Best practices for the work-at-home advisor

Like many other white-collar industries, financial-services firms are taking crash courses on how to implement work-from-home workforce setups. With those measures, they’ve mitigated the risks of COVID-19 to their business — though now they have to consider other threats.

“What you have when you go to this remote workforce is suddenly a much broader surface area that you need to be protecting, and you are going into home environments,” said Brian Hengesbaugh, a partner at Baker & McKenzie’s global data privacy and security practice, in a report by WealthManagement.com.

As bad actors work double time during the pandemic, firms must exercise vigilance by being wary of phishing emails and upping their password security to all applications, email accounts, and devices. This is particularly true as more professionals use personal devices to remotely serve their clients.
Advisors must also make sure their machines are protected against malicious programs such as viruses, spyware, malware, and ransomware. That means installing the appropriate cybersecurity suite, and making sure they’re updated with the latest patches from the original provider.

Strong encryption is also critical for devices that contain sensitive client information, such as financial statements, annual reports, or any other document with personally identifiable information. For that reason, advisors are better of going with pro or premium versions of most email offerings, which have encryption turned on by default, rather than the free versions.

“If you have not already done so, or if it has been a while, check the security of your home WiFi network,” the article said. Assigning a unique password to the WiFi network reduces the chances of external parties’ accessing it and minimizes risks of exposing confidential data.

To provide an extra layer of security, many might consider using a virtual private network. But in a separate report by ThinkAdvisor, Wes Stillman, CEO of cybersecurity and IT management firm solutions provider RightSize Solutions, said that those products come with their own risks.

“[Some of them] will slow your internet connection down and may prevent access to some sites that you need to access,” he said in a recent webcast. Privacy statements should also be examined, he added, as some VPN providers may sell their users’ information to third parties.
Those working from a home setup might also want to consider using conditional access, which “ensures that only those compliant and known devices can be used to access things like your email, files and applications.” That can provide a valuable secondary wall in case someone falls victim to a phishing attack and accidentally divulges their credentials.

One option for advisors not using a compliant device, Stillman said, is to use virtual desktops.

“It puts another layer between you and the bad guys,” he said, though he noted that they require good internet connectivity to function properly.

Follow WP on Facebook, LinkedIn and Twitter