Security Tip: Advisors Keep Client Data On Their Computers And Need A Policy For Protecting Client Data From Malware

Tuesday, July 19, 2011 13:33
Security Tip: Advisors Keep Client Data On Their Computers And Need A Policy For Protecting Client Data From Malware

With social engineering scams becoming much more clever, it’s wise to avoid downloading from just anywhere. You need a policy.
Even if you’re a sole proprietor, this goes for you.  But it goes double for you if you have staff.
I recently reported on a social engineering scam that fakes victims into downloading an antivirus program is actually a Trojan and sends sensitive personal information to digital crooks. The crooks are more crafty.
Financial advisors store on their computers some valuable personal data on their clients. Social security numbers might be there, for instance, and maybe credit cards. You are obliged to protect client data, especially if you’re holding yourself out as a fiduciary.  
Under the current inspection regime, RIAs are examined on average only once every decade. So there’s not much risk of being caught for being sloppy with security. My guess is that examiners do little to make a determination as to whether you are properly protecting client data from malware. It’s probably not even on a state of federal examiner’s checklist.
However, getting client data hacked nonetheless poses a serious risk to RIAs. If a hacker gets hold of client social, credit card or other personally identifiable information, state and federal laws come into play with mandatory notifitcation requirements. That could be costly and embarrassing.
Here are some ideas for limiting your risk.
Company Download Policy
Set a policy in your company on downloading software. Maybe owners are allowed to download but not staff. Or maybe only your IT director can download programs.
If you’re an owner, the policy should put you on alert whenever you download anything. But it must prevent computer novices from downloading malware.
The policy does not mean that you cannot download from Google, Microsoft, and your tech vendors. While making it much harder to succeed for phishing scams and other social engineering schemes, the policy has to be practical.
Most of the programs advisors download are brand names. Still, for a website to make itself look like Google or Bank of America is not impossible.
So when you do need a program, try I’ve been using this site for over a decade and trust it.
The site hosts downloads for thousands of apps. If you need a picture editor, password management app, or a driver for your printer, this is a safe place. CNET screens all downloads for common viruses and spyware and looks for other threats that might interfere with user security, privacy, and control. While nothing is guaranteed, it’s safer than hitting a random site on the Web and downloading a pram fromt here.
Keep in mind, only the downloads on are screened for malware. Ads posted on that take you to other sites to download programs could be risky.


This Website Is For Financial Professionals Only

Comments (4)

Thanks Andy. Very good advice. An easy policy to create, and educate staff on. I'm wondering how to test on an annual basis for compiance purposes...any ideas?
timknotts , July 19, 2011
Micah McCann
I second that. Great advice Andy! From my perspective, I don't think advisors are placing security high enough on the priority list. Creating a policy is a good start but making sure it is being followed and building awareness around security is just as important.

For those looking for more information, NIST has published a great document catered to small businesses that provides some security best practices:
Micah McCann , July 19, 2011
There is only one way to make sure your computers are not infected with viruses and or malware and that is to have your system checking in. For larger firms that means a corporate version of Antivirus / Antispy with a full time IT professional watching over the server(which rarely happens) and for smaller firms using something like ProtectIT works best. http://www.financialcomputer.c...protect-it
BrianEdelman , July 23, 2011
We have seen a significant jump in Viruses recently, one in particular called "antispyware 2012", which is nasty and very disruptive. Please make sure you are properly protected and have a good policy in place.
BrianEdelman , January 12, 2012

Write comment

You must be logged in to post a comment. Please register if you do not have an account yet.