Did you know how you share - from a simple click of your mouse or message on your mobile - could put your clients at risk?
According to the Federal Bureau of Investigation, cybercrime resulted in $2.7 billion in losses for consumers (1) resulting in the Securities and Exchange Commission to increasingly pay close attention to Financial Advisors’ cybersecurity practices. This has resulted in several cases in recent years including the SEC settling in September 2018 with New York-based Voya Financial Advisors (2) on data breach case where customer personal information was compromised. The settlement amount? $1 million.
Crazy amount, right? The simple everyday action of sending an email or text message could put your client, your advisors and your business at risk of litigation. Today, the simple statement of "We have always used email." no longer suffices.
At Clinked, this motivates us to ensure you protect yourself and clients using secure methods. We’ve been reading the best practice cybersecurity requirements released by the SEC and many state agencies to understand how our client portal can be leveraged to let you advise your clients with confidence in our system. New York State’s Department of Financial Services released a Cybersecurity Requirements for Financial Services Companies (3) recommendation in early 2017 that is top-notch for financial advisors to use as best practices.
Below are 7 key standard features Clinked offers to all clients that help financial advisors meet these regulatory recommendations to protect your clients and business.
- Multi-Factor Authentication
- Audit Trail
- Access Privileges
- Application Security
- Device Management
- Encryption of Nonpublic Information
- Penetration Testing & Vulnerability Assessments
Still not sure? No trouble, you’re an expert in your area of knowledge and market research is the backbone of your methods. Let’s keep exploring the challenges facing financial advisors today by addressing what type of electronic communication warrants care when dealing with client data, documentations and how to avoid the risk of data breaches. On with the show!
Our colleague, Matthew Paloscio started his career as a financial advisor in New York City before joining our Clinked team. He knows first hand that your clients seek financial advisors as experts to protect, preserve and grow wealth generated through personal endeavours.
As such, he’s put together the following list of items never to share via email or message with clients:
- Policy Documents: Financial advisors work with various instruments, including insurance policies. These policy documents identify the policyholder and gives details of illustrations, coverage, conditions and exclusions. The schedule can contain sensitive data about your client be they an individual, family or business covered by the policy. Whether personal identifiable data or asset specific, a slip in this data compromises the client and their financial security.
- Partnership Agreements: Written agreements enforceable by law, agreeing a deal between two or more people/organisations, provide specific details that can compromise companies and participating parties. Partnership agreements are used between insurers, brokers and sub-brokers to set business terms and conditions specific to their arrangement. Therefore these should never be sent via email due to the information that they might contain about business practices.
- Estate Planning Documents: These documents contain your client’s most sensitive personal details, including comprehensive details regarding their assets and close family members. Wills, (Ir)Revocable Living Trusts, Financial Power of Attorney documents should never be sent over email or carried personally in paper form by advisors. Can you be sure your client’s data remains secure should an advisor lose their briefcase?
- Invoices: Invoices give the details of a payment request from the seller to the purchaser of goods or services. It contains both the buyer and seller’s name and address, details regarding what is being purchased, the total amount due for payment, taxes, invoice number etc. This is personally identifiable data and therefore cannot be sent or received by email as they can be crumbs of data for cybercriminals.
- Portfolio Statements: Details of your clients’ portfolio and estimated future obligations, if applicable, can significantly compromise your clients if in the wrong hands. These should be sent via secure channels rather than via physical post or client portals for access.
- Health Information: Documents regarding client’s health information and records are extremely sensitive. They can contain information regarding personal illnesses/pre-existing conditions, lifestyle habits and mental health.
So now that you know you may be convinced on the issue around this, but need some data on your options to protect client data. At Clinked, we’re here to help. We know that this can be difficult for financial advisors seeing as you need to send files containing personal data to your customers within your day-to-day work life. We are happy to share a few solutions, including one if email is absolutely necessary for these file types.
The 3 main options for secure file sharing are:
1. End-to-end encryption
Using end-to-end encryption (E2EE) will keep your client’s data secure and ensure you’re not at risk of any GDPR data breaches. E2EE works by encoding data sent back and forth within emails between you and your clients, so that only the sender and receiver can view the contents of the message by decrypting it.
Nobody else, whether an email service provider, other third-party application service providers, or hackers, will be able to access the data. However, end-to-end encryption isn’t just a straightforward method of securely sharing important information with your clients, it also has its difficulties and can be a painful process to set up.
One of the biggest pain points of end-to-end encryption is that software needs to be implemented on both ends, the sender and the receiver of information. Meaning that each one of your clients need to ensure that they have end-to-end encryption set up before you can share any private documents with them via email, which as you can imagine can be very time consuming.
Please keep in mind this is protection for your organization sending file. It would also be required in your client's email system for full cycle protection.
2. Cloud Storage
Cloud storage is a form of online document storage where instead of keeping files on your computer hard drive, your files will be stored online within the cloud. There are many popular services for cloud file storage such as Dropbox and Google Drive.
The way that cloud document storage works is by storing your data within servers rather than on your computer, so that you can access it anywhere from any device simply by logging in to whichever cloud service you may be using.
Cloud storage has many advantages; it’s very simple to use, it’s GDPR compliant, it defeats all the risks of losing your files if something happens to your computer and it’s also ideal for collaborating on files with clients, seeing as multiple people can access a live version of a document from different locations.
A disadvantage is that cloud storage relies on being connected to the internet, so you won’t be able to access your data offline.
3. Client Portal
The final option is a Client Portal, this is a centralised area that is bank grade secure and completely white-label, where you can share important documents with your clients in your own professional, branded environment.
Using a client portal tool allows your clients to login to an area where they can communicate with your team, view any documents such as reports, invoices etc and even review and sign contracts.
Overall, a client portal is a great solution for Financial Advisors. It results in a much more effective and reliable method of communicating, sharing and collaborating on documents with your clients - as an alternative to email. It provides with a professional, branded environment for your clients, helping you build trustworthy relationships with them.
Not all client portals allow for two way interaction. As such, check the offering to ensure your clients will be able to submit any sensitive files via the system rather than just viewing.
After review of these options, does a client portal sound right?
Check out our Clinked white-label client portal! The benefits to your business begin with providing a secure platform for your clients. Learn more by booking a demo with one of our product specialists.
We’re excited to speak about the solution of Clinked for your client knowledge needs.