Data Encryption Best Practices for Los Angeles RIAs

Author: Craig Pollack Date: Feb 02, 2018 Topics: _Investment Advisor Blogs, Cybersecurity

Is your Los Angeles investment advisor firm protecting sensitive client information with data encryption?

For investment firms, data protection is more than a company-mandated directive: it’s the law. Failure to protect sensitive information can result in loss of business and substantial financial penalties from FINRA and the SEC.

There are several security mechanisms available, such as firewalls, complex passwords, and anti-virus software. However, when it comes to guarding financial information, data encryption needs to be part of the arsenal.

The benefits of encrypting data include:

  • Enhanced Security:  Powerful yet affordable, data encryption helps an investment firm set up military-grade information security.
  • Portability: Encryption will protect important data no matter where it is stored. If an RIA’s smartphone or tablet is lost or stolen, encrypted files will be extremely difficult for intruders to access.
  • Transparency: Encrypting your data has no adverse impact on efficiency: crucial information is quietly secured in the background while the front end business interactions go on as usual.

Behind the Scenes

Encryption allows information to be hidden from unauthorized parties. It uses an algorithm called a cipher to turn text into a series of random characters that require a special key to be decrypted and read.

Many investment firms use what is known as “asymmetric” encryption. It uses two keys, one “public” and the other “private”. The public key is available to everyone in the organization and used to encrypt messages before they are sent. Each recipient has their own private key to decrypt their messages and access data. By using a separate, personalized key for decryption, a potential vulnerability is closed off.

Proper Key Management

After being created, encryption and decryption keys must be backed up and safeguarded. If they are stolen, accidentally destroyed, or allowed to expire, significant security vulnerabilities result.

Administrators should keep keys in a secure location and limit access to properly authorized parties only. There are key vaults and key managers available that can protect, generate, import and export, and rotate keys as needed.

Use Secondary Hardware Keys

Although data encryption is a superior form of protection, the possibility still exists that an intruder may recover a firm’s keys. If secondary hardware keys are available, use them, especially to protect stored data. This way, the information can only be deciphered using both the hardware key and the original backup hardware. This system is presently used in banking, healthcare, education, and other industries where confidentiality and data integrity are paramount.

Bottom Line

As Los Angeles investment firms and RIAs rely more and more on information technology, they need to focus their attention on cyber security. The SEC’s Division of Investment Management recently issued a guidance update emphasizing the importance of mitigating risks and suggesting protective measures, one of which was data encryption. Establishing a set of best practices will help RIAs comply with regulations and prevent breaches, which is a win-win situation. 

Does your investment firm encrypt its stored data and email communications? Let us know your thoughts in the Comments box below.

The IT Security Primer For RIAs eBook 



Craig Pollack

Craig Pollack

Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, business owners, and key decision makers leverage technology as efficiently and effectively as possible. With over 30 years of experience building the preeminent IT Service Provider in the Southern California area, Craig is one of the area’s leading authorities on how small to mid-sized businesses can best leverage and secure their technology to achieve their business objectives.