In recent years, regulators have made it clear that cybersecurity is a major focus of examinations and risk assessments of wealth management and advisory firms. Compliance isn’t the only reason to be concerned about security, however. Firms have a fiduciary duty to protect their clients’ confidential personal and financial information. What security experts call PII – personally identifiable information, such as social security numbers, birth dates, account numbers and other highly sensitive data – is the prime target of cyberthieves. The theft of such data could have dire reputational and financial consequences.
And where does most of the client PII collected by your firm reside? Most likely in your CRM system. That’s why it’s critical to select a system that has powerful security functionality to mitigate against network-borne threats and breaches.
Chief among the features you’ll need is multi-factor authentication or MFA to create security layers. Firms should have policies requiring strong passwords for CRM users combining upper- and lower-case letters, numbers and symbols in unrecognizable patterns. Use a trusted password manager for guidance.
Hand in hand with MFA are designated user roles, allowing staff members access only to areas of the CRM that pertain to their roles and the data they need for their particular duties. The solution should incorporate security alert capabilities to detect and prevent unauthorized access.
Best security practices cover not just software, but hardware as well. Mobile access to a cloud-based system drives greater staff productivity, but the smartphones and laptops used to access your system are vulnerable to theft and hacking. Be sure all devices are authorized and incorporate strong encryption to prevent unauthorized access via a stolen device. For added protection, restrict the types and amount of data that can be downloaded to a device and stored locally.
Many of the measures for safeguarding a CRM fall into the general security framework that all firms should have by now, including routine risk assessments of all systems and network connections. This also includes staff training on the handling of sensitive client information and industry best practices. Most successful breaches result not so much from the ingenuity of hackers, but from their ability to exploit employee negligence and carelessness.
As for firms that are still using spreadsheets or generic databases to track client information, it is time to recognize that your most sensitive data – and your most valuable from a cyberthief’s perspective – is at extremely high risk. Look into a purpose-built CRM with strong security functionality that can stand up to regulatory scrutiny and ensure that your most important assets – your clients – are well protected.
SS&C Salentica’s CRM solutions are built on two industry leading CRM platforms, Salesforce and Microsoft® Dynamics 365. Microsoft Dynamics leverages the Microsoft Azure cloud service platform, which includes a wide array of custom-configurable security options covering data access, privacy and controls, compliance, and overall platform security. Salesforce builds extensive security functionality into its platform, including two-factor authentication and login IP ranges to prevent invalid or unauthorized login attempts.