Enzumo - XPLAN Customisation + Solutions
The largest + most experienced independent XPLAN consulting group in Australia
0
Enzumo - Advice Technology Experts.jpg

Learn how technology can bring efficiencies

Find out what our financial adviser clients are doing, how they’re getting efficiencies from technology and how we find simple solutions for complex situations.

How do you ensure you're effectively protecting your client data?

By Michelle Leversedge, Senior Advice Technology Consultant, Enzumo

One of the most talked about topics right now is cyber security. Protecting client data is not only a priority for many advice practices, it's also an absolute necessity.

Every advice firm in Australia has the same standard issue - they have access to personal information about their clients, and hackers highly value it.

Not just financial information, medical information (insurance-related), and tax file numbers. All the standard data you need to provide ongoing advice to your clients and administer their financial assets. However, it also makes you a prime target for hackers wanting personal data to onsell.

There isn't a question about you wanting to protect client data to ensure your client's information is secure. Instead, the question is, 'does your practice have the right risk protection mechanisms to secure your client data?' 

Licensee data security frameworks

It is becoming more prevalent for licensees to set standards for their advisers concerning cyber security. They have oversight across the breadth of the licensee and can see what happens when the risk management mechanisms aren't there, so they have a duty to ensure there are sufficient processes and controls to help reduce the risk of a potential data breach.

Some of the simple steps we often see enforced to better secure client data include:

  • Training for all staff on cyber security risks

  • Policies for meeting minimum security standards

  • Policies around sending client documentation

  • Client data storage recommendations

  • Online access best practices 

These steps are not only essential to protect client data, but they also protect the ongoing availability of PI insurance for all members.

Begin with the location you store client data

It makes sense to ensure where you keep the majority of your client data has the highest level of security. Keeping your XPLAN system secure is the most crucial step in the fight against cyber hackers.

If the worst were to happen, ensuring you have some of these steps implemented can also mean you have the ability to track how they gained access. Knowing the user login details used to gain access to the system could be important if a data breach culminates in a legal case by the clients affected.

We've created some simple steps to follow, which can make it much more difficult for hackers to gain access to your XPLAN system. Of course, these tips are just part of the force field you must create around your client data, but they are a practical start to the process:

  • Never disclose your login and password details to anyone outside your practice (create new user access if required)

  • When a staff member leaves, make sure you change their password immediately (include it in offboarding processes)

  • Review your Password Configurations under System Settings – this is where you can apply minimum requirements for passwords

    • For example, password strength score, a minimum length for a password, enable rules on the character types and also password expiry timeframes

  • Set up Account Denial Policy - this is where you can lock a user out when they have a certain number of failed attempts within a specific timeframe

  • Activate Two-factor Authentication for all users - this can often stop hackers from getting to the next stage of entry

  • Consider using XPLAN Client Portal - emailing documents with sensitive client information can be a very high-risk activity. Instead, consider using the Client Portal, which is not only more secure but a better client experience  

  • Utilising User Groups to limit access to clients or restrict access for external paraplanners so they only see the client information for current projects

Strengthening access points to your business

Conducting a mini-review of all aspects of your business concerning client data is a good approach to finding security gaps. Cyber attacks happen when business practices break down, processes get a bit lazy, or you forget elements of your business (e.g. the many tech tools you use).

Here are some suggestions for you to review at the business level: 

  • Assess what systems you're using and where you are storing your client information - if you are keeping client information in multiple systems or locations, now would be the time to transfer them out of those locations and hold them only in XPLAN

  • Ensure that all staff have their own user login and that you aren't sharing access across team members

  • Use a password manager for all passwords instead of a spreadsheet or notebook to store passwords - you can also provide access to external parties when required via the tool without them knowing the actual password details

  • Use a password generator for all passwords - this means you aren't using the same password for all your logins; it's highly secure and automatically stored within this tool

  • Use multi-factor or two-factor authentication for all logins where available

  • When replacing technology devices, ensure that all information is securely wiped before they are recycled or disposed of

There are also some measures you can bring in to educate your team and ensure they're adhering to appropriate cyber safety frameworks:

  • Don't click on any email links if unsure what it is - check with the sender via another method (phone) or go directly to the website

  • Always lock your computer when you leave your desk

  • Ensure all software on your devices are current and up to date

  • Make sure client files are not left on your desk and are stored securely overnight

  • Use a secure destruction service or shredder to destroy sensitive information

  • Confirm client email requests, especially if they request a withdrawal or bank account change (via phone)

Being cyber-safe in your business is not a static state. The hackers are constantly updating and changing the ways they steal client data, and you have to evolve just as quickly.

With a series of measures such as these, it's much easier to build on them as needed. Prevention is better than cure with cybersecurity, so stay vigilant and prepared for the worst.

If you need assistance with making changes to your current XPLAN security settings, please get in touch with our team for guidance.

Enzumo Team