Warning for firms on security and procedures when taking data out of office
Financial technology business IRESS is highlighting the need for adviser firms to check their information security procedures to avoid risks to their business and potential fines.
The company recently took 50 adviser firms through its free technology audit service to find out if there are propositional and procedural gaps that could be holding firms back from growing profitably and safely.
Two of the most significant findings reveal gaps around information security and advisers’ readiness for GDPR.
More significantly, the company said, given the heightened information security, identity theft and high-profile cases of data protection breaches, only 30% of those firms who took part stated that they are prevented from taking client files out of the office.
Mark Loosmore, executive general manager for wealth at IRESS (pictured), said: “The risks involved in taking client files that include personally identifiable and sensitive information out of the office are clear.
“There have been high profile instances of misplaced files or stolen laptops resulting in data protection breaches and considerable reputation damage to the organisations involved.
“There really is no need for firms to open themselves up to this kind of risk. Using strong encryption through back office software, that allows you to securely access all relevant client data remotely in a GDPR compliant manner, firms can safeguard against these kinds of avoidable data breaches.”The key here is putting reasonable processes in place that limit the potential for the loss of client data contained in paper files or unencrypted hardware, such as laptops, tablets and mobile phones.”
IRESS also raised concerns around advisory firms’ readiness for GDPR. When asked if advisers would be ready for GDPR, 42% said they are, 28% said they were making progress and 30% stated they would not be ready.
Loosmore added: “Even if we assume that the 28% of those advisers who said they are working towards 25 May do meet the deadline, that still leaves three out of ten respondents who do not believe they will be ready for GDPR. Integrated software that can help adviser segment client data and manage communications efficiently are a vital piece of the jigsaw in helping advisers prepare for the new data protection rules that will be coming into effect.”
The seven core business areas covered in the audit were: back office use, fact find processes, the use of advice tools, quotation and new business services, compliance, management information and client portals.