Is your Los Angeles investment advisor firm protecting sensitive client information with data encryption?
For investment firms, data protection is more than a company-mandated directive: it’s the law. Failure to protect sensitive information can result in loss of business and substantial financial penalties from FINRA and the SEC.
There are several security mechanisms available, such as firewalls, complex passwords, and anti-virus software. However, when it comes to guarding financial information, data encryption needs to be part of the arsenal.
The benefits of encrypting data include:
- Enhanced Security: Powerful yet affordable, data encryption helps an investment firm set up military-grade information security.
- Portability: Encryption will protect important data no matter where it is stored. If an RIA’s smartphone or tablet is lost or stolen, encrypted files will be extremely difficult for intruders to access.
- Transparency: Encrypting your data has no adverse impact on efficiency: crucial information is quietly secured in the background while the front end business interactions go on as usual.
Behind the Scenes
Encryption allows information to be hidden from unauthorized parties. It uses an algorithm called a cipher to turn text into a series of random characters that require a special key to be decrypted and read.
Many investment firms use what is known as “asymmetric” encryption. It uses two keys, one “public” and the other “private”. The public key is available to everyone in the organization and used to encrypt messages before they are sent. Each recipient has their own private key to decrypt their messages and access data. By using a separate, personalized key for decryption, a potential vulnerability is closed off.
Proper Key Management
After being created, encryption and decryption keys must be backed up and safeguarded. If they are stolen, accidentally destroyed, or allowed to expire, significant security vulnerabilities result.
Administrators should keep keys in a secure location and limit access to properly authorized parties only. There are key vaults and key managers available that can protect, generate, import and export, and rotate keys as needed.
Use Secondary Hardware Keys
Although data encryption is a superior form of protection, the possibility still exists that an intruder may recover a firm’s keys. If secondary hardware keys are available, use them, especially to protect stored data. This way, the information can only be deciphered using both the hardware key and the original backup hardware. This system is presently used in banking, healthcare, education, and other industries where confidentiality and data integrity are paramount.
As Los Angeles investment firms and RIAs rely more and more on information technology, they need to focus their attention on cyber security. The SEC’s Division of Investment Management recently issued a guidance update emphasizing the importance of mitigating risks and suggesting protective measures, one of which was data encryption. Establishing a set of best practices will help RIAs comply with regulations and prevent breaches, which is a win-win situation.
Does your investment firm encrypt its stored data and email communications? Let us know your thoughts in the Comments box below.