Smartphone security should be the No. 1 priority for advisers accessing client data on the go
August 10, 2015 by Alessandra Malito
As the shift to mobile transforms the financial services industry, advisers need to be aware of best-practice methods to ensure smartphone security.
Although data breaches and hacking into enterprise networks and desktop computers have been more publicized lately, advisers who use their smartphones to access client data are also highly at risk — and they may not even know it.
“I don’t think people think so much about securing their phones as they should,” said Steven Ryder, president of TrueNorth Networks, an IT consulting firm. “More and more people have them, so they are becoming more and more of a target for hackers.
“Security isn’t convenient, to have to type a password in on your mobile device, but it is important to do,” he added.
There were more than 1.3 million unique smartphone hacks from January to October 2014 — that’s a fourfold increase from the year before — according to a Kaspersky Lab report cited in a CNBC article. These hacks were attributed to the fact that smartphone users are using their devices to transfer money.
A Juniper Research report found annual transactions of online, mobile and contactless payments will jump to $4.7 trillion by 2019, up from $2.5 trillion in 2014.
According to another Kaspersky survey, 31% of the smartphones and 41% of the tablets used by respondents are not even PIN- or password-protected. Of those who responded, 28% are not aware of the existence of cyberthreats targeting mobiles, and 26% of those surveyed said they were aware but didn’t worry about it.
Even if advisers don’t jump on the mobile bandwagon immediately, they still need to be aware that the threat is real. There are a number of ways that advisers can stay safe when using their phones.
For one, Lorraine Ell, president and director of training at Excellat Consulting, a technology firm for advisers, said that it is imperative to be aware of which WiFi connection mobile devices are connecting to whenever an adviser is outside of the office.
“You never really know what WiFi service your phone is accessing,” Ms. Ell said. “When you’re outside of your office, I recommend you do not tap into a database of clients that may contain sensitive information using your cellphone.”
She noted that there is a difference between what types of data advisers are trying to view — if it’s just addresses and phone numbers, that’s fine, but anything containing Social Security, credit card or bank account numbers could become problematic.
Advisers should also be considering what apps they are installing, and what data these apps are accessing or tracking. Similar to how third-party vendors may have access to adviser information, so too can apps.
“Be aware of who you are giving your information too, just like on any social media site,” said Carlos Simoes, chief technology officer of CircleBlack, a portfolio-analysis program for advisers.
Then there’s the simplest — but perhaps most overlooked — of security strategies: having a password, or at least a four-digit PIN, to enable phone access. Mr. Ryder said that advisers can go a step farther by encrypting their phones.
Joel Bruckenstein, co-founder of Technology Tools for Today, an annual financial services technology conference, said that advisers should be proactive and set up a phone or tablet to take advantage of technology available to help in the event that it is lost or stolen.
“Just be aware that a lot of these devices get stolen,” Mr. Bruckenstein said.
His suggestion is to use Apple’s or Google’s services to find a lost phone, or one that lets an adviser remotely lock the missing device or wipe out all information stored on it.
“If there’s anything at all on there that has confidential data, when in doubt, just push that button,” he said.