7 ways to protect client data

November 5, 2013 | Last updated on November 5, 2013
2 min read

Data security policies aren’t foolproof. So financial data tech experts advise that you always assume your clients’ information is vulnerable.

Data breaches and losses can harm the reputations and bottom lines of firms and advisors and clients may leave and warn others if they feel they weren’t protected.

What’s more, contacting clients after a breach, explaining what happened, alleviating their concerns and then beefing up security eats time and resources. (A 2012 global survey found financial companies end up paying US$215 for each compromised record, on average.)

Hiring a third party

Firms can hire tech consultants to assess their data security systems and policies. One Toronto privacy lawyer says independent players often offer more flexible rates to firms with limited resources.

For example, B.C.-based contractor Mark Bernard, founder of Tech-Secure, says he offers four-week risk assessments, as well as training services, for about $12,000 to $15,000 ($100 per hour on average for small businesses). Another Toronto tech expert estimates basic consultation fees of between $10,000 and $20,000, while large security firms could charge more than double that (an average of $250 per hour).

Here are seven ways to safeguard files:

  • Never store sensitive data on portable devices, like USB keys, in case you lose them. When you’re on the road, access files via VPN or a password-protected server.

  • If you download files from a server, you should encrypt your computer or device, as well as every private file on it.
  • Don’t print sensitive data. If you need hard copies of client files, review them in secure locations only. Then shred them immediately or lock them up.
  • Change passwords at least once a month.
  • Back up data once a week, unless your firm does this already, and keep backed-up files on encrypted devices or servers.
  • Review security policies annually with staff. Schedule one-on-one sessions for new employees, and revisit procedures if you promote someone to a position that gives access to more sensitive data—such as accounts of inheritance divisions among fighting siblings.
  • Ensure your team knows what to do and who call if they lose client data. Keep an updated list of contact information for your branch and regional managers, and reps from IT, legal and communications.

    Warning

    Keep financial data for at least seven years, and archives of important emails for at least two years.

    These departments will be able to help you send client letters and alert authorities. Make sure there are backup contacts in case key people are unreachable during a crisis.

In the U.S., companies lose 2.8% of their customers following a data breach, on average. In Australia, companies lose 4% of customers, on average.

Source: Ponemon Institute

Katie Keir is the assistant editor of Advisor Group.