Josef Caldaron, FGA, GIA GG
A Few Basic Tips for Keeping Client Data Secure
As members of NAJA, we already bear a responsibility to uphold strict client confidentiality; in this day and age where cyber theft and hacking are rampant and a serious issue, this logically extends to keeping our client information secure. While NAJA currently has not yet adopted official guidelines on security procedures, it is a relevant and extremely important topic that is worthy of being discussed. Before getting into some very basic tips and tricks for increasing security measures in your practice, at the most basic level your Wi-Fi router should have a firewall enabled in order to add a layer of protection against unauthorized access.
An appraisal report has four stages of action, where each stage presents its own potential for security issues. We should be cognizant of this and make an effort to protect our clients’ personal information during these stages. First, an electronic report/file is created, then approved/finalized, distributed to the client, and finally archived.
In creating file names and referring to a project in email correspondence, it could be beneficial to utilize a numbering system to identify the client instead of referring to the client by name. The client file is likely to be stored in a local computer environment during the work and editing stage, but once it has been finalized and distributed to the client, the file should be archived in a cloud environment. Files are more secure in a cloud environment due to the fact that cloud companies have far more advanced cybersecurity mechanisms.
The topic of e-signatures in files is also an important one, but first we must understand the difference between an electronic and a digital signature as we often hear these two terms being used interchangeably. However, they actually have different meanings. An electronic signature is a broader term pertaining to any electronic sound, symbol, or process attached to a record and executed by a person with the intent to act as signatory, whereas a digital signature is a form of an electronic signature which is a certificate‐based digital identification, predicated on a certificate issued by a trusted third‐party authority. With contracts, it is recommended to use a big-name, trusted format such as DocuSign, for example. Using such a known-entity platform has been proven to uphold greater validity in a legal setting. For electronic signatures that are attached to appraisal reports, watermarking is a simple feature that adds a greater level of security, which can be easily added in a program such as Adobe Photo Shop; electronic signatures should not be saved as an image.
When distributing a file via email, which is likely the stage where the greatest opportunity for hacking could occur, encryption, limiting access to a specific window of time, and password protection are all important security measures to help you keep your client data secure, and this can be performed with a platform such as Proofpoint. Other security best practices are: restricting unnecessary printing, forming complex passwords, and restricting unnecessary access to files in a work environment with multiple employees.
These tips are just a very basic starting point. With a bit of thought and planning, while utilizing the proper tools and platforms, securing client reports and data should become a routine part of your appraisal practice.