A portal can also be used as a permanent storage vault for important documents. And though a portal requires clients to maintain another set of log-on credentials, RIAs tend to find them relatively easy to use.
While client portals offer more security than texting, they have several drawbacks. The lack of security on the client’s side can leave the portal vulnerable to breaches. In fact, portals typically leave copies of files on individual computers, which may be unencrypted, meaning the data can potentially be accessed by intruders.
Also, most portals store files without scanning them, which means they could download viruses. Meanwhile, auto syncing tools, which automatically synchronize files to a vault as well as to a client’s own computer and vice versa, bypass the security measures in place on the devices and servers. This means that they directly send and receive files, including those with viruses or malware.
RIAs can work around this by also using a vault that scans uploaded documents for viruses.
Simply storing identifying client personal information on a public vault can also expose that information to a hack. But by adding an additional level of encryption to the file, the level of security increases at the file level, as well as at the vault level and on the client’s personal computing devices.
Though the cost of portals is fairly inexpensive, most do not offer the full archiving capabilities necessary to show adherence with the OCIE’s archiving and data loss prevention recommendations. Very few portals offer users the ability to back up to previous versions, so RIAs still need some type of archiving solution that allows them to retrieve earlier versions of files.
E-mail is the most commonly used form of client communication, so it is also the most exposed to hacks and data breaches. But with the right data encryption tools in place, it is actually e-mail that can be the most secure way to transmit and archive data and a client’s personal information.
Surprised? Don’t be. A cottage industry has grown up around securing e-mail, which means that encrypting, sending, receiving and archiving it are at least as secure as using a client portal, and maybe more so.
Some RIAs have said it can be difficult to know when to send encrypted e-mails, and the process has historically been cumbersome and inconvenient. But things have changed for the better. Today, some software can scan e-mail contents before sending them to determine whether encryption is even necessary. Users could also simply encrypt all their e-mails.