Data protection  

Advisers warn of security concerns in new technology

Advisers warn of security concerns in new technology

Advisers have expressed data security concerns over the use of video conferencing apps, which have been used widely during the Covid-19 lockdown.

Advisers forced to carry out client meetings via video conferencing apps, such as Zoom, Microsoft Teams, Skype and Facetime, among others have said they are worried over reports that some of these apps might not be entirely secure. 

Paul Stocks, financial services director at Dobson & Hodge, questioned how small businesses could realistically vet these global IT companies to ensure the correct security systems were in place.

Mr Stocks said: “The UK government was using Zoom and, as far as I’m aware, so was the UK military. While I haven’t used Zoom for a client meeting, the anecdotal evidence is that if such organisations are using it, it should be okay for a client chat – but how do I prove that?

“Ultimately, how can a small business vet global IT companies? How do I quantify whether Microsoft is more secure than Zoom or Facebook? This concern is exacerbated by these companies doing frequent updates, which could open vulnerabilities."

He said advisers needed the law to be their protector, yet the users of technology were seen as being responsible for the methods they use, not the big tech companies themselves. 

Zoom has come under fire recently after it was revealed that it had suffered a range of security and privacy related issues.

For example, the company had to fix a bug that would have allowed hackers to take over a Zoom user’s Mac and it also had to change some of its policies after a report found Zoom sent data from users of its app to Facebook for advertising purposes.

Andrew Pennie, marketing director at Intelligent Pensions, said all forms of client communication come with risks and advisers must put checks in place to ensure no breaches occur.

Mr Pennie said: “Video conferencing, like any other form of client engagement and communication such as post, telephone and email are all potentially vulnerable to hackers or theft and advisers must do their utmost to ensure their client data is protected and avoid falling foul of the GDPR regulations and potential fines.

“Given the current coronavirus lockdown, the demand and use of video conferencing facilities has gone through the roof. This exposed some weaknesses in the free-to-use Zoom software security which they have already taken steps to resolve and improve.”

But Dennis Murphy, cyber security and business threat specialist at law firm Gateley, agreed with Mr Stocks that technology providers should be responsible for ensuring no data breaches occur, rather than advisers themselves.

He said: “The vendors are ultimately responsible for ensuring their technology, and code, is continually monitored and any identified weaknesses are addressed immediately.

“Users should only be employing systems with advanced encryption; platforms that are domain based and more easily protected by the vendor; following strict company guidelines around video conferencing such as approved devices and approved levels of information that can be discussed; and turning cameras and microphones off when not speaking.”