For Los Angeles investment advisors, protecting data from information thieves and malware infiltration is a number one priority.
The Anthem and Target breaches have demonstrated how vulnerable businesses can be to compromise, and investment firms can’t afford to take chances with network security.
The number and scope of today’s cyber-threats are immense, but combating them doesn’t have to soak up most of a firm’s budget. Vigilance, awareness, and a sound data security policy can prevent or at least minimize the impact of most attacks.
This article reviews three data security best practices for Los Angeles investment advisors.
Use Digital Certificates on Your Company Website
A digital certificate uses public key infrastructure (PKI) to allow information to be exchanged securely online. Like passports, they are forgery-resistant, provide identifying information, and are issued by an official and trusted authority.
Recipients can verify that a certificate is real by examining the name of the certificate holder, a serial number, expiration date, the holder’s public key (which encrypts messages and creates digital signatures), and the digital signature of the authority that issued the certificate.
For added protection, investment firms should save their certificates to routers, load balancers, and other hardware devices instead of the web server, where they are accessible to intruders.
In the event that a certificate is compromised, it must be replaced immediately, along with its accompanying encryption keys.
Create a Removable Media Policy
Removable media is a widely-recognized source of malware infections and data breaches. They include flash memory devices such as USB drives, SD cards, removable hard drives, CDs, and DVDs.
A removable media policy will reduce the risk of a security crisis by:
- permitting the storage of sensitive data on portable media only when an employee needs to do so as part of their assigned duties
- requiring the encryption of all sensitive data stored on such media
- restricting or prohibiting the storage of company data on an employee’s personal device, such as a smartphone or tablet
Educate Employees on Data Security
The human element is nearly always the most vulnerable part of any network. The IT department can fortify the company firewall and apply all necessary server patches, but if a firm’s employees open every infected attachment or phishing message they receive, cyber-thieves will get in.
Most businesses offer little or no data security training to their employees. As a result, they are exposing their networks to potential compromise. Regular training should be conducted for all employees, showing them how to avoid common security threats.
The financial services industry remains an attractive target for hackers, so data protection is a critical objective. A sound data security policy can help keep financial advisory firms, their customers, and their employees safer from the cyber-attacks that continue to push less vigilant companies into the headlines.
Has your firm developed a data security policy that evolves with the changing threat profiles? Let us know your thoughts in the Comments box below.
And to follow-through on the tips introduced in this short article, be sure to download your free guide, Investing in High Net Worth Clients: The LA Investment Advisor's Guide to Using Technology to Manage and Grow Your Firm.