Archive | Software RSS feed for this section

Schwab reveals Intelligent Integration website

Posted on September 5, 2011 by in Software

Over the weekend, Schwab revealed a new website featuring details of its Intelligent Integration solutions for financial advisers.

Schwab Intelligent Technologies website

Schwab Intelligent Technologies website

The new site, published by Schwab Intelligent Technologies, a new subsidiary of The Charles Schwab Corporation, offers advisers a glimpse of what the company hopes to accomplish with the Schwab OpenView Gateway™ solution.

Website visitors can view a brief demo video of the Intelligent Integration vision, read a FAQ, and see the list of third-party integration providers.

Junxure Refreshes Website, Updates Timing of Cloud-based Product

Posted on August 24, 2011 by in Software

In a press release today, CRM Software Inc., the makers of Junxure, announced its new website design, highlighting an increased emphasis on practice management consulting in addition to their desktop CRM offering.

Click here to view the press release (PDF).

The company also updated its timeframe regarding the release of the cloud version of its CRM, called Junxure Essentials. The company expects to release Junxure Essentials in Q4 of 2012. Most in the industry, myself included, anticipated a release in Q1 2012.

Click the image below to view the updated Junxure website.

Junxure

FPA and ActiFi Publish Document Management Software Technology Report

Posted on June 21, 2011 by in Software

In the latest edition of their technology report series, FPA and ActiFi today released the “FPA-ActiFi Adviser Technology Reports: Document Management Edition” highlighting eight different software solutions available to advisers. Solutions reviewed include the following:

  • CNG-Safe (CabinetNG)
  • Docupace
  • eFileCabinet
  • Grendel
  • Laserfiche
  • NetDocuments
  • Solution 360° (Interactive Advisory Software)
  • Worldox (Trumpet)

I had the privilege of contributing to this report and wrote the introductory notes on the advent of document management and the benefits of using mature document management systems.

Like all FPA-ActiFi technology reports, FPA members have free access to the comprehensive research. The report is also available for purchase by non-members for $495 through the FPA Research Center.

Bug Affects Dropbox Security: What Advisers Need To Know

Posted on June 21, 2011 by in Compliance, Software, Technology

Just last week I wrote a post addressing Dropbox and its use by financial advisers. It’s worth reading, but the summary is:

  • If you are regulated by FINRA, don’t use Dropbox (or any web-based service where you place client information) without the approval of your broker-dealer’s compliance department. Even after approval, document what your policies and procedures are to keep client information safe.
  • If you are regulated by the SEC or state as a registered investment adviser, document the steps you take to protect the security and confidentiality of customer information placed on web-based services such as Dropbox. You may optionally apply your own encryption to files saved in Dropbox to better protect them from unauthorized access.

So what happened over the weekend?

During system maintenance on Sunday, June 19, Dropbox introduced a bug into its authentication mechanism. Click here to read Dropbox’s explanation of the issue.

In summary, for a period of about four hours, correct passwords were not needed to log in and access Dropbox accounts. All that was required was a valid email address associated with an active account.

Make no mistake, this is a serious security issue.

Anyone who might have guessed an adviser’s email address (or even look it up on the adviser’s website) which happens to be used for a Dropbox account storing client files would have been able to access, view, download, et. al. those files without needing a valid password.

However, for advisers who encrypt or otherwise protect documents stored on Dropbox with access passwords, unauthorized access to the Dropbox account would not have yielded access to the contents of the files; only the file names would be visible (for password-protected documents).

The security lapse should never have happened, but it did. I said last week that adding an extra layer of security and/or encryption was optional. I feel I must be more specific in my recommendation of Dropbox.

If you choose to use Dropbox to store and share documents with client information, encrypt and/or password protect those documents prior to placing them in Dropbox.

Yes, this extra security makes sharing documents a bit more convoluted, as clients with whom you share files must remember the password required to access documents. But consider the alternative without the use of the extra layer of security in Sunday’s scenario.

And really, you shouldn’t have to apply your own security, but Dropbox isn’t touting their service for the enterprise market or regulated industries like financial services. They’re first and foremost a company providing a product for consumers. Should you choose to use Dropbox for client documents, take the necessary steps to better protect client information from unauthorized access.

Also, consider alternatives to Dropbox such as SugarSync, Carbonite, Egnyte, Wuala, and more. They’re worth investigating and performing your own due diligence.

Laserfiche Mobile for iPhone Now Available in Apple App Store

Posted on June 17, 2011 by in Software, Technology

Just a quick FYI for those of you who use Laserfiche for your document management system.

The Laserfiche app for iPhone is now available for download in the Apple App Store.

Most document management systems have a web access component allowing documents to be viewed through a standard web browser. But Laserfiche is the first among document management providers to financial advisers to publish a dedicated app for a mobile device.

Some key features in the mobile app include:

  • Search across all documents in the Laserfiche repository
  • Search just for text in a document, document names, document field information (i.e. metadata), or any combination of the three.
  • Add a document to Laserfiche using the iPhone camera or by uploading an image from the device’s photo library.

After playing around with the demo repository, the app is fairly quick in its search function across included documents, though the demo repository is not terribly large.

Document previews are available for Microsoft Word documents by simply tapping on the document listing. To view PDF files, one must first swipe across the filename, then tap a document icon to open the export menu, then select either “Send as e-mail” or “View electronic document.” Once the PDF is downloaded, it can be exported to other apps compatible with PDF files, including iBooks, Goodreader, Dropbox, and more.

Nevertheless, I found the PDF preview process quite convoluted. It takes one swipe and three taps to view the file. Given the popularity of PDF files in a paperless office, this user interface in the Laserfiche app deserves to be simplified.

I like what I see in this app, but here are some enhancements I’d like to see in the near future:

  • iPad compatibility to take advantage of the significantly larger screen
  • Ability to limit or exclude searches in repositories. For example, I just want to see all documents matching “1040” in my client John Smith’s folder
  • Keyword search option while viewing supported files so users can find words and phrases inside a document. Today users can only perform keyword searches from the main search window.
  • An app passcode upon launching. Client files contain sensitive information, so should an iPhone be lost or compromised, it would be nice to require one additional passcode (in addition to the master device passcode) to be entered when subsequently launching the app.

Are you a Laserfiche user? Do you think you’ll make use of the new iPhone app? Why or why not?

Dropbox for Financial Advisers: Is it Safe? Secure?

Posted on June 15, 2011 by in Compliance, Software, Technology

Update 6/21/2011: A bug affected Dropbox’s password authentication mechanism on June 19. Read my follow up post on what advisers need to know about the compromised security.

Financial advisers want to know: is Dropbox, the simple and convenient file storage service, safe and secure? The answer to that question may not be so clear.

Is Dropbox safe and secure?

Can I store and share client documents on Dropbox?

I get asked these questions about Dropbox, a simple and convenient file storage service based in the cloud, quite often at conferences and while consulting with financial advisers.

I’ve discussed Dropbox several times on FPPad (see The iPad for Financial Advisers and Wealth Managers, A Real Life Example of Productivity Tips in Action, and Dropbox Featured in Forbes; Tools Should “Just Work”), but have not specifically addressed security characteristics of the service as they apply to financial advisers and registered representatives.

Frankly, Dropbox’s security attributes of have been a moving target as of late. That’s not necessarily a bad thing for the wildly-popular service, used by more than 25 million people, but it is important that advisers take a close look at how Dropbox communicates regarding its security.

Is It Secure?

I won’t rehash the details of recent controversy over Dropbox’s changes to its statements on security here, but I do want to direct you to a resource that I feel fairly addresses the situation.

Over at TechRepublic, IT consultant Michael Kassner posted an interview with ChenLi Wang of Dropbox’s Business Operations. Read Kassner’s post to gain perspective on Dropbox’s changes to its security statements and how they apply to its users. Click the link below to read it first, then come back and continue reading this post.

TechRepublic: Dropbox: Convenient? Absolutely, but is it secure?

Security Discussion

Flickr: Grey Wind

Now that you have some background on the issue, let’s address security from the financial adviser’s perspective.

Without question, financial advisers collect and maintain personally identifiable information (PII) on clients in order to deliver financial advisory services. Both FINRA and the SEC have requirements in place that FINRA member firms and registered advisers must follow. SEC Regulation S-P, Privacy of Consumer Financial Information, is the primary rule by which advisers must abide to address the protection of client information and records.

With respect to Dropbox, what must advisers do to abide by the requirements?

If you operate under FINRA, you must first ask your broker-dealer’s compliance department what your options are when considering the use of cloud-based applications, including Dropbox. It’s likely your broker-dealer has performed due diligence on a select number of providers which likely include vendors of cloud-based CRM, portfolio management software, financial planning, and document management applications.

Empirically, some broker-dealers have approved the use of services like Dropbox for their registered representatives, while others prohibit its use. So I cannot provide specific guidance for those of you affiliated with a broker-dealer; check with them first.

If you are an SEC or state-registered investment adviser, you must have written policies and procedures in place that address the steps you follow to protect client information. If you elect to use Dropbox, document the steps you take that are designed to (taken directly from Reg S-P):

(i) insure the security and confidentiality of customer records and information;

(ii) protect against any anticipated threats or hazards to the security or integrity of customer records and information; and

(iii) protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer.

From Kassner’s post highlighted earlier, Dropbox acknowledges that, in “rare circumstances,” a “small number of employees” are able to access user data according to the provisions in Dropbox’s privacy policy (e.g., when legally required to do so). Aside from the rare circumstances, Dropbox’s Wang went on to say:

We have strict policy and technical access controls that prohibit employee access except in these rare circumstances. In addition, we employ a number of physical and electronic security measures to protect user information from unauthorized access.

So let me challenge you, the adviser, with this question: What steps do you have in place to insure the security of client information stored on other web-based services? Have you performed similar due diligence on your CRM provider, online financial planning software, or even your online e-newsletter service? If you feel those services adequately protect the security of client information, how does that align with your confidence in Dropbox’s ability to provide similar protection?

Encryption

Before concluding this post, let’s briefly address the option of using additional encryption. To better protect client information, records can be encrypted using third-party applications before they’re transferred to web-based services like Dropbox (though I know of no methods advisers can use to encrypt client data stored in, say, web-based CRM. Does that make it more vulnerable?).

Remember, Dropbox stated, “all files stored on Dropbox servers are encrypted (AES 256).” Is it necessary to add yet another layer of encryption to files stored on Dropbox? Perhaps. If additional encryption is applied to documents stored on Dropbox, even if the “small number” of Dropbox employees access files legally under “rare circumstances,” all they will see are encrypted files with no meaningful data.

So, yes, the use of third-party encryption such as TrueCrypt, SecretSync, and others mentioned in Kassner’s post, does add an additional layer of obfuscation to protect against information access by Dropbox employees. But does that mean it is required to comply with regulatory requirements?

I believe the answer is no.

Files are already stored encrypted on Dropbox. There’s a reasonable expectation that the files will remain protected from unauthorized access. Assuming select Dropbox employees do access stored files, citing the legal requirement to do so, that access is likely to be authorized, as it is in response to a request from law enforcement. If this were to happen to you, you probably would have more to be concerned about than Dropbox decrypting your files and providing them to law enforcement.

Best Practices

Let me close with what I believe to be best practices for the use of cloud-based storage services, including Dropbox.

If you’re a FINRA member, check with your broker-dealer’s compliance department before using any web-based service. Obtain approval before storing any client information on such services. Also, document your policies and procedures regarding the steps you take to protect client data when using web-based applications.

If you’re an independent registered investment adviser, document the policies and procedures you employ to protect client data when using any web-based service. For added protection, you may optionally apply third-party encryption where applicable, but I believe it is not a requirement to comply with SEC Regulation S-P rules.

Do you have practical information with respect to these best practices? Perhaps your broker-dealer has raised issues on web-based services that are not included here. Please leave comments and feedback below to help clarify what advisers need to do to protect client data stored in cloud-based services.

 

Full Disclosure: I use Dropbox every day; it significantly simplifies my life. I store both personal and company files on the service. However, I am neither SEC or state-registered nor am I a FINRA member.

For those files that contain private or sensitive information, like social security numbers and bank account numbers, I add individual file password protection. All of these files are in PDF format, so I use Adobe Acrobat to encrypt all document contents with 256-bit AES and require a password to open the document.

Even Adobe PDF document passwords are not a 100% guarantee against unauthorized access. No password-based security system is. But with a combination of mixed case, numbers, and punctuation, the time required to apply a brute-force attack to crack the password may deter unauthorized users from an attempt, and instead seek out more vulnerable targets for an attack. I feel that this level of protection is adequate for my personal situation and acknowledge that the benefits of using web-based services like Dropbox are compelling enough to accept the risk trade-off. Your situation may dictate different considerations.

 

Redtail Adds Mobile Assistant Integration to Transcribe Notes into CRM

Posted on May 10, 2011 by in Software

We’re back in our Dallas headquarters, but not for long.

See Bill next week at NAPFA National 2011, then two weeks later at FPA NorCal. If you heard the great feedback about Bill’s session Cultivating Clients in a Connected World at last week’s FPA Retreat, you have a chance to see the session live at FPA NorCal!

Now on with the technology updates.

Redtail Technology, providers of the popular web-based CRM, just announced an integration with Mobile Assistant. This integration allows advisers to use a transcription service to automatically update client records in their Redtail CRM system.

Advisers should have no more excuses about not having time to update records after a client phone call or meeting. Just call up your Mobile Assistant account, dictate your notes, and find them in Redtail the next day.

For all the details on the integration, click here to read the release notes on Redtail’s blog.

BeamYourScreen Releases Mikogo 4.0 Beta, Adds New Features

Posted on March 24, 2011 by in Software

A new version of a popular desktop screen-sharing software called Mikogo was released today by Germany-based BeamYourScreen.

Click here to learn the details on Mikogo Version 4.0 from the Mikogo blog.

Bill recognized Mikogo as the Best Client-Facing Technology for 2010 in his column for MorningstarAdvisor.com. Mikogo is a free application advisers can use to conduct desktop screen-sharing sessions with clients when face-to-face meetings are inconvenient or impractical.

Version 4.0 is being released as an open beta, meaning the software is robust enough to be used by a large community, but periodically there may be minor issues that affect performance or usability. We invite you to download and try the latest version to see how you can engage more and more of your distant clients using simple screen-sharing meetings.

Do you have other screen-sharing applications you prefer, such as GoToMeeting, WebEx, Adobe Connect, or even Skype? Let us know by dropping a comment below and tell us how well it works (or doesn’t) in your practice.