General
Is your clients' personal information secure?
As an advisor, you have access to personal information1 regarding your clients' health and finances—information they expect will be protected at all times. Part of your responsibilities is to ensure that steps are taken to protect all personal information in your possession.
Inadequate security measures increase the risk of personal information being lost, stolen, or shared with unauthorized parties, and can also increase your clients' risk of identity theft. If you possess personal information about your clients (on paper or in electronic formats), it is important to ensure that it is properly protected to keep it from being compromised (lost, stolen, or disclosed without authorization).
Therefore, in addition to physical security measures (e.g., locked filing cabinets, restricted office access, alarm systems, shredding of confidential documents), it is also key to implement adequate security measures when using the Internet, email, and electronic devices such as laptop computers, smart phones, and portable storage devices (e.g., USB keys, memory cards, and CDs).
Consider implementing the following effective and easy-to-use electronic security measures if you haven’t already:
- Equip your computers with antivirus software and a personal firewall2, and keep these up to date.
- Protect your computer by disabling the share function on files created using Windows products, especially if you use a cable modem or DSL (high speed phone line) to connect to the Internet.
- Change your passwords on a regular basis (and don't forget the one for your router!). Avoid using birthdates, your name, initials, or names of your friends and family when choosing a password.
- If you use a wireless router, ensure you have activated all relevant encryption and encoding options. For more information, refer to the user manual for your router or visit the manufacturer's website.
- Do not send personal information that hasn't been encrypted over the Internet. This information can easily end up on screens around the world in the space of a few minutes.
- Always take care when using unsecured wireless networks.
- Do not send personal information by unsecured email. It is currently impossible to guarantee the security of unsecured email messages.
- Activate a password-protected screensaver whenever you leave your laptop unattended.
- Don't leave your laptop unattended in public places or in your car.
What should you do if you think that personal information in your possession has been lost, stolen, or accessed by an unauthorized individual?
Immediately notify the person in charge of compliance for your general agent and any other related supplier that client information may have been compromised.
Useful links:
Top 10 Cyber Crime Prevention Tips - http://www.rcmp-grc.gc.ca/tops-opst/tc-ct/cyber-tips-conseils-eng.htm
Footnotes:
- What constitutes personal information?
Personal information is defined as any information concerning an individual that can be used to identify them, such as information about their finances, lifestyle, or health.
Examples of personal information include a person’s name, home address, phone numbers (home and cell), email address, social insurance number, and bank account number.
Employment information is not considered personal information, e.g., job title or position, work address, work phone number, and work email address.
- What is a personal firewall?
A personal firewall is software that blocks unauthorized access to a single computer connected to the Internet. It is particularly useful for users with permanent DSL connections (high speed phone line), cable modems, and dial-up access. Often included with antivirus software, personal firewalls run in the background and protect your system by preventing unauthorized access, filtering incoming and outgoing traffic, and warning the user of any attempts at access.