Isn’t technology wonderful? Think of what we can do that was not even imagined just a few years ago. Web 2.0, social media, mobile computing (even on a phone!). We can download information in seconds that would have taken days to gather in a library. We can access our office computer while out calling on clients (or sitting at the beach).
Of course, along with all this goodness, there is a bit of darkness. Viruses, malware, root kits, Trojans, bluesnarfing (stealing information from Bluetooth-enabled devices), denial of service attacks, worms, page-jacking, pharming and phishing, adware and spyware. Each of the above refers to ways in which the security of your computer may be compromised.
Sometimes, security glitches are simply an annoyance. Other times, however, they can result in serious data breaches.
A CFP professional shall take prudent steps to protect the security of the client’s information and property, including the security of stored information, whether physically or electronically, that is within the CFP professional’s control.
So how does someone do this? Here are a few tips.
- Use passwords, and change them periodically.
- If you have a laptop, tablet (including iPad), smartphone or any mobile device, activate the password at startup option. This will require anyone to correctly enter a password before gaining access.
- Some devices (including iPads/Phones) offer the option of erasing all data after a previously-determined number of attempts to correctly enter the password.
- Get creative. Options such as your birthdate, address, a simple string of numbers (e.g., 1111), are far too simple. Quality password recommendations include incorporating upper and lower-case letters, symbols and numbers.
- I tried one of the websites that lets you test password strength and entered a password similar (I wouldn’t enter my exact password) to one I use that includes all of the recommended options above. The site said my eight-character password could be cracked in 17 hours. Adding one more character increased the time required to about 57 days. That’s why the minimum recommended length for a password is at least 10 characters.
- If you struggle to remember passwords, you can get a software program that serves as a “password safe”. You can use the safe to store your various passwords (of course, you have to remember the password to get into the safe!)
- Install and use good security software (anti-virus, malware, adware, identity protection, etc.), and keep it updated.
- When you are out and about with your laptop, lock it up anytime you and it are separated.
- Items, such as your phone, that you cannot secure by locking, should stay with you.
- Don’t automatically download files. This is especially true for those popups that declare your system may be infected. Often, if you download the recommended file, you are actually downloading a virus.
- This could be extended to all email attachments or any other download. If you don’t know it, don’t open or download it.
- Be cautious when connecting your computer to the cloud/internet, using free public Wi-Fi sites. These often have no built-in security and knowledgeable people can tap into your computer system in minutes.
- Back up all computer files. No security system is perfect. For that matter, no computer hardware system is perfect. Whether due to a security breach or a simple hardware malfunction, you can lose data. The simplest solution allowing you to recover that data is to have an up-to-date backup. If you are especially cautious, have a back-up for your back-up (Yes, I have had my back-up hardware malfunction so that I could not gain access. Frustrating!).
You should have a computer security policy that everyone understands and follows. Periodically distributing, or meeting about, security best practices is a good idea.
Another option, but one that is a bit cumbersome, is to use encryption software. These programs allow you to make some or all of your data unreadable by anyone who does not have proper authorization. Caution: if you forget the security codes, you will lose access to all encrypted information – and it usually cannot be recovered. If you are unfamiliar with such software, you can read about it here: www.truecrypt.org/. (I am not recommending True Crypt. I offer it only as a way for you to learn about encryption.)
Those are some simple security tips, and they definitely will provide protection. What can you do if your security fails and someone steals and/or breaks into your computer (laptop, smartphone, tablet or desktop)? First, hopefully you actually do have an up-to-date backup (software to do this is inexpensive and generally easy to use), so you have not actually lost all your data. Next, you have some work to do.
- Change all your passwords – immediately.
- Update and run your security software (in the event the breach was software or internet related). Consider taking the computer to a security expert who will be able to run an in-depth security scan and solve related problems.
- If theft is involved, notify the appropriate authorities.
- If there is any chance client information has been compromised, you must notify your clients (and company management). It’s not pleasant, but it must be done. They will likely ask some uncomfortable questions, including wanting to know what security measures you had in place, so you will want to have some good answers.
- In some jurisdictions, if you have not implemented adequate security measures, you may incur criminal or civil liability.
- Many mobile devices allow you to remotely locate your lost or stolen device (on the iPad/Phone it’s called Find My iPad/Phone). If you cannot find the device, or need to ensure information does not fall into the wrong hands, you can remotely erase your device. It’s extreme, but it works.
- Similar options exist for laptop computers, and installing such software may make sense.
- Have you ever thought about what might happen if a disgruntled employee decided to take a laptop and expose your client information to others? The ability to remotely erase laptop data would become pretty important.
- The same would be true if an employee’s laptop was lost or stolen.
What is a Security Breach?
When I was in practice, anyone who gained control of one of my computing devices would have had the potential to access all client data. Names, addresses and all contact information, identification numbers, bank and investment access information, account/asset financial amounts. Everything! Initially, I downplayed the likelihood of any malicious attack . . . that is, until my security team let me know our computer systems were nearly breached. After that, I decided to take all reasonable precautions. It paid off. We were attacked several more times, and security held.
Are you prepared enough to attest that you have taken all prudent steps to protect the security of your client’s information and property, including the security of stored information, whether physically or electronically?