In light of the horrendous security breach into Sony Pictures last month, and Home Depot and Chase Bank’s compromising of account data in 2014, I wanted to explain the security measures I take with my own clients’ personal and sensitive information.
Securing personal data has always been a primary aspect of my business and within the securities and insurance industry in general. My broker/dealer (National Planning Corporation) has extensive instructions, policies, and procedures that I am required to follow…and I do. However, the risks and manners (and volume) of how data is accessed, stolen, and used, has increased exponentially over the past 25-years.
How your data is protected:
Physical Paper: Once scanned into into a secure archive (Redtail Technologies Imaging system), your physical applications, statements, confirmations, notes, paycheck stubs, tax-info…’EVERYTHING’ is crosscut in a shredder 1/4 inch by 1-inch . Not even your ‘name’ is thrown in the trash. I have a shredder in my office for smaller batches, and all bulk shredding takes place at a visually certified shredding facility.
If you’ve been to my office recently, I’m sure you’ve noticed the absence of physical filing cabinets. It is my goal to keep ‘paper’ files to an absolute minimum in my office; the minimum being only paperwork or account processing that is currently in the process of being worked on.
My Office Computer: My computer (A Dell Latitude e6540/Windows 7 64-bit Professional) requires a password to login and is locked (requiring a password to use again) every time I leave my physical office. However, this isn’t good enough for me or my clients.
First off, I minimize client files/data physically stored on my computer. I do not store birth dates, social security numbers, driver’s licenses, or medical records on my computer. These are all filed away on something more robust, secure, and distant.
Secondly, I have implemented Dell Data Protection Encryption by encrypting every file that resides on my computer. The software uses FIPS 140-2 Certified; AES 128, AES 256, 3DES, Rijndael 128, Rijndael 256, Blowfish, and Lite encryption algorithms.
What this means is that if my computer fell into the wrong hands, that person could only access my files if they had my encryption key…which is stored off-site. This encrypting process initially took about 5-hours to install on every file on my computer, and continually encrypts any new files modified or added to my computer. Rest assured, if someone got a hold of my hard-drive and tried to access any files, they would not be able to open anything.
What if my Office Computer burned up in a fire? As my goal is to prevent your data from falling into the wrong hands, I must also prepare for a business continuity plan in case my office is blown up and/or burned to the ground. Yes, these events do and have happened!
If I had to, I can use virtually any computer to access your personal data from Redtail Technologies Incorporated (my Customer Relationship Management and digital filing service) CRM, and/or my broker dealer site. As mentioned earlier, copies of your scanned files are kept there as well. This contains all of our notes and files used since we’ve started working together.
Your actual investment “account” data is stored directly at the investment companies in which they are held, and I use a service called Albridge Wealth Reporting Solutions to access a comprehensive feed of your account data (performance, transactions, balances, etc.). Albridge is used by more than 140 broker dealers around the world.
All other business including insurances (disability, long-term care, health, life, etc.) is not stored nor uploaded to my computer. I access those sites/carriers directly to receive information pertaining to your account/policies held within.
Phone Messages: Messages you leave on my answering system are digital and NOT stored at my office. Furthermore, accessing ‘your’ message requires a 6-digit pass-code. You messages are stored on a server with Charter Communications and are accessible via my cell or email (also requiring extensive passwords).
Faxing: Any faxes you send to my fax number go directly through my eFax service. No fax will ever ‘just print out‘ at my office when you send it. A password (and now encryption) would be required just to read a received fax.
Social Media: I do not use Social Media for anything business or client related. In fact, I am not allowed to discuss any part of my business on social media sites (other than my newsletter and blog). Additionally, two-way communication is not allowed on my blog as I’ve disabled it per broker guidelines. And this is good…as I too like to separate business from my social life.
Trusting the Cloud
Cloud computing is just another way of saying that your information is not stored locally (on your personal computer); rather, it is stored on a server “off-site” that you must log in to. Digital storage has been exponentially moving in this direction since the internet was born (more than 25-years).
I feel that storing information with a professionally certified ‘mega’ storage facility that has multiple redundant/mirrored back-up systems in different parts of the world is a safer and better alternative than one person keeping ALL data (physical and digital) in their own office. All it would take is a thief to break in through a window or door, grab paper and/or digital files, and then run.
And some might argue and point to the recent ‘hack attacks’ as a perfect example to stay off of the web/cloud. For those with this view (as legitimate as it is), think about the vast amounts of your personal information already on the cloud outside of any info I might have access to: Your mortgage, your bank, your PIN code, credit cards, medical records, DMV records, auto loans, school records, county tax data, tax returns, auto insurance, and many more. Virtually everything you do with a large company has already been uploaded to the ‘cloud’ in some form or fashion.
Sure there is a risk in each scenario. But my technical expertise is no match for a team of professional IT security experts charged with only one task to do—and that is to protect your personal data from physical and electronic attack.
In summation, there are many more technical transactions happening on the ‘back-end’ of the companies that hold your data, policies, and accounts. The companies that I use for my clients’ investments are all required to comply with the same rigorous procedures as I am…if not more.
If you have any questions or concerns about the security of your data, the processes, procedures, or technical data in which it is protected, let me know. After all, it is your information that I am protecting, and you have a right and vested interest to know how it is being protected!