One of the chief responsibilities of any financial services provider is to secure clients’ personal and financial information. Not only is a privacy breach detrimental to your relationship with the client, it can lead to significant fines and other consequences from the government and industry regulators – as well as major losses for your client.
With so many data breaches in the news, your clients are probably more concerned about your data security protocols than ever before. It’s your job to reassure them that you are taking all necessary steps to keep their information safe from prying eyes. It’s all part of the all-important process of building trust with your clients, and establishing a strong working relationship.
Most of your clients are going to inquire about the security and privacy of their data, but even if they don’t, you should be prepared to provide information about your data security plans and how you keep your data safe. The following are some strategies that you can use to provide that assurance to your clients.
Address Physical Security
Most people think of data breaches as being something that takes place via hacking, but the fact is, many of the largest and costliest breaches were a result of lax physical security. In other words, data was accessed via stolen laptops or other mobile devices, or otherwise accessed inappropriately. You can show clients that you take physical security seriously by:
- Locating your office in a well-lit, high traffic area. If you rent space in an office building, choose a building with a reception/security check in, and limited access at night and on weekends.
- Ensuring your reception area is always staffed.
- Escorting clients and visitors to private meeting rooms, and keeping doors closed to ensure privacy. If meeting rooms aren’t available, meet in your office.
- Locking filing cabinets, and using password protection on fax machines and computers.
- Each of these practices sends a subtle message to clients that you take security seriously — and you will protect their data as carefully.
Provide Written Information About Security
When you first meet with clients, provide a detailed outline of the security measures you use to protect client information. This could include a detailed flow chart outlining your levels of security, information about the technology you use to protect data, and outlining what companies you work with that help ensure compliance and security and any IT security certifications they hold.
Provide Secure Email
Chances are you will be communicating with clients electronically, but that presents some risk. Invest in a secure email service that encrypts all messages between you and your clients.
Also, follow best practices for client access to their accounts. This includes requiring strong passwords, automatic logouts, and locking accounts after a defined number of failed log-in attempts. In addition, require clients to authenticate their identity when they call for information.
Keep in mind, if you collect any type of payment information over the phone, PCI DSS requires that you have a PCI compliant call-recording system that does not store any sensitive authentication data. Be upfront with clients about when and why they may be recorded, and what you will do with those recordings.
Be Clear About How Information Will Be Used
Any time you collect any type of personal data from clients, inform them about how you plan to use the information, and the circumstances in which you will be accessing the information. People tend to be more comfortable giving out information when they know how it will be used, and if you are upfront from the beginning, they are more likely to trust you.
Discuss Information Disposal
Clients will most likely want to know what you plan to do with their information if/when they are no longer clients. Explain your policies and procedures, including what data you must keep and for how long, and how you will destroy information when it is no longer needed.
Reassuring your clients about the security of their data is mostly a matter of providing information and being honest and transparent about why, how, and when you will be collecting and storing information. Providing – and following through on – this information can help establish a foundation of trust that leads to a long, fruitful working relationship.
Jennifer French is a content coordinator who assists in contributing quality articles on a variety of financial and business articles.