Content area
Full Text
Think you're too small to be noticed? Think again.
If your clients have inquired recently about how you protect their confidential data, their concern is understandable. A Department of Justice survey estimates that 3.6 million U.S. households were victims of identity theft in 2004. Trafficking in personal data goes beyond U.S. borders: the New York Times reports that stolen financial information is often distributed among participants of online trading boards, and the buyers are frequently located in Russia, Ukraine, and the Middle East.
One reason clients are concerned about data security is the widespread publicity generated by breaches at financial services firms. In late December 2005, an Ameriprise Financial employee's laptop that contained unencrypted data on approximately 230,000 customers and advisors was stolen from a car. Fidelity Investments reported in March of this year that a laptop with data on 196,000 current and former Hewlett-Packard employees was stolen from an off-site location. Other financial services firms, including Citigroup and Bank of America, also acknowledged large-scale customer data losses in 2005.
If you believe that your firm is too small to attract criminals' attention, think again. Peter Emmel, network services manager with technology consultants IND in Parsippany, New Jersey, says that all businesses today, even very small operations, are at risk because software allows hackers to probe millions of potential targets in a single day. The risks extend beyond computer networks, as well. IND analyzed the phone system of a business with ten employees and found that unauthorized users had hacked the phone system, resulting in over 14,000 minutes of international phone calls without the company's knowledge.
There's also the compliance elementprotecting client data security is not an optional business practice. Rita Dew, president of NCS, a compliance consulting firm in Delray Beach, Florida, says that the Securities and Exchange Commission requires investment advisors to have policies and procedures that address administrative, technical, and physical safeguards related to client records and information.
Securing the Premises
Break-ins that originate online receive the most media attention because of the intriguing high-tech component. But as the Ameriprise and Fidelity incidents show, your data faces just as much risk, if not more, from old-fashioned physical theft. Consequently, your data security plan should consider the risks of physical theft and...