IRESS warns on cybercrime risk

IRESS senior business development manager Michael Kinens told ifa that advisers trading security for convenience could be leaving their client data vulnerable to cybercrime.

“What we’re seeing are moves towards convenience… but a blinkered perception of what that means in terms of things like security,” Mr Kinens said.

“We’re forgoing some consideration around how this might have a negative impact because it’s convenient to use.”

In particular, Mr Kinens said that cloud-based storage systems can often be unsecured environments and can present a risk to client data if sensitive documents are stored there.

Mr Kinens also added that the March 2014 changes to the Privacy Act mean that advisers need to be aware of where cloud-based data is being stored.

“The recent changes to our Privacy Act that just came about means that if an adviser is storing information outside of Australia, what they need to disclose to the client is that they are using such a service,” Mr Kinens said.

“They also need to disclose to the client that they’ve investigated what the differences are between our privacy laws and the foreign laws where the data is being held, and how they mitigate that risk.”

Mr Kinens said that other security measures that advisers could easily implement include changing passwords after staff changes and monitoring what information is distributed through email.

“A more manageable solution is that email is simply used to generically communicate with a client, but the critical and private, sensitive information that needs to be transmitted should be provided in a different fashion,” Mr Kinens said.

“I think ultimately advisers need to start considering that they have a lot of sensitive data on their clients, which they typically present in document that is just emailed out to them.”