Rich people have more to steal, and identity thieves are going after the cream of the crop. That means advisors must do a better job of protecting client information, because people with investment portfolios, quite simply, are the “target market.”

Katherine Vessenes, a U.S.-based consultant who helps financial services firms improve their data security and overall operations, notes identity theft is not yet a crime in Canada. Criminality only happens when that theft is combined with other fraud. While reported cases of ID theft are rising rapidly in the U.S., the trend hasn’t hit Canada as hard. “So now is the time to start protecting your clients,” she told advisors attending a session at Mackenzie University in Toronto this week.

To make her point, Vessenes told a chilling story. Recently, she and her husband were in a lawyer’s office arranging the estate details of a parent who had passed away. Her husband needed to e-mail a file that was on his laptop to the lawyer, so he hopped on the law firm’s WiFi while sitting in the conference room. As soon as he signed in to the wireless Internet hot spot and opened a web browser, he found he had access to every file in the firm’s networked database.

To an identity thief, such an unprotected database is a goldmine. To the company failing to install data protections, it’s a lawsuit waiting to happen.

And advisors are equally vulnerable, says Vessenes, because they have all the intimate details on file — tax returns, credit information, SIN numbers, and perhaps even the mother’s maiden name. She offers a few tips on protecting client’s files:

  • Lock those filing cabinets and put someone in charge of file management. Make advisors sign out client files and return them as soon as they’re done using them.
  • Improve passwords by making people add numbers or symbols. Thieves that gain access to a firm’s computers can run a dictionary programme that tries word after word until it cracks into the system. Single words are no longer secure enough.
  • Keep client data on networks and not on hard drives, because thieves often take computer hardware and dissect the contents later. Laptops especially are easy to snatch.
  • Run background checks on all new hires and consider hiring a private detective agency to make inquiries.
  • Consider terminating at-risk employees — those with gambling or drinking problems — no matter how much they produce.
  • Send statements electronically. Thieves troll rich neighbourhoods by day and rifle mailboxes for information that can facilitate ID theft.
  • Shred anything you don’t need. If it’s sensitive and you don’t need it to run someone’s affairs, destroy it or return it to the client.

Filed by Philip Porado, Advisor’s Edge, philip.porado@advisor.rogers.com

(04/07/06)