• / Free eNewsletters & Magazine
  • / My Account
Home>Practice Management>Technology>Private, Secure E-mail a la Carte

Related Content

  1. Videos
  2. Articles

Private, Secure E-mail a la Carte

A new e-mail service shows promise for advisors.

Joel P. Bruckenstein, 03/11/2010

Over the last several years, advances in technology have offered us an ever increasing list of communications methodologies. There's instant messaging, texting, and social networking sites (such as Facebook, LinkedIn and Twitter). There are also video calls and video conferencing. For the time being, however, e-mail remains the communications backbone of many financial advisory practices. In many ways, though, e-mail is an imperfect business communications tool for advisors and their clients.

Advisors face a number of impediments when they try to use e-mail effectively. These include universal hurdles such as viruses and spam. Because of the regulated nature of the business, advisors also must deal with issues like oversight, monitoring, retention, and redundancy. Based upon the feedback I received at my recent Technology Tools for Today conference and a number of other events, it appears that advisors are finding satisfactory tools to address the above-mentioned issues.

Unfortunately, there are other e-mail-related issues with which advisors continue to struggle. There include: privacy, security, tracking, and differentiation. While there are services that provide varying degrees or combinations of privacy, security, tracking, and differentiations, few do all of these well. Those that are more comprehensive are often cumbersome (particularly for small firms) or expensive. Recently, I've begun testing ePostal Services, a new service that appears to offer an easy-to-use, comprehensive solution at a relatively low cost.

Perhaps the most pressing problem facing advisors who use e-mail today is that of security. When we communicate with clients, we are often dealing with private and confidential information. An advisor might send an e-mail or an attachment that includes a client's account number, Social Security number, driver's license number, insurance policy number, or other sensitive information. If an advisor provides a client website or portal, the advisor might send a client a user name and/or password. If the advisor sends any confidential information in an unencrypted e-mail, that advisor is looking for trouble. An e-mail message is the equivalent of an electronic postcard: many people might come in contact with the e-mail or postcard, and any of them can read it. Furthermore, with the proliferation of hackers out there, an unprotected e-mail message might be even more vulnerable than a post card.

There are many options for advisors who want to send a secure message to a recipient. Large firms can purchase integrated solutions that work pretty well, but they are expensive and they require IT expertise to install and support. Small firms are often confronted with cumbersome or limited alternatives. One option for smaller firms is to simply include all information in an attachment and then password-protect and/or encrypt the attachment. This method is effective protecting the data within the attachment if done correctly, but it can be a little bit cumbersome. Depending on the software one is using, creating, password protecting and encrypting the e-mail can be a multi-step process. For example, if I have a Micorsoft Word document that I want to send to a recipient securely using Adobe Acrobat, I'd first have to convert the document to a PDF file, and then I could secure it using a number of methods. I might encrypt the document using 128-bit encryption and then password-protect the document, attach it to an e-mail, and then send it to the recipient. Of course if I used this method, I'd need a way of supplying the password to the recipient, which can be rather cumbersome and problematic. Many advisors simply e-mail the password in a separate e-mail. This method is sub-optimal. If someone is monitoring your e-mail or that of the recipient, and they see an encrypted e-mail go by, they will no doubt look for a subsequent e-mail containing a password because they are aware that this is a common behavior. If the hacker locates the password, the contents of the encrypted e-mail will be available to the hacker.

Adobe provides a better security alternative: security certificates or digital IDs. The problem with this system for the casual user or small office is that they can be time consuming to set up and administer. Adobe Life Cycle Rights Management is yet another option, however users must have access to the appropriate server in order to make use of it so again, it is less than optimal for a small office that is communicating with clients and other related professionals.

Trumpet, Inc. sells a product called Attach Plus that is more convenient that Adobe Acrobat if you want to password-protect e-mail attachments. It offers attachment options. The first is essentially the password protected Adobe PDF file discussed above. The advantage that Attach Plus provides is that it allows the sender to create the e-mail and the attachment faster, with fewer steps. It also integrates with a number of document management systems such as Laserfiche and Worldox. The other option Attach Plus offers is the ability to compress (ZIP) a file, apply 256 bit encryption, password protect the file (or files) and e-mail them as an attachment with a minimum of fuss. PAGEBREAK

When I've tried Attach Plus in the past, it has generally worked as promised, however the challenge of creating passwords and supplying them to recipients remains. If you want to communicate passwords over the phone, the process can be tedious. You can limit this problem by supplying each client with a permanent password, but if you create it, they are going to write it down, so it may be compromised. If you let them create it, you have to contact them first. If you do allow clients to supply the password they use, best practices dictate that they update the password from time to time, which does tend to create an administrative load most advisors would rather avoid.

blog comments powered by Disqus
Upcoming Events
Conferences
Webinars

©2014 Morningstar Advisor. All right reserved.