Individuals and SMBs (Small / Medium Businesses) look to the Financial Services Industry to help them invest in their economic futures. Managing funds and controlling monetary risk are what these financial professionals do, yet sharing your information with a financial specialist has an amount of risk itself.
What types of information are shared? When accounts are opened or transferred as an individual or SMB, personal identifying information is inevitably transmitted between you and your financial services representative (and sometimes their support staff). This information includes and is not limited to:
- Social Security Number
- Account Numbers (eg when doing a rollover or transferring banks or credit cards)
- Date of Birth
- Employment History and Income
- Current Assets and Portfolio information
Much of this information is done in person or online via a secured website, but often SMBs and individual clients look to their brokers, account representatives and customer service personnel to answer specific questions to their accounts. More and more, these information transactions take place electronically.
How can client information be at risk if the paperwork is taken care of safely in person or via a secured web process? Personal financial information (PFI) can be compromised as a one-on-one relationship with your financial services professional grows and builds. Sometimes connecting with a financial services firm is done on the phone, other times via email. It's the security of email communication between client and firm / organization where your PFI is put at risk.
A quick question or message sent off to a financial services organization appears to instantaneously pass from your computer to the recipient's inbox. In reality, email messages make transitory stops along the way. As emails are directed by proprietary servers to their final destination, messages which arrive at each of these stops are often stored, and sometimes copied or even scanned before being sent on to their final destination. Email security goes beyond being aware of the current phishing scheme, where unscrupulous data thieves pose as someone from your trusted financial institution. Information interception isn't just about who forwards your message on, but is also about who may seize that message when it's en route.
Financial firms though guided by government acts, restrictions and guidelines sometimes don't appear to have concrete policies when dealing with email between client and the firm's employee. Compliance and risk officers to who manage the firm's policies must deal with nuances outlined by Sarbanes-Oxley, Gramm-Leach-Bliley Act, and Securities and Exchange Commission (SEC) regulations. Each of these governmental mandated policies dictate how your personal financial information (PFI) is handled digitally, but don't delineate the best method of PFI protection.
Andy Purdy, acting director of the National Cyber Security Division of the Department of Homeland Security in a February 2006 interview with CNet / News.com identifies the importance in protecting PFI and other important digital assets:
"I think consumers and small businesses and large enterprises and the government are all important when trying to reduce the cyber-risk. We're trying to raise awareness with partners of the responsibility and techniques consumers can use to help secure their systems." (1)
A client's PFI is a commodity which can be bought and sold on black market data warehouses. Digital thugs look to harvesting email information in a variety of means. What can individual clients and SMBs do to ameliorate the situation while staying connected to their financial services firm? Data encryption easily facilitated process of securing sensitive information like PFI. If one of these black market digital thugs happens to intercept an encrypted message (unless they have somehow gotten the encryption keys) they will not be able to decipher the message. If the email thug attempts to break any one of the commonly used encryption algorithms, they likely wouldn't be able to do so within their lifetime.
Business owners and individual investors can work a lifetime to become financially successful and stable. Having sensitive information like one's PFI at risk via email can shatter that financial stability.
Risk in communicating with these services can be contained through being aware of email risks, phishing scams and using encryption tools to secure financial communiqué. Though quite broad in nature, Financial Services in each of its facets as lender, investment manager or funding arm can take an additional step in their client's economic success. Using encryption tools enables the individual client or SMB to stay in close contact with these stewards of their financial future.
– – – – – – – – –
1.) Joris Evers, "Newsmaker: Locking down America's Net defenses" 16 February 2006, CNet New.com – http://news.com.com