating a snapshot of your computer is called ghosting, and several software products are available to accomplish this task.
Norton Ghost, from Symantec, allows users to create backup images and store them on hard drives, CDs or USB pocket drives.
According to Bateman, ghost images need to be made about once a month.
“The brokers we deal with don't want to be down for 30 minutes, much less eight hours to replace a PC,” she says. “It can be a real timesaver when problems come up.”
Wipe Your Drive Clean
Usually, security means protecting the information you have. But in some instances, it's important to erase the data on a computer. For example, if you purchase a new computer and decide to donate your old PC to a nonprofit organization or throw it away, your information will still be on the hard drive — even if you erase every file. Because of this, old computers should go through a process called data wiping.
The most popular wiping software is R-Wipe & Clean (r-wipe.com), from R-Tools Technology. Available for under $30, it lets users eliminate all data from a hard drive.
Hire an Expert
If all of the above seems like too much to handle, outsourcing might be the best option.
Outsourcing firms vary in their approach to the business, but there are many firms that offer independent advisors solutions to “all their IT needs,” says Linda Burzynski, CEO of CM IT Solutions. “That includes everything from basic troubleshooting to security issues, training, Web hosting and design and creating networks.”
According to Burzynski, some clients pay a flat rate as a monthly retainer, while others opt to pay an hourly rate when services are needed.
“Most small businesses, such as advisors, eventually go on a monthly retainer because it fits well with their budget and monthly expense structure,” she says. The cost for such services is always based on estimated per-hour service, rather than the number of employees or computers in a particular office.
Most agreements stipulate that the IT professional will be on-site a certain number of hours per month, and will address issues as needed. The duties performed by these individuals cover everything from basic computer maintenance and upkeep to advanced problem solving and upgrading of systems.
Outsourcing your IT needs should be handled with the same care you'd use to hire a new staff member.
“When it comes to hiring IT professionals, there's a few things you should look for,” Burzynski says. “The biggest trap is hiring a consultant that's a one-man band. A lot of independent IT contractors are simply between jobs, and it's here today, gone tomorrow if their job search is over.”
For this reason, advisors should do a thorough check of a consultant's background and references before hiring him.
“Find out who their clients are,” says Burzynski. “Call them up, and find out how satisfied they are with the professional. Find out how long the professional's been in business. You should also find out if they have any similar clients, especially since financial advisors have unique needs and restrictions other businesses may not have.”
The bottom line is that security doesn't need to be expensive or time consuming. Whether you pay a professional to handle these tasks for you, or you choose to do them yourself, creating a secure office is essential for any advisor.