Individuals and SMEs (small and medium-sized enterprises) turn to the financial services industry to help them invest in their economic future. Managing funds and controlling currency risk is what these financial professionals do, but sharing your information with a financial specialist carries its own amount of risk.
What types of information are shared? When opening or transferring accounts as an individual or SMB, personally identifiable information is inevitably passed between you and your financial services representative (and sometimes their support staff). This information includes and is not limited to:
- Name
- ADDRESS
- Social Security number
- Account numbers (eg, when making a transfer or transferring banks or credit cards)
- Birthdate
- Employment and income history
- Information on Current Assets and Portfolio
Much of this information is obtained in person or online through a secure website, but SMBs and individual clients often turn to their brokers, account representatives, and customer service personnel to answer specific questions about their accounts. . Increasingly, these information transactions are conducted electronically.
How can customer information be at risk if paperwork is done securely in person or through a secure web process? Personal Financial Information (PFI) can be compromised as you grow and build a personal relationship with your financial services professional. Sometimes the connection with a financial services company is made by phone, other times by email. It is the security of email communication between the client and the company/organization where their PFI is put at risk.
A quick question or a message sent to a financial services organization seems to go instantly from your computer to the recipient’s inbox. In reality, email messages make temporary stops along the way. As emails are routed by proprietary servers to their final destination, messages arriving at each of these stops are often stored and sometimes copied or even scanned before being sent to their final destination. Email security goes beyond being aware of today’s phishing scheme, where unscrupulous data thieves pose as someone from your trusted financial institution. Information interception is not just about who forwards your message, but also who can get hold of that message when it’s on its way.
Although financial firms are governed by government laws, restrictions and guidelines, sometimes they don’t seem to have concrete policies when it comes to email between the client and the firm’s employee. Compliance and risk officers who manage company policies must grapple with the nuances outlined by Sarbanes-Oxley, the Gramm-Leach-Bliley Act, and Securities and Exchange Commission (SEC) regulations. Each of these government-mandated policies dictate how your personal financial information (PFI) is handled digitally, but they do not describe the best method of protecting PFI.
Andy Purdy, acting director of the Department of Homeland Security’s National Cyber Security Division in a February 2006 interview with CNet/News.com identifies the importance of protecting PFI and other important digital assets:
“I think consumers, small businesses and large businesses and government are all important when it comes to reducing cyber risk. We’re trying to raise awareness among partners about responsibility and techniques consumers can use to help protect their systems. (1)
A customer’s PFI is a commodity that can be bought and sold on black market data warehouses. Digital thugs seek to harvest email information in a number of ways. What can individual customers and SMBs do to improve the situation while staying connected to their financial services company? Data encryption made it easy to protect sensitive information like PFI. If one of these black market digital thugs intercepts an encrypted message (unless they have somehow obtained the encryption keys), they will not be able to decrypt the message. If the email thug tries to crack any of the commonly used encryption algorithms, he probably won’t be able to do so in his lifetime.
Business owners and individual investors can work a lifetime to be financially successful and stable. Having sensitive information like one’s PFI at risk via email can destroy that financial stability.
The risk of communicating with these services can be contained by being aware of the risks of email, phishing scams, and using encryption tools to protect financial communications. Although quite broad in nature, financial services in each of its facets as a lender, investment manager or financing arm can go a step further in the economic success of its clients. The use of encryption tools allows the individual client or SME to remain in close contact with these managers of their financial future.
– – – – – – – – –
Final notes:
1.) Joris Evers, “Newsmaker: Locking down America’s Net Defenses,” February 16, 2006, CNet New.com – http://news.com.com