Client Data


9 Tips for Securing Client Data in an Ever-Changing Cyber World

You work hard to earn your clients’ trust. To help ensure you keep it, you’ll want to be protective of their personal and financial information before, during, and after their transaction closes. 

This has become more challenging in the face of the increasing frequency of data breaches at firms of all sizes. Occurrences of breaches were up 40% last year across all industry sectors followed by the Identity Theft Resource Center. Additionally, incidents of hacking, skimming, and phishing are climbing, accounting for over 55% of all breaches. 

The Best Defense Is a Good Offense  

Protecting sensitive client information, starts with knowing what you have in your files and who has access to it. This includes account numbers on escrow payments, addresses, and employer information – all of which can be pieced together by a hacker to gain access to a client’s assets. 

To help prevent that from happening on your watch, here are nine best practices to help keep your clients’ information, along with your own agency’s sensitive data, safer.

1. Never assume. Make sure everyone in your office agrees to uphold the confidentiality of the information that circulates in your office.

2. Require security software on all devices and apps. With so much work done offsite using tablets, laptops, and smartphones, all devices should be checked periodically to ensure their security software is activated and up to date. This is true whether they are supplied by your business or are personal devices. Also, privacy settings should be set as high as possible. 

3. Use passwords. They may slow down response time, especially on your phone, but they help deter perpetrators. Also, consider changing passwords regularly, at least every three months. 

4. Make client data as inaccessible as possible. Close out of client relationship management tools and email whenever you leave your equipment unattended. Scamming, after all, is a crime of opportunity. It’s much harder to perpetrate on a device that isn’t up and running. For this reason, it’s also a good idea to keep the physical areas where you store sensitive data locked and monitored.

5. Keep track of thumb drives. As convenient as they are, removable data devices should not be used to store client information since they are so easily lost. When they are used, keep them secure and locked away.

6. Consider using encryption and password-protected access. When you are exchanging sensitive data through email, consider using encryption. There is software for this, but Google and Outlook also have options. Other programs allow cloud-based sharing through the use of passcode-protected logins. Even PDFs can now be saved with an option that creates password protection to keep the file confidential.

7. Get rid of what you don’t need. Old documents should be shredded. You can call a shredding truck to come to your office if you have a lot these files. For old computers and phones, be sure to erase their hard drives if they are still useable. Consider hiring this out to a reputable software service.

8. Know what to do if something goes wrong. Just like a disaster recovery plan covers physical perils like fires, floods, and storm-related damage, make sure your office has a plan that covers data breaches.

9. Pick up the phone. During 2016, the National Association of REALTORS® reported that hacker activity started to focus on transaction details, especially around closing dates. The scam involves sending emails with wire instructions to clients, which diverts the money into the hacker’s account. You may want to consider going back to communicating with clients the old-fashioned way – by phone or in person – when wire transfer information is involved. While you know that your devices are secure, you can’t secure those of your client.

The importance of keeping client data secure cannot be minimized. Putting strong safeguards in place and making sure to stick to them is the best recourse a professional in the lending and housing industry can have for protecting the private data of their clients.