Advisers forced to carry out client meetings via video conferencing apps, such as Zoom, Microsoft Teams, Skype and Facetime, among others have said they are worried over reports that some of these apps might not be entirely secure.
Paul Stocks, financial services director at Dobson & Hodge, questioned how small businesses could realistically vet these global IT companies to ensure the correct security systems were in place.
Mr Stocks said: “The UK government was using Zoom and, as far as I’m aware, so was the UK military. While I haven’t used Zoom for a client meeting, the anecdotal evidence is that if such organisations are using it, it should be okay for a client chat – but how do I prove that?
“Ultimately, how can a small business vet global IT companies? How do I quantify whether Microsoft is more secure than Zoom or Facebook? This concern is exacerbated by these companies doing frequent updates, which could open vulnerabilities."
He said advisers needed the law to be their protector, yet the users of technology were seen as being responsible for the methods they use, not the big tech companies themselves.
Zoom has come under fire recently after it was revealed that it had suffered a range of security and privacy related issues.
For example, the company had to fix a bug that would have allowed hackers to take over a Zoom user’s Mac and it also had to change some of its policies after a report found Zoom sent data from users of its app to Facebook for advertising purposes.
Andrew Pennie, marketing director at Intelligent Pensions, said all forms of client communication come with risks and advisers must put checks in place to ensure no breaches occur.
Mr Pennie said: “Video conferencing, like any other form of client engagement and communication such as post, telephone and email are all potentially vulnerable to hackers or theft and advisers must do their utmost to ensure their client data is protected and avoid falling foul of the GDPR regulations and potential fines.
“Given the current coronavirus lockdown, the demand and use of video conferencing facilities has gone through the roof. This exposed some weaknesses in the free-to-use Zoom software security which they have already taken steps to resolve and improve.”
But Dennis Murphy, cyber security and business threat specialist at law firm Gateley, agreed with Mr Stocks that technology providers should be responsible for ensuring no data breaches occur, rather than advisers themselves.
He said: “The vendors are ultimately responsible for ensuring their technology, and code, is continually monitored and any identified weaknesses are addressed immediately.
“Users should only be employing systems with advanced encryption; platforms that are domain based and more easily protected by the vendor; following strict company guidelines around video conferencing such as approved devices and approved levels of information that can be discussed; and turning cameras and microphones off when not speaking.”
Mr Pennie agreed that encryption mechanisms are needed to offer advisers extra protection.
He added: “Our video conferencing supplier uses encryption mechanisms and protocols to protect client confidentiality and data.
“They also supplied us with a white paper on web conferencing security when we were completing our due diligence which provided reassurance on the security and integrity of the software.
“The challenge, like so many things to do with technology, is finding a system that is compatible with all your clients' different technology and software and is simple for everyone to use.”
Tim Morris, independent financial adviser at Russell & Co, said although he feels more comfortable sticking to emails he understands that the world is changing and increasingly technology will be used more in day to day processes.
Mr Morris said: “I feel more comfortable using Skype for clients. I’ve used this in the past and feel it is relatively secure.
“Saying that, other than password protection, I couldn’t say for sure how secure Skype is - if at all.
"We have to communicate securely by email. The main risk of breach is being hacked. I feel more comfortable with email because it’s easier to limit what is discussed than it is in an interactive face-to-face conversation.
“This is an area where our business procedures are currently being adapted to this new world and required methods of working.”
Meanwhile adviser Billy Borrows has welcomed video conferencing and actually sees it as more secure than face to face conversations when discussing confidential client information.
Mr Burrows said: “We use video conferencing and have no problems.
"Video conferencing is much safer than meeting clients in coffee shops. If I had £1 for every adviser/client meeting I overhear in London coffee shops I would have free coffee all year!”
amy.austin@ft.com
What do you think about the issues raised by this story? Email us on fa.letters@ft.com to let us know.
