7 Client data protection tips to keep customers safe
In an era of ever-present cyber threats, building a strong security posture is necessary. Lawyers, accountants, financial planners, and everyone who deals with client data protection on any level needs to maintain such risk resilience, including the appropriate security systems, protocols, and controls in place necessary to protect our clients, our employees, and our own data and operations.
1. Audit your data protection practices
Don’t wait for a data breach to happen before you take your security protocols seriously. Under the PDPA in Singapore, it is every organisation’s responsibility to secure the personal data they possess. Non-compliance is a chargeable offence. An annual review of your systems by an outside firm is a good best practice for professionals who regularly handle sensitive information. And if you make your clients aware that you are doing this on an annual basis, it becomes additional value and security your clients will enjoy when they work with you.
2. Make sure your clients know about email security
If your clients are emailing you financial information, make sure they are aware that email might not be the best way to share sensitive data. When an email is sent, it stops in several locations (or servers) before it hits your inbox, so without encryption, hackers can intercept the email. This gives you an opportunity to develop a system that is secure for both you and your client’s data protection
3. Don’t ignore physical security
If your computer network is secure, but your staff isn’t careful about walking away from a computer with files open, those files are at risk. Something as simple as putting computers to sleep with a password when no one is at the desk is an easy first step. Other physical securities, like keeping locks on doors leading to any sensitive files, cable locks on computers to ensure they are locked to the desk, and keeping desks clean and tidy so that information can’t be misplaced or picked up by the wrong hands are other things you can do to avoid the theft of sensitive data.
4. Is your WiFi secure?
Make sure your WiFi network is secured with strong passwords and encryption protocols. It’s also a good idea to keep guest networks completely separate from your internal network.
5. Are your files regularly backed up?
If your computers suffer from a virus or malware attack, you can recover lost data if you conduct regular backups. Regularly backing up critical client data protection files is a good best practice and could be considered insurance against a hacker attack.
6. Prohibit employees from accessing client data on their personal computers
It’s just not a good idea for employees to use their personal devices to handle client information, and it can be a huge security concern. While there are policies you can put in place to limit the security vulnerabilities this may cause, it might be a better approach to simply keep all client data on your firm’s computer devices.
7. Encourage your clients to take an active role in monitoring their data security
A good first step is to make sure they understand the credit bureaus and how important it is to regularly monitor what is being reported about them and their businesses. It’s not uncommon for the public record to include mistakes, and regularly monitoring credit will allow your clients to find evidence of identity theft earlier rather than later.
Start by educating your employees on best practices for internet use and data protection policies. Teach them to avoid compromising activities and phishing scams. Classes and training videos can work, as long as they are up-to-date and held often. One lawyer even suggested subjecting your employees to internal phishing emails to catch users off guard and then following up by teaching them to avoid these kinds of risks in the future.
Moreover, consider using a password manager to help create and store strong passwords; grant information only on an as-needed basis; and change access rights when a critical employee leaves, especially if data is cloud-accessible.
You should also educate your clients on internet safety and data protection. Early on in your interactions, make sure they know about email security and encrypting sensitive communications. Encourage clients to be active participants in monitoring their data security.
Unsure of where to start your client’s data protection journey?
Privacy Ninja offers a slew of training sessions for both individuals and organizations. These sessions will empower you and your team to understand the nine core PDPA obligations. Additionally, these will value add to your organization by forming your PDPA steering committee. Start building trust among your clients and credibility for your organization by going through that much-needed training today. Click here to get started.