Securing online financial data3 min read . Updated: 30 Jul 2018, 10:16 AM IST
Whether you use a free or paid service to record and monitor your financial data, vigilance is key for data security
Milton Friedman, a prominent economist, titled one of his books: There’s No Such Thing As a Free Lunch. When even the government’s free mid-day-meal scheme for public school children has pre-conditions on enrolment and attendance, how confident are you that your free financial software is actually “free"? The real question would be: Is what you save in money terms worth what you lose in terms of privacy of your data? Of late there has been global brouhaha over Facebook user-data being hacked for market research or political reasons, and national debates on security and data privacy of Aadhaar. Yet thousands of educated, affluent Indians continue to blithely use free financial software and online portals to record their financial data and track their investments. We are a society that loves only one thing better than a good bargain, getting anything “free".
There is always a cost to developing or providing any product or service. If you are not paying for the product, then most likely you, or your data, are the product.
Here are a couple of checks to help secure your online financial data. None of them are fool-proof, several of them cost money, and every layer of security helps increase your data privacy.
Secure websites (https): Websites with Secure Sockets Layer (SSL) certification will have a web address beginning with https. These sites establish an encrypted link between the web server and browser to transfer information securely. Non-SSL sites, web addresses beginning with http, are susceptible to phishing and eavesdropping over unsecured Wi-Fi connections.
Private cloud: This is more secure than a shared database. When multiple clients’ data is stored on a shared database, it increases the risk of data breach and malware attacks.
Secure document storage: Keeping virtual copies of financial documents is a good practice, if the storage is secure and conforms to the above two preconditions. Certain financial tools also allow documents to be linked to transactions, making it easier to trace them when needed.
No access to user data: Read the fine print. Free tools often access your information for data mining to advertise targeted financial products and advisory services. The alternative is a paid service or tool that provides a service platform with virtual private data lockers and, therefore, has no access to your data.
Separate tracking from executing: Separate financial transactions from financial monitoring. This allows you to consolidate all your financial data on to a single platform, without giving a third party access to any of it. Pure analytics platforms do not allow users to transfer money, or trade financial assets, nor do they try to increase their revenue through advisory and transaction commissions.
Two-factor authentication: Under this, along with the standard username and password, a secondary requirement or another authentication layer has to be confirmed or passed before a user can access an account. Secondary authentication can range from logging in from a secure, registered device to entering an auto-generated code sent to a mobile phone. Other additional security features include alerts in case of failed login or login from an unusual IP address, browser, desktop, or others.
Traceability features: Secure tools provide audit trails to identify changes made, with the ability to trace which user made the change and when. This helps deter data fraud, identify unauthorised access and pinpoint responsibility for changes to data.
Whether you use a free or paid service to record and monitor your financial data, your own vigilance is a key factor for data security. For your own protection, do not turn off any security features provided, even if they feel like a hindrance. Wherever possible, choose default settings of time-out and auto log-out. Ensure that you have a strong password, do not share it with others or use the same one across multiple sites, and never let browsers remember it. If you are advised of a failed login attempt that is not your own, change your passwords immediately.
The decision is yours; do you want to be the product or are you willing to pay the price for privacy?
Chirag Nanavati is the managing director, Asset Vantage, a wealth management software solution provider