As technology advances, so do the risks of cyber attacks on businesses. This is especially true when multiple systems are used that require the transfer of client data.
It’s important to have measures in place to mitigate these threats, not only to protect your advice practice but your clients as well.
XPLAN has a number of features that you should consider configuring into your site to mitigate these threats
2-Factor Authentication (2FA) is an extra way to add more security to verify user’s identity and prevent external threat. It combines a piece of information such as passwords or security questions that you have set up before based on the device or browser you’re using. Sometimes that second factor might involve identifying a picture selection of an object or a code sent via SMS, email or a phone call
For XPLAN users, you are able to use email authentication or an authentication app such as google’s authenticator. In this example, once you log in, you open the app and it will provide the code to enter into XPLAN. This method is particularly useful when multiple people must use the login eg. paraplanners etc.
2FA is an essential security feature we recommend all our licensee clients consider because it immediately neutralises the risks associated with compromised passwords. If passwords are hacked, guessed, or phished, that alone denies access to intruders. The password itself is useless without the authorization of the second factor.
Login Security
XPLAN has a number of system setting pages related to account passwords and access control that you should review and update for your firm.
Login security helps to ensure the integrity of your user logins.
While it is hard to keep all accounts safe from cyber risks, XPLAN users have ways to strengthen and secure your login credentials such as:
Setting a strong password containing lower and upper case letters, numbers, and special characters and it must not be too short. Xplan uses a ‘Password strength score’ algorithm and all sites will be forced to a minimum acceptable password strength of medium. Also, disabling the character type rules is essential to avoid conflict with the password strength score algorithm.
Password reset rules are also important to consider:
How many time should a password attempt be allowed
How long should a user be allowed to be online with no activity? XPLAN can automatically log off users who are not actively online. Not only is this a security feature it also protects your clients from privacy breaches should a staff member forgetfully goes to lunch leaving their XPLAN screen active with client information on display.
Legacy passwords – while it can be a pain to have to come up with unique passwords all the time, XPLAN can police the number of times you can use a password you have used before.
Put a security policy in place
As we are becoming more dependent on the digital world, it becomes imperative for every practice to have their own login security policy. Login security is designed to protect individuals and businesses from exposing the personal data of millions of people, financial loss and identity theft.
Don’t forget, it can damage the reputation of a financial advice business if you are not able to control these cyber risks. Clients may lose trust in your firm, and the negative publicity can deter potential clients from seeking financial advice from your business.
Having the right security and prevention policies in place can reduce the opportunities for hackers and minimise any fallout you or your clients may suffer.
Here at Planfocus, we work with you on your plan to lock down your XPLAN site and make it more secure for you and your client information. Call us now on 1300 361 973 for a confidential discussion.
