How we secure your financial dataNovember 15th, 2012 by Dan Woodruff, Certified Financial Planner with Woodruff Financial Planning
Have you ever heard the shocking stories about how financial institutions lose their clients’ data – causing real worries for their clients? We take our responsibilities in this area very seriously, so we thought it would be useful to document how we secure your financial data, and the benefits to you.
- The problem – examples of data loss
- How we secure your financial data
- How this works in practice
There are obvious problems to be faced when trusting your personal data to a financial institution. If that data is lost in some way, this could compromise your financial security, and possibly allow criminals to steal your assets. Identity fraud is a real danger these days.
Examples of data loss in financial services
You will have read of many cases where financial services companies have lost their customers’ data. This can be a simple as leaving a laptop with client data on it on a train. Human error is a real issue in this area. There have been too many incidents to mention, but here are a few examples:
- In 2010 Zurich Insurance was fined £2.75m by the Financial Services Authority for the loss of 46,000 customer records. This information included personal details, bank details and credit card information;
- In 2011 the Cattles group, which owns Welcome Financial Services lost back up tapes with data on them containing the personal details of 1.4 million customers and staff. They were later fined £140,000;
- A 2010 survey of US financial services firms found that 42% of firms had suffered data loss in that year
In our view, many smaller financial services firms do not take data security seriously. They often flout the rules regarding data protection, and many have lax standards in relation to customer data security. If you employ a financial adviser, perhaps you should be asking them some hard questions regarding their IT security.
We employ a specialist IT company to ensure that we secure your financial data. Here are some of the measures we have in place to attempt to keep your data where it should be.
- Access and encryption
We use separate authentication (SQL) featuring 256 bit SSL encryption. Most firms use a simple user name and password, which is not nearly as secure as our method. From the moment we connect to applications every keystroke and mouse movement is encrypted.
- Portable devices
We access all data remotely using the above method. This means that if a device is lost, none of your data will be held on it. These machines do not hold your data, which means they cannot compromise you if a device like a laptop or mobile phone is stolen.
Our data is backed up remotely through an automated, off-site, secure service. We don’t use discs, tapes, external hard drives, or other solutions which could be compromised, lost or forgotten. Our solutions are regularly tested to ensure they work, and we even back up file systems, email servers and databases.
- Internet and email
Our systems use 3 separate external solutions to prevent email viruses and phishing. Our working environment is locked to prevent users accidentally installing malicious software, which could access your data. Our next project is to test a secure email solution, which could mean that personal information cannot be intercepted.
- Paperless office
Obviously, we cannot completely remove paper from our business, but we try to minimise its use by scanning and retaining all client data. This means we do not need to keep filing cabinets full of your data, which could in turn be vulnerable to data theft.
How this works in practice
We have had IT problems in the past. here is how our technology coped.
- Physical server failed
Within 2 hours, all backups and file paths were moved to a new server, meaning our business was operational as quickly as possible.
- Stolen laptop
No client data was held on this machine, meaning that nothing on the device could be used to compromise clients’ data security.
We don’t want to scare people. We just want to reassure you that we are doing everything possible to secure your financial data. If you currently use a financial planning firm, we suggest that you ask them if they can say the same about your data.